Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- Russian spies hacked the Olympics and tried to pin it on North Korea
- Gang violence continues at Brazil prison
- 850 pounds of cocaine seized at Russian embassy in Buenos Aires
- Apple moves iCloud data for Chinese users to China
- $20 trillion Bitcoin grab in cryptocurrency exchange glitch
- Getting product security engineering right
- Cellebrite claims it can unlock any iPhone
- The impacts of zero-day attacks
- Google updates “right to be forgotten” transparency report
- Bot Roundup: Avalanche, Kronos, NanoCore
- Over 50% of consumers cannot distinguish real apps from fake apps
- Inmates ran a child porn network in prison
- Hacker returns $26 million in Ethereum stolen from CoinDash
- Setting up bug bounties for success
- Against Hack Porn
- German government under cyber attack
- Tony Soprano of Cybercrime Snitches on Russian Hacker
For the more technical
- Financial Cyberthreats in 2017
- PayPal issue allows disclosure of account balance and recent transactions
- Rig Exploit Kit has gone through significant changes
- Rig malvertising campaign uses cryptocurrency theme as decoy
- Industrial cybersecurity threat landscape
- Private browsing gets more private
- Recently patched Flash vulnerability spotted in massive malspam campaign
- YubiKey full disk encryption
- Guide to using YubiKey as a SmartCard for GPG and SSH
- Chrome lets hackers phish Yubikey users
- Retrieving malware over Tor on Windows
- Oracle server vulnerability exploited to deliver cryptocurrency miners
- XMRig: father Zeus of cryptocurrency mining malware
- Over 40% of online login attempts are made by bots
- 2844 new data breaches added to Have I Been Pwned
- Using Cloudflare Workers to identify pwned passwords
- Cracking Active Directory passwords
- SAML vulnerability lets attackers log in as other users + more information
- Mailchimp continues to be abused delivering Gootkit banking trojan
- Memcached servers abused for DDoS attacks + additional information
- Financial cyber threat sharing group phished
- Bug in HP remote management tool
- Extensive analysis of FinFisher spyware
- The Lazarus Group may be in play again
- That little click could be sending your browser to the mines
- The NanoCore RAT has resurfaced from the sewers
- How hackers bypassed an Adobe Flash protection mechanism
- Wave of attacks targeting Google G Suite
- Cryptocurrency scams on Android (PDF)
- How to break a smart home
- Sophisticated RedDrop malware targets Android phones
- Remotely Exploitable Flaws Patched in DHCP
- Olympic Destroyer lineup of suspects
- Analysis of the Alexa Top 1M Sites
- Iran-based hacking group expanding operations in Middle East
- VMware exploitation through uninitialized buffers
- CannibalRAT targets Brazil
- Escaping the sandbox by misleading bluetoothd
- CERT/CC website has vanished with no warning
- Fake IonCube malware found in the wild
- GandCrab ransomware decryption tool
- The new version of Bettercap
- Analysis of the security risks of Android VPN permission-enabled apps (PDF)
- Honeytrap – opensource system for running, monitoring and managing honeypots
- Analyzing the nasty .NET protection of the Ploutus.D malware
- Privilege escalation in 2.3m WooCommerce shops
- Steal funds from TenX users
- Facebook flaw exposed page administrators
- Dissecting Hancitor’s latest packer
- Domain generation algorithm allows scripts to bypass ad blockers
- The bitcoins that never were
- Dragos Year in Review 2017
- Parasiting web server process with webshells in permissive environments
- SIGINT summaries update: covernames for CSE, GCHQ, and GCSB
- Remote code execution affecting various Pivotal Spring projects
- Virut delivered with Chinese DDoS bot
- SgxPectre Attacks (PDF)
- Sofacy attacks multiple government entities
- Hijacking a smart guitar amp
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 4, 2018”