IT Security Weekend Catch Up – October 20, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. North Korean hacker crew steals $571M in cryptocurrency across 5 attacks
  2. Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading
  3. Facebook eyes spammers for mega-breach
  4. How to irregular cyber warfare
  5. Israel’s cyber-spy industry helps world dictators hunt dissidents and gays
  6. Apple CEO is calling for Bloomberg to retract its Chinese spy chip story

For the more technical

  1. libssh have an authentication bypass vulnerability in the server code
  2. Patching, re-patching and meta-patching the Jet Database Engine RCE
  3. Oracle Critical Patch Update for October 2018
  4. Google’s Project Zero has again called Apple out for silently patching flaws
  5. Ghostscript sandbox escape
  6. Exploitation for the recent RCE in Git
  7. Security advisories for Drupal core
  8. DOM-XSS bug affecting Tinder, Shopify, Yelp, and more
  9. Remote Code Execution in Moxa ThingsPro IIoT
  10. Sony fixes PlayStation 4 bug that allowed message to crash consoles
  11. Linksys E Series multiple OS command injection vulnerabilities
  12. D-Link routers – full takeover
  13. VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability
  14. Octopus-infested seas of Central Asia
  15. VestaCP compromised in a new supply-chain attack
  16. Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  17. NSA-linked DarkPulsar exploit tool detailed
  18. “Big Star Labs” spyware campaign affects over 11,000,000 people
  19. Godzilla loader and the long tail of malware
  20. Mouse Underlaying: Global key and mouse listener based on an almost invisible window
  21. Analyzing Turla’s keylogger
  22. Shedding skin – Turla’s fresh faces
  23. The mysterious return of years-old chinese malware
  24. How we discovered a Ukranian cybercrime hotspot
  25. How to remove fileless malware
  26. VBA stomping –  advanced maldoc techniques
  27. How Office 365 learned to reel in phish
  28. How I “found” the database of the Donald Daters App
  29. Researcher finds simple way of backdooring Windows PCs 
  30. Building a Titan: Better security through a tiny chip
  31. Android Protected Confirmation: Taking transaction security to the next level
  32. Meet Helm, the startup taking on Gmail with a server that runs in your home
  33. Modernizing IDA Pro: How to make processor module glitches go away

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

1 thought on “IT Security Weekend Catch Up – October 20, 2018”

Leave a Reply

Your email address will not be published. Required fields are marked *