IT Security Weekend Catch Up – October 14, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. New evidence of hacked Supermicro hardware found in U.S. telecom + additional information
  2. Supply chain security: An expert’s view
  3. Czech counterintelligence helps uncover Hezbollah hacking scheme
  4. The long, weird story explaining why I bid $700 for a stolen PSN account
  5. How an amateur rap crew stole surveillance tech that tracks almost every American
  6. How a fraudster got $12 million out of a Canadian university
  7. Pentagon discloses card breach
  8. Silk Road admin pleads guilty – could face up to 20 years in prison
  9. Mozilla: Delaying further Symantec TLS certificate distrust

For the more technical

  1. Derbycon 2018 Videos
  2. Microsoft October Patch Tuesday summary
  3. Zero-day exploit (CVE-2018-8453) used in targeted attacks
  4. Microsoft Edge RCE write-up
  5. Windows 10 ransomware protection bypassed using DLL injection
  6. Trusting the delivery of Firefox Updates
  7. Adobe releases October 2018 Security Updates
  8. WhatsApp fixes bug that let hackers take over app when answering a video call + more information
  9. Multiple vulnerabilities discovered in MikroTik’s RouterOS
  10. A mysterious grey-hat is patching people’s outdated MikroTik routers
  11. Naming & shaming web polluters: Xiongmai
  12. Siemens fixes new vulnerabilities in its products
  13. Cisco Prime Infrastructure (CPI) contains two vulnerabilities + more information
  14. What makes OS drivers dangerous for BIOS?
  15. How to bypass application whitelisting and Constrained Powershell
  16. Advanced attacks on Microsoft Active Directory: detection and mitigation
  17. Threat actors prey on Drupalgeddon vulnerability
  18. Facebook: An update on the security issue
  19. Google+ to shut down after coverup of data-exposing bug + more information
  20. FitMetrix exposed millions of customers’​ records in a passwordless database
  21. Phishing campaign uses hijacked emails to deliver Ursnif
  22. Police phishing attack targets bank credentials
  23. Card-skimming group executes scaled supply chain attack on Shopper Approved
  24. GPlayed trojan – .NET playing with Google Market
  25. Fake Flash updaters push cryptocurrency miners
  26. Obfuscated JavaScript cryptominer
  27. The many faces of Necurs: How the botnet spewed millions of spam emails for cyber extortion
  28. New TeleBots backdoor: First evidence linking Industroyer to NotPetya
  29. Thieves and geeks: Russian and Chinese hacking communities
  30. APT28: New espionage operations target military and government organizations
  31. Cobalt Group 2.0
  32. Full discloser of Andariel, a subgroup of Lazarus threat group (PDF)
  33. Weapon systems cybersecurity: DOD just beginning to grapple with scale of vulnerabilities (PDF)
  34. How I hacked modern Vending Machines
  35. How STACKLEAK improves Linux kernel security
  36. Control Flow Integrity in the Android kernel
  37. Google and Android have your back by protecting your backups

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *