Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- OUCH! Security Awareness Newsletter: What is GDPR? (PDF)
- Russia blocks 50 VPNs & anonymizers in Telegram crackdown
- Democrats release 3,500 Russia-linked Facebook ads
- Facebook accused of introducing extremists to one another through ‘suggested friends’ feature
- Unknown face of WikiLeaks and its founder
- Domain fronting is critical to the open web
- ECB publishes European framework for testing financial sector resilience to cyber attacks
- US extradites Romanian hackers charged with vishing, smishing
- Copenhagen city’s bicycle sharing system hacked; 1,800 bikes affected
- Russian hackers posed as IS to threaten military wives
- Pentagon tells U.S. military bases to stop selling ZTE, Huawei phones
- Criminals used a drone swarm to disrupt an FBI hostage rescue
- The group Sandworm infiltrated two power companies in Germany
- Welsh police wrongly identify thousands as potential criminals
- 26% of companies ignore security bugs because they don’t have the time to fix them
- HTTPS: why the green padlock is not enough
- Google broke up a Vietnamese con scheme
- Phishing risks in Gmail’s new “confidential mode”
- Students who get good grades have better passwords
For the more technical
- Root cause analysis of the latest Internet Explorer zero day – CVE-2018-8174 + additional information
- Microsoft May 2018 Patch Tuesday
- Office 365 zero-day used in real-world phishing campaigns
- Enhancing Office 365 Advanced Threat Protection
- Bypassing mitigations by attacking JIT server in Microsoft Edge
- Adobe Patch Tuesday is out with fixes for Flash Player, Creative Cloud, Connect
- Chrome 66 update patches critical security flaw
- POP SS/MOV SS vulnerability (PDF)
- Remote code execution vulnerability on LG smartphones
- Signal’s “disappearing messages” live on in macOS notifications
- OPC UA security analysis
- Rooting a Logitech Harmony Hub
- Abbott addresses life-threatening flaw in 350K cardiac devices
- MySQL Multi-Master Manager remote command injection vulnerability
- GPON exploit in the wild
- Backdoored Python library caught stealing SSH credentials
- A puzzling backdoor upload
- A critical security vulnerability in the popular PrestaShop e-commerce solution
- Are you sure the button you push really performs what you want it to do?
- Censys.io guide: discover SCADA and phishing sites
- Ctrl-Inject in console applications
- Exfiltrating data from isolated environments
- Siri, Alexa, and Google Assistant can be controlled by inaudible commands
- Throwhammer: Rowhammer attacks over the network and defenses (PDF)
- GandCrab ransomware breaks Windows 7 systems + technical description
- Gandcrab ransomware walks its way onto compromised sites
- TreasureHunter point-of-sale malware and builder source code leaked
- Evasive malware hits French corporations
- Nigelthorn malware abuses Chrome extensions to cryptomine and steal data
- JavaScript Coinhive in Excel
- Bitcoin wallet app caught stealing seed keys
- Panda malware broadens targets to cryptocurrency exchanges and social media
- SilverTerrier – the next evolution in Nigerian cybercrime (PDF)
- Nigerian email scammers are more effective than ever
- Shoppers Stop tech scam draws from thousands of forced ad injections
- A deeper look inside the VBScripts distributed by Necurs
- Attack on KrebsOnSecurity cost IoT device owners $323K
- Iran’s hacker hierarchy exposed
- Wipers – destruction as a means to an end
- Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops
- [AUDIO] Security Conversations: nation-state attacks against critical infrastructure
- The trade in fraudulently obtained airline tickets
- Telegram: cyber crime’s channel of choice
- iOS 11.4 to disable USB port after 7 days
- The main challenges of iOS forensics
- OWASP Top 10 Proactive Controls 2018 (PDF)
- Introducing WebAuthn support for secure Dropbox sign in
- Yubico and Microsoft introduce passwordless login
- Using Kentik Detect to analyze and respond to BGP issues
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – May 12, 2018”