IT Security Weekend Catch Up – May 12, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

1. OUCH! Security Awareness Newsletter: What is GDPR? (PDF)
2. Russia blocks 50 VPNs & anonymizers in Telegram crackdown
3. Democrats release 3,500 Russia-linked Facebook ads
4. Facebook accused of introducing extremists to one another through ‘suggested friends’ feature
5. Unknown face of WikiLeaks and its founder
   
6. Domain fronting is critical to the open web
7. ECB publishes European framework for testing financial sector resilience to cyber attacks
8. US extradites Romanian hackers charged with vishing, smishing
9. Copenhagen city’s bicycle sharing system hacked; 1,800 bikes affected
10. Russian hackers posed as IS to threaten military wives
11. Pentagon tells U.S. military bases to stop selling ZTE, Huawei phones
12. Criminals used a drone swarm to disrupt an FBI hostage rescue
13. The group Sandworm infiltrated two power companies in Germany
14. Welsh police wrongly identify thousands as potential criminals
15. 26% of companies ignore security bugs because they don’t have the time to fix them
16. HTTPS: why the green padlock is not enough
17. Google broke up a Vietnamese con scheme
18. Phishing risks in Gmail’s new “confidential mode”
19. Students who get good grades have better passwords

For the more technical

1. Root cause analysis of the latest Internet Explorer zero day – CVE-2018-8174 + additional information
2. Microsoft May 2018 Patch Tuesday
3. Office 365 zero-day used in real-world phishing campaigns
4. Enhancing Office 365 Advanced Threat Protection
5. Bypassing mitigations by attacking JIT server in Microsoft Edge
6. Adobe Patch Tuesday is out with fixes for Flash Player, Creative Cloud, Connect
7. Chrome 66 update patches critical security flaw
8. POP SS/MOV SS vulnerability (PDF)
9. Remote code execution vulnerability on LG smartphones
10. Signal’s “disappearing messages” live on in macOS notifications
11. OPC UA security analysis
12. Rooting a Logitech Harmony Hub
13. Abbott addresses life-threatening flaw in 350K cardiac devices
14. MySQL Multi-Master Manager remote command injection vulnerability
15. GPON exploit in the wild
16. Backdoored Python library caught stealing SSH credentials
17. A puzzling backdoor upload
18. A critical security vulnerability in the popular PrestaShop e-commerce solution
19. Are you sure the button you push really performs what you want it to do?
20. Censys.io guide: discover SCADA and phishing sites
21. Ctrl-Inject in console applications
22. Exfiltrating data from isolated environments
23. Siri, Alexa, and Google Assistant can be controlled by inaudible commands
24. Throwhammer: Rowhammer attacks over the network and defenses (PDF)
25. GandCrab ransomware breaks Windows 7 systems + technical description
26. Gandcrab ransomware walks its way onto compromised sites
27. TreasureHunter point-of-sale malware and builder source code leaked
28. Evasive malware hits French corporations
29. Nigelthorn malware abuses Chrome extensions to cryptomine and steal data
30. JavaScript Coinhive in Excel
31. Bitcoin wallet app caught stealing seed keys
32. Panda malware broadens targets to cryptocurrency exchanges and social media
33. SilverTerrier – the next evolution in Nigerian cybercrime (PDF)
34. Nigerian email scammers are more effective than ever
35. Shoppers Stop tech scam draws from thousands of forced ad injections
36. A deeper look inside the VBScripts distributed by Necurs
37. Attack on KrebsOnSecurity cost IoT device owners $323K
38. Iran’s hacker hierarchy exposed
39. Wipers – destruction as a means to an end
40. Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops
41. [AUDIO] Security Conversations: nation-state attacks against critical infrastructure
42. The trade in fraudulently obtained airline tickets
43. Telegram: cyber crime’s channel of choice
44. iOS 11.4 to disable USB port after 7 days
45. The main challenges of iOS forensics
46. OWASP Top 10 Proactive Controls 2018 (PDF)
47. Introducing WebAuthn support for secure Dropbox sign in
48. Yubico and Microsoft introduce passwordless login
49. Using Kentik Detect to analyze and respond to BGP issues

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.