IT Security Weekend Catch Up – November 3, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Private messages from 81,000 hacked Facebook accounts for sale
  2. ‘Stalkerware’ website let anyone intercept texts of tens of thousands of people
  3. Hackers steal data of over 60,000 Tomorrowland attendees
  4. Google tackles new ad fraud scheme
  5. Two hackers behind 2016 Uber data breach have been indicted for another hack
  6. Stop using Microsoft Edge to download Chrome – unless you want malware
  7. Porn-watching employee infected government networks with Russian malware
  8. Mirai co-author gets 6 months confinement, $8.6M in fines for Rutgers attacks
  9. China has started ranking citizens with a creepy ‘social credit’ system
  10. China state-owned company charged with Micron secrets theft
  11. The Justice Department unsealed charges against 10 Chinese intelligence officers (PDF)
  12. North Korea is using cryptocurrency scams to bypass UN sanctions and fund its regime
  13. How ‘Mr. Hashtag’ helped Saudi Arabia spy on dissidents
  14. Phishing attack targeting Italian naval and defense industry
  15. Bank Islami comes under biggest cyber attack of Pakistan’s history
  16. How the alleged bomber was caught
  17. Nobody’s cellphone is really that secure
  18. Morphisec U.S. citizen threat index of a state-sponsored cyber attack study
  19. CIA Vault7 leaker to be charged for leaking more classified data while in prison
  20. The time bandits of Southern California
  21. Exposing the Invisible: Guides
  22. Some notes for journalists about cybersecurity

For the more technical

  1. Bleeding Bit: Exposes enterprise access points and unmanaged devices to undetectable chip level attack
  2. More information about critical vulnerabilities in BLE chips + Cisco advisory
  3. Cisco zero-day exploited in the wild to crash and reload devices + more information
  4. Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys + proof-of-concept exploit
  5. Buggy software in popular connected storage drives can let hackers read private data
  6. A nasty DHCPv6 packet can pwn a vulnerable Linux box
  7. Multiple vulnerabilities in Yi Technology home camera
  8. Multiple vulnerabilities in Advantech WebAccess
  9. Google Home (in)security
  10. Sophos patched two vulnerabilities in HitmanPro.Alert
  11. Twelve malicious Python libraries found and removed from PyPI
  12. LIVE555 media streaming library hit by remote code execution flaw
  13. Telegram Desktop saves conversations locally in plain text
  14. New critical vulnerability in multiple high-privileged Android services
  15. Kernel RCE caused by buffer overflow in Apple’s ICMP packet-handling code
  16. Six critical vulnerabilities affecting Macs, iPhones, and iPads
  17. [VIDEO] iOS 12.1 allows bypass the passcode to see all contacts private information
  18. iPhones are allergic to helium + more information
  19. Logical bug in Microsoft Office Suite – Word embedded video code execution
  20. Important information about the new capability of broadFileSystemAccess in UWP apps
  21. Emotet awakens with new campaign of mass email exfiltration
  22. Trickbot shows off new trick: Password grabber module
  23. GPlayed’s younger brother is a banker – and it’s after Russian banks
  24. H-Worm and jRAT Malware: Two RATs are better than one
  25. New file types emerge in malware spam attachments
  26. Millions of League of Legends gamers targeted by phishing scam
  27. Anatomy of a sextortion scam
  28. Threat actors seek your credentials before you even reach the URL
  29. Malicious Powershell using a decoy picture
  30. Diving into malicious AutoIT code
  31. Detecting compressed RTF
  32. Dissecting malicious Office documents with Linux
  33. New DemonBot discovered
  34. Reverse engineering of the Anubis malware
  35. Mac cryptocurrency ticker app installs backdoors
  36. Israel silent as Iran hit by computer virus more violent than Stuxnet
  37. Honeywell industrial USB threat report (PDF)
  38. ICS tactical security trends: Analysis of the most frequent security risks observed in the field
  39. Disrupting the flow: Exposed and vulnerable water and energy infrastructures
  40. The hidden threat of cyberattacks in the energy and utilities industry (PDF)
  41. GandCrab: The most popular multi-million dollar ransomware of the year
  42. Shifting patterns in Internet use reveal adaptable and innovative North Korean ruling elite
  43. Arik Air – grounded by an Amazon S3 leak
  44. DNS over HTTPS poses possible risks to enterprises
  45. Facebook Business takeover
  46. Getting all the CD keys of any game
  47. Joseph Mifsud: Rush for the EXIF
  48. VPN extensions are not for privacy
  49. Everything about iOS DFU and Recovery Modes
  50. Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone
  51. Introducing reCAPTCHA v3: the new way to stop bots
  52. Announcing some security treats to protect you from attackers’ tricks
  53. Windows Defender Antivirus can now run in a sandbox
  54. Take steps to secure your business and users with our security business assessment
  55. Human-competitive patches in automatic program repair with Repairnator

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *