IT Security Weekend Catch Up – November 25, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Instagram accidentally exposed some users’ passwords in plaintext
  2. PI System software maker, OSIsoft, announced breach
  3. Amazon customers’ names and email addresses disclosed by website error
  4. Taking down an insider threat
  5. NordVPN shares results of ‘no-log’ audit
  6. Inside the British Army’s secret information warfare machine
  7. Saudi dissidents hit with stealth iPhone spyware before Khashoggi’s murder
  8. Man spoofs GPS to fake shop visits for profit, gets caught
  9. The recently arrested “redandwhite”: one of Silk Road’s greatest nemeses
  10. New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap
  11. Inside the hunt for the world’s most dangerous terrorist

For the more technical

  1. Ghost emails: Hacking Gmail’s UX to hide the sender
  2. XSS injection campaign exploits WordPress AMP plugin
  3. Why you should patch Skype for Business immediately
  4. Security updates available for Flash Player + more information
  5. Spoof all domains containing ‘d’ in Apple products
  6. This JavaScript can snoop on other browser tabs to work out what you’re visiting (PDF)
  7. Intel Management Engine JTAG proof of concept
  8. ECCploit: ECC memory vulnerable to Rowhammer attacks after all (PDF)
  9. DirtyCOW bug drives attackers to a backdoor in vulnerable Drupal web servers
  10. Multiple remote vulnerabilities in TP-Link TL-R600VPN
  11. VMware affected by Dell EMC Avamar vulnerability
  12. Critical vulnerability in Modicon M221 PLC
  13. New wave of malware spreads via ISO file email attachments
  14. The Rotexy mobile Trojan – banker and ransomware
  15. TrickBot’s bigger bag of tricks
  16. Lazy passwords become rocket fuel for Emotet SMB spreader
  17. Mirai: Not just for IoT anymore
  18. CozyBear – in from the cold? + technical description
  19. Sednit: What’s going on with Zebrocy?
  20. FIN7 not finished – Morphisec spots new campaign
  21. Lazarus mounts attacks on financial organizations in Latin America
  22. Advanced sabotage among competing Magecart factions + more information
  23. True identity of notorious hacker tessa88 revealed
  24. An OSINT analysis of the Elon Musk Bitcoin scam
  25. ATMs can be hacked in minutes
  26. Free VPN apps: Chinese ownership, secretive companies & weak privacy
  27. German eID card system vulnerable to online identity spoofing
  28. Popular Dark Web hosting provider got hacked, 6,500 sites down
  29. How Azure AD could be vulnerable to brute-force and DOS attacks
  30. AWS rolls out new security feature to prevent accidental S3 data leaks
  31. Evilginx 2.2 – Jolly Winter Update
  32. Fake fingerprints can imitate real ones in biometric systems (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *