Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Facebook data on 3 million users exposed through personality quiz
- Russian troll farm hijacked American teen girls’ computers for likes
- Pakistan: human rights under surveillance
- When spies hack journalism
- U.S. identifies suspect in major leak of CIA hacking tools + additional information
- Vietnamese hackers trigger software trap after Australian sale of newspaper in Cambodia
- Serbia arrests FBI-sought cybercrime suspect
- Hacker publicly posts data stolen from government-linked cyberespionage group
- Police seize servers of bulletproof provider known for hosting malware ops
- Hacker breaches Securus, the company that helps cops track phones across the US
- US cell carriers are selling access to your real-time phone location data
- T-Mobile employee made unauthorized ‘SIM swap’ to steal Instagram account
- The mysterious heir of extreme travel
- How to spot a catfish candidate
- Google Photos auto-syncs when you connect to Wi-Fi
- Business email compromise incidents
- How organizations can best protect themselves against cyberattacks
- Thieves suck millions out of Mexican banks in transfer heist
For the more technical
- DHCP client script code execution vulnerability
- What makes the DynoRoot bug unique?
- Emails encrypted with OpenPGP, S/MIME vulnerable to new attacks (PDF)
- A new Spectre attack can even reveal firmware secrets
- Security flaw impacts Electron-based apps
- Signal-desktop HTML tag injection + variant 2
- Adobe releases critical security updates for Acrobat and Reader
- Double zero-day vulnerabilities fused into one
- CVE-2018-8174 and forcing Internet Explorer exploits
- Binary SMS – the old backdoor to your new thing
- Severe DoS flaw discovered in Siemens SIMATIC PLCs + additional information
- Multiple vulnerabilities closed in Advantech WebAccess
- DrayTek router zero-day under attack
- ZipperDown vulnerability may impact 10% of all iOS apps
- A police breathalyzer can produce incorrect breath test results
- Cryptocurrency mining malware found in Ubuntu Snap Store
- MEWKit: cryptotheft’s newest weapon (PDF)
- TeleGrab – grizzly attacks on secure messaging
- Malicious Powershell targeting UK bank customers
- SynAck targeted ransomware uses the Doppelgänging technique
- StalinLocker deletes your files unless you enter the right code
- A deep dive into RIG Exploit Kit delivering Grobios trojan + additional information
- IT threat evolution Q1 2018
- Malicious apps persistently appearing on Google Play and using Google icons
- The rise and fall of Scan4You (PDF)
- Hacking train passenger Wi-Fi
- New DDoS attack method demands a fresh approach to amplification assault mitigation
- Amplification DDoS in 2018
- Detecting and mitigating DoS and DDoS attacks on the cloud
- Taking over all domains of a TLD for just $150
- Hacking iLO – take a moment to secure your servers
- AWS CloudFront sub-domain hijack
- How Azure services are commonly breached
- Accessing Google account data without a password
- Introducing Team Foundation Server decryption tool
- reCAPTCHA v3 will detect if you’re human without annoying interactive challenges
- Detecting cloned cards at the ATM
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – May 19, 2018”