Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Police arrest Nigerian doctor who hacks accounts of celebrities, buys exotic cars
- How North Korean hackers became the world’s greatest bank robbers
- The untold story of Japan’s secret spy agency
- 200 million sets of Japanese PII emerge on underground forums
- Twitter’s spam detection tools
- Facebook accused of conducting mass surveillance through its apps
- Losses from BEC scams rising fast and furious
- Mexico: Cybercriminals steal at least 400 million pesos through unauthorized transfers
- About $1.2 billion in cryptocurrency stolen since 2017
- Russian police arrest man involved in Android banking trojan scheme
- Call center fraudsters
- So you want to be a web security researcher?
- Potential spy devices which track cellphones, intercept calls found all over D.C., Md., Va.
- U.S. government can’t get controversial Kaspersky Lab software off its networks
- Who’s afraid of Kaspersky?
For the more technical
- $36k Google App Engine RCE
- Analysis and mitigation of speculative store bypass (Spectre V4) + additional information + exploit
- CVE-2018-8174 blows the VBScript attack door wide open
- Breakdown of the EFAIL email vulnerabilities
- In Apple Mail, there’s no protecting PGP-encrypted messages
- Backdoors in D-Link’s backyard
- Teen phone monitoring app leaked thousands of user passwords
- Two vulnerabilities patched in BIND DNS software
- Which devices could be affected by TR-064 / TR-069 vulnerabilities
- Critical flaws patched in Phoenix Contact industrial switches + more information
- Serious vulnerability fixed in PACSystems industrial controllers
- Flaw in Schneider PLC programming tool allows remote attacks
- Pet trackers open to MITM attacks
- Experimental security assessment of BMW cars (PDF)
- SEVered: Subverting AMD’s virtual machine encryption (PDF)
- Z-Shave attack could impact over 100 million IoT devices
- New VPNFilter malware targets at least 500K networking devices worldwide + additional information
- FBI seizes control of Russian botnet + more information
- Malware analysis: decoding Emotet
- Overview about a typical bank trojan (PDF)
- Malware distributed via .slk files
- Cybersecurity threats facing the financial sector
- Android devices ship with pre-installed malware
- A classic antivirus can be easily evaded with simple obfuscation
- Malicious Edge and Chrome extension used to deliver backdoor
- Roaming Mantis dabbles in mining and phishing multilingually
- Trisis masterminds have expanded operations to target U.S. industrial firms + more information
- Mythic Leopard uses social engineering to target Indian military and defense entities
- Confucius update: New tools and techniques, further connections with Patchwork
- Turla Mosquito: A shift towards more generic tools
- Bitcoin Gold hit by double spend attack, exchanges lose millions
- Cryptomining through disguised URL shorteners
- A story of poor backend security in midst of scandals and new regulations
- Phishing email ironically provides a list of scammers you should avoid
- The curious case of encrypted URL parameters
- Compromising thousands of websites through a CDN
- An analysis of Cloudflare’s email address obfuscation
- mquery – fast Yara queries for malware analysts
- GitBucket 4.23.1 Unauthenticated Remote Code Execution
- YubiKey comes to the iPhone with Mobile SDK for iOS and LastPass support
- Keeping 2 billion Android devices safe with machine learning
- Adding transparency and context into industry AV test results
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.