IT Security Weekend Catch Up – March 4, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

  1. Russian spies hacked the Olympics and tried to pin it on North Korea
  2. Gang violence continues at Brazil prison
  3. 850 pounds of cocaine seized at Russian embassy in Buenos Aires
  4. Apple moves iCloud data for Chinese users to China
  5. $20 trillion Bitcoin grab in cryptocurrency exchange glitch
  6. Getting product security engineering right
  7. Cellebrite claims it can unlock any iPhone
  8. The impacts of zero-day attacks
  9. Google updates “right to be forgotten” transparency report
  10. Bot Roundup: Avalanche, Kronos, NanoCore
  11. Over 50% of consumers cannot distinguish real apps from fake apps
  12. Inmates ran a child porn network in prison
  13. Hacker returns $26 million in Ethereum stolen from CoinDash
  14. Setting up bug bounties for success
  15. Against Hack Porn
  16. German government under cyber attack
  17. Tony Soprano of Cybercrime Snitches on Russian Hacker

For the more technical

  1. Financial Cyberthreats in 2017
  2. PayPal issue allows disclosure of account balance and recent transactions
  3. Rig Exploit Kit has gone through significant changes
  4. Rig malvertising campaign uses cryptocurrency theme as decoy
  5. Industrial cybersecurity threat landscape
  6. Private browsing gets more private
  7. Recently patched Flash vulnerability spotted in massive malspam campaign
  8. YubiKey full disk encryption
  9. Guide to using YubiKey as a SmartCard for GPG and SSH
  10. Chrome lets hackers phish Yubikey users
  11. Retrieving malware over Tor on Windows
  12. Oracle server vulnerability exploited to deliver cryptocurrency miners
  13. XMRig: father Zeus of cryptocurrency mining malware
  14. Over 40% of online login attempts are made by bots
  15. 2844 new data breaches added to Have I Been Pwned
  16. Using Cloudflare Workers to identify pwned passwords
  17. Cracking Active Directory passwords
  18. SAML vulnerability lets attackers log in as other usersmore information
  19. Mailchimp continues to be abused delivering Gootkit banking trojan
  20. Memcached servers abused for DDoS attacksadditional information
  21. Financial cyber threat sharing group phished
  22. Bug in HP remote management tool
  23. Extensive analysis of FinFisher spyware
  24. The Lazarus Group may be in play again
  25. That little click could be sending your browser to the mines
  26. The NanoCore RAT has resurfaced from the sewers
  27. How hackers bypassed an Adobe Flash protection mechanism
  28. Wave of attacks targeting Google G Suite
  29. Cryptocurrency scams on Android (PDF)
  30. How to break a smart home
  31. Sophisticated RedDrop malware targets Android phones
  32. Remotely Exploitable Flaws Patched in DHCP
  33. Siemens industrial solutions are affected by vulnerabilities in Intel ME, SPS and TXE technologies
  34. Olympic Destroyer lineup of suspects
  35. Analysis of the Alexa Top 1M Sites
  36. Iran-based hacking group expanding operations in Middle East
  37. VMware exploitation through uninitialized buffers
  38. CannibalRAT targets Brazil
  39. Escaping the sandbox by misleading bluetoothd
  40. CERT/CC website has vanished with no warning
  41. Fake IonCube malware found in the wild
  42. GandCrab ransomware decryption tool
  43. The new version of Bettercap
  44. Analysis of the security risks of Android VPN permission-enabled apps (PDF)
  45. Honeytrap – opensource system for running, monitoring and managing honeypots
  46. Analyzing the nasty .NET protection of the Ploutus.D malware
  47. Privilege escalation in 2.3m WooCommerce shops
  48. Steal funds from TenX users
  49. Facebook flaw exposed page administrators
  50. Dissecting Hancitor’s latest packer
  51. Domain generation algorithm allows scripts to bypass ad blockers
  52. The bitcoins that never were
  53. Dragos Year in Review 2017
  54. Parasiting web server process with webshells in permissive environments
  55. SIGINT summaries update: covernames for CSE, GCHQ, and GCSB
  56. Remote code execution affecting various Pivotal Spring projects
  57. Virut delivered with Chinese DDoS bot
  58. SgxPectre Attacks (PDF)
  59. Sofacy attacks multiple government entities
  60. Hijacking a smart guitar amp

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *