IT Security Weekend Catch Up – March 8, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Looking for sponsors

Over 3 year of weekly delivery of fresh IT security news, thousands of links and happy readers. You can become part of IT Security Weekly Catch Up by becoming a sponsor. Interested? Get in touch at badcybercom[at] (and please, no VPNs/crypto/poker etc.)

For the less technical

  1. Facebook has a new tool to spot spammers, and it’s already taken down billions of accounts
  2. Black market white washing: Why you shouldn’t take legal advice from criminals
  3. Through apps, not warrants, ‘Locate X’ allows federal law enforcement to track phones
  4. How information on the coronavirus is managed on Chinese social media
  5. Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach
  6. Walgreens mobile app leaks prescription data
  7. Meet the white-hat group fighting Emotet, the world’s most dangerous malware
  8. Let’s Encrypt pushes back deadline to revoke some TLS certificates

For the more technical

  1. Intel CSME bug is worse than previously thought + more information
  2. Intel fixed 236 bugs in 2019 and only 5% (11 bugs) were CPU vulnerabilities (PDF)
  3. New AMD side channel attacks discovered, impacts Zen architecture
  4. Serious security flaws uncovered in Cacagoo IP cameras
  5. Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years
  6. Facebook OAuth framework vulnerability
  7. CVE-2019-1458: Going from ‘in the wild report’ to POC
  8. CVE-2020-8597: Buffer overflow vulnerability in Point-to-Point Protocol Daemon (pppd)
  9. SurfingAttack: Interactive hidden attack on voice assistants using ultrasonic guided wave
  10. How one person is exploiting your WiFi router
  11. Serverless (in)security
  12. FUSE: Finding file upload bugs via penetration testing (PDF)
  13. Trickbot delivery method gets a new upgrade focusing on Windows 10
  14. Nemty ransomware punishes victims by posting theirstolen data
  15. Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
  16. Malware Evasion Encyclopedia
  17. The worst mistakes in iOS forensics
  18. OWASP Threat Dragon – a free, open-source, cross-platform threat modeling application

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *