Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- The dark web’s favorite currency is less untraceable than it seems
- [AUDIO] Why Russia “hacks” elections: a spy’s-eye view
- Brute force attack known as password spraying against organizations in the United States
- Mastermind behind EUR 1 billion cyber bank robbery arrested in Spain
- Boeing possibly hit by ‘WannaCry’ malware attack
- Improving credential abuse threat mitigation
- The hilarious ways algorithms have outsmarted their creators
- Working towards a more diverse future in security
For the more technical
- Brian Krebs report on Coinhive
- Angry users donate $120k to cancer research after Brian Krebs’ Coinhive article
- [VIDEO] Tracing stolen bitcoin + PDF
- Hackers are using a 5-year-old vulnerability to mine Monero
- How machine learning detects cryptocurrency-mining malware
- Monero-mining HiddenMiner Android malware can potentially cause device failure
- Microsoft’s Meltdown patch created an even bigger flaw
- Vulnerabilities in Siemens’ building technologies products (PDF)
- Serious vulnerability identified in Beckhoff TwinCAT PLC software solution
- Multiple vulnerabilities identified in the Modicon family of industrial controllers
- Cisco addresses critical remote code execution flaws in IOS XE operating system
- One hash to rule them all: drupalgeddon2 + additional information
- The top 10 vulnerabilities used by cybercriminals
- Apache Struts 2 vulnerability
- Intel CPUs vulnerable to new ‘BranchScope’ attack + PDF
- VPN leaks users’ IPs via WebRTC
- Grindr security flaw exposes users’ location data
- Life cycle of a web app 0day
- From hacked client to 0day discovery
- Arbitrary files upload in Amazon Go
- Side-channel information leakage in mobile applications
- Omitting the “o” in .com could be costly
- Suspicious likes lead to researcher lighting up a 22,000-strong botnet on Twitter
- Taking down Gooligan – part 1, 2 & 3
- An analysis of 24 hours of Internet attacks using honeypots (PDF)
- Threat landscape for industrial automation systems in H2 2017
- Overview of MuddyWater
- Lazarus group targets more cryptocurrency exchanges and FinTech companies
- ChessMaster adds updated tools to its arsenal
- GoScanSSH malware targets SSH servers
- The number of new malware types continued rising
- An in-depth malware analysis of QuantLoader
- Panda Banker zeros in on Japanese targets
- In-depth Formbook malware analysis
- Fauxpersky malware poses as Kaspersky antivirus
- Windows IRC bot in the wild
- Pingu Cleans Up: subscription scam on Google Play
- A document that could (supposedly) only be read with Office Professional
- Portable Executable File corruption preventing malware from running
- Getting to know Cloud Armor – defense at scale for internet-facing services
- The last Windows XP security white paper
- What’s broken in iOS for iPhone X
- Qubes OS 4.0 has been released
- LKRG 0.2 was just released
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – March 30, 2018”