Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- France seizes France.com from man who’s had it since ‘94, so he sues
- WhatsApp founder plans to leave after broad clashes with parent Facebook
- Twitter sold data access to Cambridge Analytica-linked researcher
- Cambridge Analytica closing after Facebook data harvesting scandal
- Facebook has fired multiple employees for snooping on users
- Amazon threatens to suspend Signal’s AWS account over censorship circumvention
- How a cyberwar looks like – and how it doesn’t
- NATO exercise tests skills of national cyber defenders
- Australia’s Biggest Bank Loses 20 Million Customer Records
- Mexico tells banks to take steps to guard against suspected hack
- When cops can’t convict a ‘top Mafia boss,’ they turn to desperate measures
- Hacker gets 87 months for trying to hack a friend free + more information
- The gambler who cracked the horse-racing code
For the more technical
- Sci-Hub ‘Pirate Bay for Science’ security certs revoked by Comodo
- North Korea’s SiliVaccine antivirus contains stolen Trend Micro engine
- Shhlack lets you encrypt Slack messages
- Improving the Advanced Protection Program for iOS users
- GitHub accidentally recorded some plaintext passwords in its internal logs
- Change your Twitter password right now
- Oracle Access Manager’s identity crisis
- Microsoft issues emergency patch for critical flaw in Windows containers + more information
- MMap vulnerabilities in the Linux kernel
- Further advancements in detecting kernel infoleaks with x86 emulation (PDF)
- Escalating privileges with CylancePROTECT
- Researches by Alex Ionescu: 1, 2, 3, 4 & 5 (PDF)
- 7-Zip: from uninitialized memory to remote code execution
- Critical Cisco WebEx bug allows remote code execution
- Exploiting CVE-2018-6789 in Exim
- A critical security flaw in popular industrial software put power plants at risk + technical description
- D-Link DCS-5020L day n’ night camera remote code execution walkthrough
- New hacking tool lets users access a bunch of DVRs and their video feeds
- Eight new Spectre variants affecting Intel chips discovered, four are “high risk”
- Critical RCE vulnerability found in over a million GPON home routers
- GLitch technique enrolls graphics cards in Rowhammer attacks on Android phones + additional information
- Industrial networks easy to hack from corporate systems (PDF)
- WebLogic exploited in the wild
- KRACK Wi-Fi vulnerability can expose medical devices, patient records
- An analysis of the Chimay-Red MicroTik exploit
- Ransomnix ransomware variant encrypts websites
- The Kitty malware targets Drupal to mine for cryptocurrency
- FacexWorm targets cryptocurrency trading platforms, abuses Facebook Messenger for propagation
- Somebody tried to hide a backdoor in a popular JavaScript npm package
- Lojack becomes a double-agent
- Chinese cyberspies appear to be preparing supply-chain attacks
- ZooPark – cyberespionage operation targets Android users in the Middle East (PDF)
- Internet Shortcut used in Necurs malspam campaign
- Google Maps open redirect flaw abused by scammers
- Google Inbox emails can be spoofed to fake the recipient
- Accessing Google account data without a password
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – May 5, 2018”