IT Security Weekend Catch Up – October 26, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Iranian hacking group targeted satellite industry nerds
  2. How a BlackBerry wiretap helped crack a multimillion-dollar cocaine cartel
  3. Inside the phone company secretly run by drug traffickers
  4. Major German manufacturer still down a week after getting hit by ransomware
  5. Japanese hotel chain sorry that hackers may have watched guests through bedside robots
  6. Vatican’s wearable rosary gets fix for app flaw allowing easy hacks
  7. Norwegian newspaper website taken offline after content hack
  8. Open database leaked 179GB in customer, US government, and military records
  9. 7 million Adobe Creative Cloud accounts exposed to the public
  10. Prolific business email scam takedown leads to arrests in Spain

For the more technical

  1. Many nginx + php-fpm configurations vulnerable (exploit)
  2. PHP remote code execution 0-day discovered in real world CTF exercise
  3. Trend Micro Anti-Threat Toolkit remote code execution 0-day
  4. Multiple vulnerabilities in Schneider Electric ProClima
  5. CVE-2019-16278 – Unauthenticated remote code execution in Nostromo web server
  6. Maxthon Browser for Windows – Unquoted search path and potential abuses (CVE-2019-16647)
  7. Your cache has fallen: Cache-Poisoned Denial-of-Service attack (PDF)
  8. Shikata Ga Nai encoder still going strong
  9. Alexa and Google Home expose users to vishing and eavesdropping
  10. Mercedes-Benz app glitch exposed car owners’ information to other users
  11. Trojan malware infecting 17 apps on the App Store
  12. Tracking down the developer of Android adware affecting millions of users
  13. Gustuff return, new features for victims
  14. Hunting Raccoon: The new masked bandit on the block
  15. Discord turned into an info-stealing backdoor by new malware
  16. Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
  17. Exploring a link between Magecart Group 5 and the Carbanak APT
  18. Turla group exploits Iranian APT to expand coverage of victims
  19. A DDoS gang is extorting businesses posing as Russian government hackers
  20. Phishing attack targeting United Nations and humanitarian organizations
  21. AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via malspam
  22. Joker’s Stash upgrades with large SSN offering and support infrastructure
  23. iOS platform security & anti-tampering Swift library
  24. Threat Intelligence Portal: We need to go deeper
  25. The Tor Project releases Tor Browser 9.0
  26. Weaponizing and gamifying AI for WiFi hacking: Presenting Pwnagotchi 1.0.0

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *