IT Security Weekend Catch Up – October 27, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. GDPR Today – online hub for staying tuned to the (real) life of EU data protection law
  2. How do you fight a $12B fraud problem? One scammer at a time
  3. How WordPress is eliminating old versions from the Internet
  4. Update on British Airways cyber attack
  5. Cathay Pacific flags data breach affecting 9.4 million passengers
  6. Bombardier takes Mitsubishi to court, accuses it of ‘data’ theft
  7. $50 million settlement in Yahoo security breach
  8. Internet Solutions warns of security breach
  9. Government spyware vendor left customer, victim data online for everyone to see
  10. U.S. begins first cyberoperation against Russia aimed at protecting
  11. Shining a light on federal law enforcement’s use of computer hacking tools
  12. Millions of exposed tweets by Russian and Iranian bots
  13. Apple just killed the ‘GrayKey’ iPhone passcode hack
  14. Now apps can track you even after you uninstall them
  15. My phone is spying on me, so I decided to spy on it
  16. A sophisticated ad fraud scheme involving more than 125 Android apps and websites
  17. This SIM card forces all of your mobile data through Tor
  18. DNS godfather blasts DNS over HTTPS adoption
  19. Google mandates two years of security updates for popular phones in new Android contract
  20. Watch hackers steal a Tesla

For the more technical

  1. Investigating implausible Bloomberg Supermicro stories
  2. Remote code execution flaws found in FreeRTOS – popular OS for embedded systems
  3. An authenticated RCE vulnerability in Cisco WebEx client
  4. Technical rundown of WebExec
  5. Vulnerabilities found on WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS
  6. Microsoft Windows zero-day disclosed on Twitter, again
  7. Abusing Microsoft Office Online Video
  8. CVE-2018–8414: A case study in responsible disclosure
  9. Privilege escalation and file overwrite in X.Org X server
  10. Zero-day in popular jQuery plugin actively exploited for at least three years
  11. Clickjacking in Google Docs and voice typing feature
  12. Multiple 0days used by Magecart
  13. Universal GandCrab decryption tool released for free on No More Ransom
  14. The No More Ransom Project – all decryption tools
  15. Russian government-owned lab most likely built custom intrusion tools for TRITON attackers
  16. Who might be responsible for Agent Tesla
  17. Malware distributors adopt DKIM to bypass mail filters
  18. Bluetooth Low Energy mobile application independent access
  19. Android/TimpDoor turns mobile devices into hidden proxies
  20. Banking trojans continue to surface on Google Play
  21. Chalubo botnet wants to DDoS from your server or IoT device
  22. Phishing for knowledge
  23. The hidden story of China Telecom’s BGP hijacking (PDF)
  24. Tracking users across the web via TLS Session Resumption (PDF)
  25. Two new supply-chain attacks come to light in less than a week
  26. How an ISP exposed administrative system credentials
  27. Fooling AWS CloudTrail and getting persistent access
  28. Three new DDE obfuscation methods
  29. Repairnator: a program repair bot for continuous integration

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *