IT Security Weekend Catch Up – November 30, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Two Iranian men indicted for deploying SamSam ransomware
  2. Malware companies are finding new ways to spy on iPhones
  3. DriveSavers claims it has a way to break into locked iPhones
  4. Israeli cyber firm negotiated advanced attack capabilities sale with Saudis
  5. Google shut out privacy and security teams from secret China project
  6. Half of all phishing sites now have the padlock
  7. Marriott announces data breach of 500 million customers + more information
  8. Dell announces security breach
  9. New breakthroughs in combatting tech support scams

For the more technical

  1. Test of web browser extensions for protection against malicious software
  2. Using AWS Lambda for privilege escalation and exploring a LightSail service
  3. Details about the event-stream incident + more information
  4. Zoom message spoofing
  5. Cisco Prime License Manager SQL injection vulnerability
  6. Cisco Webex Meetings Desktop App command injection vulnerability
  7. Obfuscated bash script targeting QNap boxes
  8. Siemens patches major firewall flaw, other vulnerabilities
  9. Smart bulb offers light, color, music, and… data exfiltration
  10. Stealing webpages rendered on your browser by exploiting GPU vulnerabilities (PDF)
  11. Why AutoCAD malware keeps chugging on + more information
  12. Kaspersky says 2018 in malware was mostly a miner story
  13. KingMiner malware hijacks the full power of Windows Server CPUs
  14. Brazilian financial malware targets bank customers in Latin America and Europe
  15. Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack
  16. Analyzing the GreyEnergy malware: from maldoc to backdoor
  17. New strain of Olympic Destroyer droppers
  18. Demystifying obfuscation used in the Thanksgiving spam campaign
  19. Malvertising attack hijacks 300 million sessions over 48 hours
  20. Two apps that installed root certificates then leaked the private keys (PDF)
  21. UPnProxy: EternalSilence
  22. Hiding through a maze of IoT devices
  23. A look into the connection between XLoader and FakeSpy
  24. AutoIt-compiled worm delivers fileless version of njRAT backdoor
  25. Global “Pied Piper” campaign
  26. DNSpionage campaign targets Middle East
  27. FBI takes down ad fraud botnets Kovter and Boaxxe (PDF)
  28. Requirements for a secure broadband router (PDF)
  29. Apple Health is the next big thing: Health, cloud and security
  30. Clickstream tracking of users of the Tor browser
  31. Robust website fingerprinting through the cache occupancy channel
  32. Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
  33. Jailbreaking Subaru StarLink

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *