Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- How internet mercenaries do battle for authoritarian governments
- Bezos investigation finds the Saudis obtained his private data
- Michael Cohen warrants show how the FBI can unlock your phone and track your movements
- Security researcher pleads guilty to hacking into Microsoft and Nintendo
- Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
- [AUDIO] Grugq illuminates influence operations
- Years of Mark Zuckerberg’s old Facebook posts have vanished
- Police and FACT raids target “£3 Million” pirate TV operation
- The hacker code: Don’t listen to the experts
- Celebrating 30 years in cybersecurity
- Towards better vendor security assessments
- Casino Screwup Royale: A tale of “ethical hacking” gone awry
- [DE] Firefox Lockbox: Android-App mit Adjust-Tracker
For the more technical
- VMware ESXi, Workstation and Fusion updates address multiple security issues
- Critical RCE bug in Cisco WebEx browser extensions faces ‘ongoing exploitation’
- Cisco RV320 command injection + unauthenticated configuration export + unauthenticated diagnostic data retrieval
- WinRAR zero-day abused in multiple campaigns
- Unpatched zero-days in Microsoft Edge and IE browsers disclosed publicly
- CVE-2019-0192: Mitigating unsecure deserialization in Apache Solr
- Google Groups authorization bypass / $500 bounty
- SQL injection in Magento core + technical description
- Hackers abuse Magento PayPal integration to test validity of stolen credit cards
- Researchers find 36 new security flaws in LTE protocol (PDF)
- Researchers discover and abuse new undocumented feature in Intel chipsets (PDF)
- How Microsoft found a Huawei driver that opened systems to attack + more information
- What a second flaw in Switzerland’s sVote means for NSW’s iVote
- French gas stations robbed after forgetting to change gas pump PINs
- F-35 far from ready to face current or future threats, testing data shows
- Threat landscape for industrial automation systems. H2 2018
- Inside the ASUS supply chain attack
- Unleash the hash – ShadowHammer MAC address list
- Android security & privacy year in review 2018
- Android ecosystem of pre-installed apps is a privacy and security mess
- Researchers find Google Play Store apps were actually government malware
- Exodus: New Android spyware made in Italy
- Bots and botnets in 2018
- PsiXBot: The evolution of a modular .NET bot
- The document that eluded AppLocker and AMSI
- Lucky Elephant campaign masquerading
- Trickbot: Technical analysis of a banking trojan malware
- Emotet update: New C2 communication followed by new infection chain
- Emotet-distributed ransomware loader for Nozelesn found via managed detection and response
- Unnam3d ransomware locks files in protected archives, demands gift cards
- Halting the Lockergoga ransomware
- Cryptocurrency businesses still being targeted by Lazarus
- Scanbox watering hole targets Pakistani and Tibetan government website visitors
- Elfin: Relentless espionage group targets multiple organizations in Saudi Arabia and U.S.
- New steps to protect customers from hacking
- Commando VM: The first of its kind Windows offensive distribution
- Keybase is not softer than TOFU
- Gmail’s end-to-end encryption project is dead
- Powerful script to delete full Discord message history
- Deconstructing Apple Card: A hacker’s perspective
- Finding the real origin IPs hiding behind CloudFlare or Tor
- Hackle – search engine for hackers and security professionals
- Pastebin dump collection + OSINT bot identifying potential leaks on paste sites
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 31, 2019”