IT Security Weekend Catch Up – May 27, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Police arrest Nigerian doctor who hacks accounts of celebrities, buys exotic cars
  2. How North Korean hackers became the world’s greatest bank robbers
  3. The untold story of Japan’s secret spy agency
  4. 200 million sets of Japanese PII emerge on underground forums
  5. Twitter’s spam detection tools
  6. Facebook accused of conducting mass surveillance through its apps
  7. Losses from BEC scams rising fast and furious
  8. Mexico: Cybercriminals steal at least 400 million pesos through unauthorized transfers
  9. About $1.2 billion in cryptocurrency stolen since 2017
  10. Russian police arrest man involved in Android banking trojan scheme
  11. Call center fraudsters
  12. So you want to be a web security researcher?
  13. Potential spy devices which track cellphones, intercept calls found all over D.C., Md., Va.
  14. U.S. government can’t get controversial Kaspersky Lab software off its networks
  15. Who’s afraid of Kaspersky?

For the more technical

  1. $36k Google App Engine RCE
  2. Analysis and mitigation of speculative store bypass (Spectre V4) + additional information + exploit
  3. CVE-2018-8174 blows the VBScript attack door wide open
  4. Breakdown of the EFAIL email vulnerabilities
  5. In Apple Mail, there’s no protecting PGP-encrypted messages
  6. Backdoors in D-Link’s backyard
  7. Teen phone monitoring app leaked thousands of user passwords
  8. Two vulnerabilities patched in BIND DNS software
  9. Which devices could be affected by TR-064 / TR-069 vulnerabilities
  10. Critical flaws patched in Phoenix Contact industrial switchesmore information
  11. Serious vulnerability fixed in PACSystems industrial controllers
  12. Flaw in Schneider PLC programming tool allows remote attacks
  13. Pet trackers open to MITM attacks
  14. Experimental security assessment of BMW cars (PDF)
  15. SEVered: Subverting AMD’s virtual machine encryption (PDF)
  16. Z-Shave attack could impact over 100 million IoT devices
  17. New VPNFilter malware targets at least 500K networking devices worldwide + additional information
  18. FBI seizes control of Russian botnet + more information
  19. Malware analysis: decoding Emotet
  20. Overview about a typical bank trojan (PDF)
  21. Malware distributed via .slk files
  22. Cybersecurity threats facing the financial sector
  23. Android devices ship with pre-installed malware
  24. A classic antivirus can be easily evaded with simple obfuscation
  25. Malicious Edge and Chrome extension used to deliver backdoor
  26. Roaming Mantis dabbles in mining and phishing multilingually
  27. Trisis masterminds have expanded operations to target U.S. industrial firms + more information
  28. Mythic Leopard uses social engineering to target Indian military and defense entities
  29. Confucius update: New tools and techniques, further connections with Patchwork
  30. Turla Mosquito: A shift towards more generic tools
  31. Bitcoin Gold hit by double spend attack, exchanges lose millions
  32. Cryptomining through disguised URL shorteners
  33. A story of poor backend security in midst of scandals and new regulations
  34. Phishing email ironically provides a list of scammers you should avoid
  35. The curious case of encrypted URL parameters
  36. Compromising thousands of websites through a CDN
  37. An analysis of Cloudflare’s email address obfuscation
  38. mquery – fast Yara queries for malware analysts
  39. GitBucket 4.23.1 Unauthenticated Remote Code Execution
  40. YubiKey comes to the iPhone with Mobile SDK for iOS and LastPass support
  41. Keeping 2 billion Android devices safe with machine learning
  42. Adding transparency and context into industry AV test results

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *