Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- How internet mercenaries do battle for authoritarian governments
- Bezos investigation finds the Saudis obtained his private data
- Michael Cohen warrants show how the FBI can unlock your phone and track your movements
- Security researcher pleads guilty to hacking into Microsoft and Nintendo
- Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
- Grugq illuminates influence operations
- Years of Mark Zuckerberg's old Facebook posts have vanished
- Police and FACT raids target “£3 Million” pirate TV operation
- The hacker code: Don't listen to the experts
- Celebrating 30 years in cybersecurity
- Towards better vendor security assessments
- Casino Screwup Royale: A tale of “ethical hacking” gone awry
- Firefox Lockbox: Android-App mit Adjust-Tracker
For the more technical
- VMware ESXi, Workstation and Fusion updates address multiple security issues
- Critical RCE bug in Cisco WebEx browser extensions faces ‘ongoing exploitation’
- Cisco RV320 command injection + unauthenticated configuration export + unauthenticated diagnostic data retrieval
- WinRAR zero-day abused in multiple campaigns
- Unpatched zero-days in Microsoft Edge and IE browsers disclosed publicly
- CVE-2019-0192: Mitigating unsecure deserialization in Apache Solr
- Google Groups authorization bypass / $500 bounty
- SQL injection in Magento core + technical description
- Hackers abuse Magento PayPal integration to test validity of stolen credit cards
- Researchers find 36 new security flaws in LTE protocol (PDF)
- Researchers discover and abuse new undocumented feature in Intel chipsets (PDF)
- How Microsoft found a Huawei driver that opened systems to attack + more information
- What a second flaw in Switzerland’s sVote means for NSW’s iVote
- French gas stations robbed after forgetting to change gas pump PINs
- F-35 far from ready to face current or future threats, testing data shows
- Threat landscape for industrial automation systems. H2 2018
- Inside the ASUS supply chain attack
- Unleash the hash - ShadowHammer MAC address list
- Android security & privacy year in review 2018
- Android ecosystem of pre-installed apps is a privacy and security mess
- Researchers find Google Play Store apps were actually government malware
- Exodus: New Android spyware made in Italy
- Bots and botnets in 2018
- PsiXBot: The evolution of a modular .NET bot
- The document that eluded AppLocker and AMSI
- Lucky Elephant campaign masquerading
- Trickbot: Technical analysis of a banking trojan malware
- Emotet update: New C2 communication followed by new infection chain
- Emotet-distributed ransomware loader for Nozelesn found via managed detection and response
- Unnam3d ransomware locks files in protected archives, demands gift cards
- Halting the Lockergoga ransomware
- Cryptocurrency businesses still being targeted by Lazarus
- Scanbox watering hole targets Pakistani and Tibetan government website visitors
- Elfin: Relentless espionage group targets multiple organizations in Saudi Arabia and U.S.
- New steps to protect customers from hacking
- Commando VM: The first of its kind Windows offensive distribution
- Keybase is not softer than TOFU
- Gmail's end-to-end encryption project is dead
- Powerful script to delete full Discord message history
- Deconstructing Apple Card: A hacker’s perspective
- Finding the real origin IPs hiding behind CloudFlare or Tor
- Hackle - search engine for hackers and security professionals
- Pastebin dump collection + OSINT bot identifying potential leaks on paste sites
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments