IT Security Weekend Catch Up – November 9, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Breaches at NetworkSolutions,, and
  2. TrendMicro employee sold customer info to tech support scammers
  3. How a scammer stole 500$ from me and in the end begged me not to tell his parents
  4. Aventura charged for flogging Chinese spy equipment to US gov’t with security vulnerabilities
  5. Inside the Microsoft team tracking the world’s most dangerous hackers
  6. Two former Twitter employees and a Saudi national charged as acting as illegal agents of Saudi Arabia
  7. Chinese police arrest operators of 200,000-strong DDoS botnet
  8. Facebook: Changes to groups API access

For the more technical

  1. The App Defense Alliance: Bringing the security industry together to fight bad apps
  2. Welcome to Pwn2Own Tokyo 2019 – schedule and day one results
  3. Pwn2Own Tokyo 2019 – day two final results
  4. Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
  5. Actively exploited bug in fully updated Firefox is sending users into a tizzy
  6. Android Security Bulletin—November 2019
  7. The first BlueKeep mass hacking is finally here—but don’t panic
  8. BlueKeep exploitation activity seen in the wild + more information
  9. Microsoft works with researchers to detect and protect against new RDP exploits
  10. NVIDIA fixes security flaws in GPU Driver, GeForce Experience
  11. Thousands of QNAP NAS devices have been infected with the QSnatch malware + security advisory
  12. An online database of default passwords used by ICS/SCADA devices
  13. Libarchive vulnerability impacts multiple Linux distributions
  14. ClamAV zero-day lands but don’t panic
  15. rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)
  16. Bypassing GitHub’s OAuth flow
  17. How I hacked Volkswagen and Skoda
  18. Researchers hack Siri, Alexa, and Google Home by shining lasers at them
  19. Amazon’s Ring Video Doorbell lets attackers steal your Wi-Fi password
  20. Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases
  21. Asus router app leaks customer data and exposes Alexa users
  22. WP-VCD: The malware you installed on your own site
  23. DarkUniverse – the mysterious APT framework #27
  24. Double loaded ZIP file delivers Nanocore
  25. New Megacortex ransomware changes Windows passwords, threatens to publish data
  26. Fake ransomware named after Donald Trump tries to trick victims out of a buck
  27. Titanium: the Platinum group strikes again
  28. Uncovering the secret world of malware-like cheats in video games
  29. Phishing detection via analytic networks
  30. Google is helping design an open source, ultra-secure chip

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *