IT Security Weekend Catch Up – May 12, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

  1. OUCH! Security Awareness Newsletter: What is GDPR? (PDF)
  2. Russia blocks 50 VPNs & anonymizers in Telegram crackdown
  3. Democrats release 3,500 Russia-linked Facebook ads
  4. Facebook accused of introducing extremists to one another through ‘suggested friends’ feature
  5. Unknown face of WikiLeaks and its founder
  6. Domain fronting is critical to the open web
  7. ECB publishes European framework for testing financial sector resilience to cyber attacks
  8. US extradites Romanian hackers charged with vishing, smishing
  9. Copenhagen city’s bicycle sharing system hacked; 1,800 bikes affected
  10. Russian hackers posed as IS to threaten military wives
  11. Pentagon tells U.S. military bases to stop selling ZTE, Huawei phones
  12. Criminals used a drone swarm to disrupt an FBI hostage rescue
  13. The group Sandworm infiltrated two power companies in Germany
  14. Welsh police wrongly identify thousands as potential criminals
  15. 26% of companies ignore security bugs because they don’t have the time to fix them
  16. HTTPS: why the green padlock is not enough
  17. Google broke up a Vietnamese con scheme
  18. Phishing risks in Gmail’s new “confidential mode”
  19. Students who get good grades have better passwords

For the more technical

  1. Root cause analysis of the latest Internet Explorer zero day – CVE-2018-8174additional information
  2. Microsoft May 2018 Patch Tuesday
  3. Office 365 zero-day used in real-world phishing campaigns
  4. Enhancing Office 365 Advanced Threat Protection
  5. Bypassing mitigations by attacking JIT server in Microsoft Edge
  6. Adobe Patch Tuesday is out with fixes for Flash Player, Creative Cloud, Connect
  7. Chrome 66 update patches critical security flaw
  8. POP SS/MOV SS vulnerability (PDF)
  9. Remote code execution vulnerability on LG smartphones
  10. Signal’s “disappearing messages” live on in macOS notifications
  11. OPC UA security analysis
  12. Rooting a Logitech Harmony Hub
  13. Abbott addresses life-threatening flaw in 350K cardiac devices
  14. MySQL Multi-Master Manager remote command injection vulnerability
  15. GPON exploit in the wild
  16. Backdoored Python library caught stealing SSH credentials
  17. A puzzling backdoor upload
  18. A critical security vulnerability in the popular PrestaShop e-commerce solution
  19. Are you sure the button you push really performs what you want it to do?
  20. Censys.io guide: discover SCADA and phishing sites
  21. Ctrl-Inject in console applications
  22. Exfiltrating data from isolated environments
  23. Siri, Alexa, and Google Assistant can be controlled by inaudible commands
  24. Throwhammer: Rowhammer attacks over the network and defenses (PDF)
  25. GandCrab ransomware breaks Windows 7 systems + technical description
  26. Gandcrab ransomware walks its way onto compromised sites
  27. TreasureHunter point-of-sale malware and builder source code leaked
  28. Evasive malware hits French corporations
  29. Nigelthorn malware abuses Chrome extensions to cryptomine and steal data
  30. JavaScript Coinhive in Excel
  31. Bitcoin wallet app caught stealing seed keys
  32. Panda malware broadens targets to cryptocurrency exchanges and social media
  33. SilverTerrier – the next evolution in Nigerian cybercrime (PDF)
  34. Nigerian email scammers are more effective than ever
  35. Shoppers Stop tech scam draws from thousands of forced ad injections
  36. A deeper look inside the VBScripts distributed by Necurs
  37. Attack on KrebsOnSecurity cost IoT device owners $323K
  38. Iran’s hacker hierarchy exposed
  39. Wipers – destruction as a means to an end
  40. Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops
  41. [AUDIO] Security Conversations: nation-state attacks against critical infrastructure
  42. The trade in fraudulently obtained airline tickets
  43. Telegram: cyber crime’s channel of choice
  44. iOS 11.4 to disable USB port after 7 days
  45. The main challenges of iOS forensics
  46. OWASP Top 10 Proactive Controls 2018 (PDF)
  47. Introducing WebAuthn support for secure Dropbox sign in
  48. Yubico and Microsoft introduce passwordless login
  49. Using Kentik Detect to analyze and respond to BGP issues

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *