Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Police arrest Nigerian doctor who hacks accounts of celebrities, buys exotic cars
- How North Korean hackers became the world’s greatest bank robbers
- The untold story of Japan’s secret spy agency
- 200 million sets of Japanese PII emerge on underground forums
- Twitter’s spam detection tools
- Facebook accused of conducting mass surveillance through its apps
- Losses from BEC scams rising fast and furious
- Mexico: Cybercriminals steal at least 400 million pesos through unauthorized transfers
- About $1.2 billion in cryptocurrency stolen since 2017
- Russian police arrest man involved in Android banking trojan scheme
- Call center fraudsters
- So you want to be a web security researcher?
- Potential spy devices which track cellphones, intercept calls found all over D.C., Md., Va.
- U.S. government can’t get controversial Kaspersky Lab software off its networks
- Who’s afraid of Kaspersky?
For the more technical
- $36k Google App Engine RCE
- Analysis and mitigation of speculative store bypass (Spectre V4) + additional information + exploit
- CVE-2018-8174 blows the VBScript attack door wide open
- Breakdown of the EFAIL email vulnerabilities
- In Apple Mail, there’s no protecting PGP-encrypted messages
- Backdoors in D-Link’s backyard
- Teen phone monitoring app leaked thousands of user passwords
- Two vulnerabilities patched in BIND DNS software
- Which devices could be affected by TR-064 / TR-069 vulnerabilities
- Critical flaws patched in Phoenix Contact industrial switches + more information
- Serious vulnerability fixed in PACSystems industrial controllers
- Flaw in Schneider PLC programming tool allows remote attacks
- Pet trackers open to MITM attacks
- Experimental security assessment of BMW cars (PDF)
- SEVered: Subverting AMD’s virtual machine encryption (PDF)
- Z-Shave attack could impact over 100 million IoT devices
- New VPNFilter malware targets at least 500K networking devices worldwide + additional information
- FBI seizes control of Russian botnet + more information
- Malware analysis: decoding Emotet
- Overview about a typical bank trojan (PDF)
- Malware distributed via .slk files
- Cybersecurity threats facing the financial sector
- Android devices ship with pre-installed malware
- A classic antivirus can be easily evaded with simple obfuscation
- Malicious Edge and Chrome extension used to deliver backdoor
- Roaming Mantis dabbles in mining and phishing multilingually
- Trisis masterminds have expanded operations to target U.S. industrial firms + more information
- Mythic Leopard uses social engineering to target Indian military and defense entities
- Confucius update: New tools and techniques, further connections with Patchwork
- Turla Mosquito: A shift towards more generic tools
- Bitcoin Gold hit by double spend attack, exchanges lose millions
- Cryptomining through disguised URL shorteners
- A story of poor backend security in midst of scandals and new regulations
- Phishing email ironically provides a list of scammers you should avoid
- The curious case of encrypted URL parameters
- Compromising thousands of websites through a CDN
- An analysis of Cloudflare’s email address obfuscation
- mquery – fast Yara queries for malware analysts
- GitBucket 4.23.1 Unauthenticated Remote Code Execution
- YubiKey comes to the iPhone with Mobile SDK for iOS and LastPass support
- Keeping 2 billion Android devices safe with machine learning
- Adding transparency and context into industry AV test results
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – May 27, 2018”