IT Security Weekend Catch Up – November 26, 2016

Afraid of missing important security news during the week? We’re here to help! Every week we put all important security related news in one place, for your reading pleasure. Enjoy!

A bit less technical

1. Russian propaganda influence on american elections
2. Interview with stock hacker photos author
3. Microsoft shares Windows 10 telemetry data with FireEye
4. Darknet drug vendors opsec fails
5. Bankers in Philippines charged for involvement in SWIFT fraud
6. 178 money mules arrested
7. ATMs in Europe targetted by hackers
8. Bank phishing results in USD 2,6 mln theft
9. The FBI Hacked Over 8,000 Computers In 120 Countries 
10. EU’s new approach to regulating cryptography
11. Twitter Fighting with Sexualised Images of Children
12. Probably a second breach at NSA
13. London Tube users tracked by WiFi device MAC address
14. UK’s ThreeMobile customers database incident
15. Popular Twitter accounts compromised by spammers

A bit more technical

1. All videos from Black Hat USA 2016
2. A Russian Trump fan is celebrating by hacking Google Analytics
3. KeePass security audit results
4. [PDF] curl audit report
5. Securing domain controllers
6. gstreamer FLIC decode vulnerability
7. Incorrect fix for gstreamer FLIC decoder vulnerability
8. New method for distributing malware through images
9. Hacking Tesla with a malicious Android app: part 1, part 2
10. Detailed analysis of Android N encryption
11. Pixel security improvements
12. Analysis of recent DDoS attacks on Russian banks
13. Analysis of Ursnif campaign
14. Soltra threat intelligence sharing tool saved by new owner
15. 0day in specific regional software used in attacks in Asia
16. Tropic Trooper APT campaign
17. Forensic resources lists
18. Exploit and malware in .HWP files
19. 4 fatal flaws in deterministic password managers
20. [PDF] Solid comparison of password managers
21. [PDF] SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
22. TeleCrypt ransomware defeated
23. Crysis ransomware decryption analysis
24. Cerber ransomware encrypts databases
25. Signal protocol specs now public domain
26. Syscall Auditing at Scale
27. NIST’s new password rules
28. Interesting vulnerability in WordPress update server
29. TP-link Device Debug Protocol (TDDP) Vulnerabilities
30. Elevating privileges by environment variables expansion
31. [PDF] Many Android VPNs are malicious
32. Exfiltration of User Credentials using WLAN SSID
33. Android malware analysis with Radare
34. Sending Valid Phishing E-mails From Microsoft.com
35. Windows 10 vs EMET analysis
36. Flokibot analysis
37. Gathering .onion addresses
38. Tracking drivers with Bluetooth
39. TimThumb vulnerability author’s confession
40. Useful email obfuscation technique
41. Ways to Brute Force WordPress 
42. Generic VBA Instrumentation for Microsoft Office Documents
43. [PDF] Reverse engineering Fitbit firmware
44. CVE-2016-0176 analysis (Edge)
45. [PDF] Classification of Side-Channel Attacks on Mobile Devices
46. Major update – Sysmon 5.0
47. Malware spreading on Facebook
48. Analysis of Android banking malware app: part 1, part 2
49. Next-gen vs traditional AV products – tests and comments
50. [PDF] Analysis of secure external hard drives
51. [PDF] Akamai State of the Internet Q3 report
52. Uber bug bounty finds
53. Fareit spam campaign analysis
54. Wget Access List Bypass
55. Research on unsecured Wi-Fi networks across the world
56. Forensic Implications of iOS Lockdown (Pairing) Records

If you enjoyed this list and find it useful, subscribe to our feeds (RSS, Twitter, Facebook available) to find out when the new edition is posted next week.