IT Security Weekend Catch Up – November 11, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! newsletter: Am I hacked? (PDF)
  2. Here’s why [insert thing here] is not a password killer
  3. FIFA admits hack and braces for new leaks
  4. Fake Elon Musk Twitter Bitcoin scam earned 180K in one day
  5. Thieves are combining SMS-based phishing attacks with new “cardless” ATMs
  6. The aftermaths of Operation Bayonet and the migration of vendors to Dream Market
  7. Alleged admin of a child abuse forum on the Darkweb arrested in France
  8. Chloe Ayling to testify in second “Black Death Group” kidnapping case in Italy
  9. Swedish ISP protests ‘site blocking’ by blocking rightsholders website too
  10. US Cyber Command starts uploading foreign APT malware to VirusTotal
  11. Giant ransomware bundle threatens to make malware attacks easier for crooks
  12. Police decrypt 258,000 messages after breaking pricey IronChat crypto app
  13. The CIA’s communications suffered a catastrophic compromise. It started in Iran
  14. China is exporting its digital surveillance methods to African governments

For the more technical

  1. VirtualBox 0day dumped on GitHub
  2. Security bug in Icecast puts online radio stations at risk + more information
  3. Cisco small business switches privileged access vulnerability
  4. Cisco accidentally released Dirty Cow exploit code in software
  5. RCE via EL injection in JBoss
  6. Evernote for Windows read local file and command execute vulnerabilities
  7. WordPress design flaw leads to WooCommerce RCE
  8. Erealitatea[.]net hack corrupts websites with WP GDPR Compliance plugin vulnerability
  9. Struts 2.3 vulnerable to two year old file upload flaw
  10. DJI drone vulnerability
  11. Critical vulnerabilities in AVEVA industrial software
  12. FaceTime: Heap corruption in RTP video processing
  13. Adobe ColdFusion servers under attack from APT group + technical description
  14. Stealing Chrome cookies without a password
  15. Bug bounty hunter ran ISP doxing service
  16. Build interactive map of cameras from Shodan
  17. Persian stalker pillages Iranian users of Instagram and Telegram
  18. Attack uses malicious InPage document and outdated VLC media player
  19. Busting SIM swappers and SIM swap myths
  20. Who’s in your online shopping cart?
  21. Fake banking app found on Google Play used in SMiShing scheme
  22. Metamorfo banking trojan keeps its sights on Brazil
  23. Deep analysis of TrickBot new module pwgrab
  24. Spam and phishing in Q3 2018
  25. U.S. Secret Service warns ID Thieves are abusing USPS’s mail scanning service
  26. Supply-chain attack on cryptocurrency exchange gate.io
  27. Reversing Retefe
  28. Decoding Hancitor malware with Suricata and Lua
  29. Arecibo: an OOB exfiltration tool (DNS & HTTP)
  30. Tunneling scanners (or really anything) over SSH
  31. A new chapter for OSS-Fuzz
  32. Introducing the Android Ecosystem Security Transparency Report
  33. Space Data Link Protocols – summary of concept and rationale (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *