Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Newsletter: A career in cybersecurity (PDF)
- Google’s web security researcher Krzysztof Kotowicz: Insecure coding is the default
- Google thought my phone number was Facebook’s and it ruined my life
- Facebook algorithms make it harder to catch extremists
- What’s behind the Wolters Kluwer tax outage?
- Amazon hit by extensive fraud with hackers siphoning merchant funds
- Nine charged in alleged SIM swapping ring + more information
- Binance security breach update
- Cryptocurrency laundering as a service: members of a criminal organisation arrested in Spain
- Dutch cops take largest dark web coffeeshop offline
- Coffee, poker and weed entrepreneurs—meet the Israelis accused of being $15 million dark web drug shills
- U.S. cyberwar strategy stokes fear of blowback
- What Israel’s strike on Hamas hackers means for cyberwar
- Inside China’s massive surveillance operation
- Putin signs law to create an independent Russian internet
- Plan to secure internet of things with new law
- DuckDuckGo wrote a bill to stop advertisers from tracking you online
- German justice minister takes aim at Amazon over Alexa
- Microsoft recommends using a separate device for administrative tasks
For the more technical
- Remote code execution bug in SQLite
- Google AdWords exploit seen in the wild
- Multiple bugs in several Jenkins plugins
- Vulnerable Apache Jenkins exploited in the wild
- New Intel firmware boot verification bypass enables low-level backdoors
- Cronjob backdoors
- Confluence vulnerability exploited to deliver cryptocurrency miner with rootkit
- Cybercriminals competing for cryptocurrency mining foothold
- Microsoft SharePoint servers are under attack
- Matrix.org: Post-mortem and remediations for Apr 11 security incident
- BadWPAD and wpad.pl / wpadblocking.com case (part 2)
- Malicious DLL execution using Apple’s APSDaemon.exe signed binary
- Ongoing credit card data leak
- Mirrorthief group uses Magecart skimming attack to hit hundreds of campus online stores
- FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
- Hacker takes over 29 IoT botnets + interview
- A hacker is wiping Git repositories and asking for a ransom
- Samsung spilled SmartThings app source code and secret keys
- LockerGoga ransomware family used in targeted attacks
- GandCrab’s new evasive infection chain
- Severe ransomware attacks against Swiss SMEs
- Dharma ransomware uses AV tool to distract from malicious activities
- A free decrypter for ZQ ransomware
- A free decrypter for MegaLocker ransomware
- Hackers selling access and source code from antivirus companies + more information
- Turla LightNeuron: An email too far
- Iranian nation-state APT groups – “black box” leak
- NSA hacking tools used by Chinese hackers one year before leak
- SilverTerrier – 2018 Nigerian Business Email Compromise
- 2019 Data Breach Investigations Report
- HITBSecConf2019 – materials
- Researchers are liberating thousands of pages of forgotten hacking history from the government
- The DPR, in the Tor Hidden Service, with the Bitcoins
- ‘Unhackable’ encrypted flash drive eyeDisk is, as it happens, hackable
- Throwing 500 vm’s at your fuzzing target being an individual security researcher
- Mastering NSA’s Ghidra reverse engineering tool (PDF)
- Experts doubt Russian claims that cryptographic flaw was a coincidence
- Android security: Queue the hardening enhancements
- What’s new in Android Q security
- Google Chrome to support same-site cookies, get anti-fingerprinting protection
- Mozilla bans Firefox add-ons with obfuscated code
- Staying anonymous on Wire
- Duplicati 2.0 – free backup software to store encrypted backups online
- Private search engines – the ultimate guide
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – May 12, 2019”