IT Security Weekend Catch Up – October 11, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Computer historians crack passwords of Unix’s early pioneers
  2. University hacker remained hidden behind ‘shadow ecosystem’ for six weeks
  3. Imperva notifies Cloud WAF customers of security incident
  4. France to become first EU country to use nationwide facial recognition ID app
  5. China’s new weapon of choice is your face
  6. Singapore man faces 34 years for Amazon AWS cryptomining fraud
  7. Tech companies reported over 45 million online photos and videos of children being sexually abused
  8. Iranian hackers target Trump campaign as threats to 2020 mount

For the more technical

  1. Short October Patch Tuesday includes Remote Desktop Client, browser, and authentication patches
  2. Android Security Bulletin—October 2019
  3. CVE-2019-16905 – OpenSSH pre-auth XMSS integer overflow
  4. CVE-2019-16928: Exploiting an Exim vulnerability via EHLO strings
  5. Critical security issue identified in iTerm2 as part of Mozilla open source audit
  6. Drupalgeddon2 still used in attack campaigns
  7. Rusty Joomla RCE + exploit
  8. DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities
  9. Multiple D-Link routers found vulnerable to unauthenticated remote code execution
  10. HP Touchpoint Analytics – DLL search-order hijacking – potential abuses (CVE-2019-6333)
  11. Multiple vulnerabilities in Schneider Electric Modicon M580
  12. R7-2019-32: Denial-of-Service vulnerabilities in Beckhoff TwinCAT PLC environment
  13. Picking unwanted UEFI components out of millions of samples
  14. X-ray tech lays chip secrets bare
  15. Planting tiny spy chips in hardware can cost as little as $200
  16. Intel proposes new SAPM memory type to protect against Spectre-like attacks
  17. Improper input validation on dbell smart doorbell can lead to attackers remotely unlocking door
  18. App analysis: Bird
  19. FBI warns about attacks that bypass multi-factor authentication (MFA)
  20. Staying hidden on the endpoint: Evading detection with shellcode
  21. How my application ran away and called home from Redmond
  22. Apple zero-day exploited in new BitPaymer campaign
  23. Leveraging Apple Remote Desktop for good and evil
  24. macOS systems abused in DDoS attacks
  25. COMpfun successor Reductor infects files on the fly to compromise TLS traffic
  26. ESET discovers Attor, a spy platform with curious GSM fingerprinting (PDF)
  27. Morocco: Human rights defenders targeted with NSO Group’s spyware
  28. Mahalo FIN7: Responding to the criminal operators’ new tools and techniques
  29. FIN6 compromised e-commerce platform via Magecart to inject credit card skimmers into thousands of online shops
  30. Magecart: New research shows the state of a growing threat
  31. Sesame Street among many Volusion customers are compromised
  32. Ransomware Muhstik target hacks back, drops decryption keys
  33. Tor Project: Removing end-of-life relays from the network
  34. A sniffer for Bluetooth 5 and 4.x LE
  35. Pair locking your iPhone with Configurator 2

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *