IT Security Weekend Catch Up – October 7, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. OUCH! newsletter: Email oops, and how to avoid them (PDF)
2. Sales engagement startup Apollo says its massive contacts database was stolen in a data breach
3. Open-source crypto is no better than closed-source crypto
4. Voice phishing scams are getting more clever
5. How companies use fake websites and backdated articles to censor Google’s search results
6. How a hapless Bitcoin entrepreneur started a multimillion-dollar Ponzi scheme
7. FBI solves mystery surrounding 15-year-old Fruitfly Mac malware
8. Travellers refusing digital search now face $5000 Customs fine
9. CEO pleads guilty to selling encrypted phones to organized crime
10. French police officer caught selling confidential police data on the dark web
11. FSB agents leaked secret data to the FBI for 10 million dollars
12. Russian envoy rejects reports of cybercrimes
13. Saudi-linked cyber espionage against Canadian victim discovered
14. A Russian-speaking journalist visits China’s dystopian police state
15. In El Chapo’s trial, extraordinary steps to keep witnesses alive

For the more technical

1. Windows 10 October 2018 Update is deleting user data
2. Intel ME Manufacturing Mode – obscured dangers
3. Intel Q1’18 – security review cumulative update
4. Critical vulnerabilities in Emerson AMS Device Manager
5. An interesting Google vulnerability that got me 3133.7 reward
6. A new vulnerability in Google PDFium’s JBIG2 library
7. Telegram leaks IP addresses by default when initiating calls
8. Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking
9. Multiple vulnerabilities in Fuji Electric industrial products
10. Auditing KRACKs in Wi-Fi (PDF)
11. Cyber actors increasingly exploit the Remote Desktop Protocol to conduct malicious activity
12. Threat actors customize URLs to avoid detection
13. Hackers can stealthily avoid traps set to defend the cloud
14. A staggering amount of stolen data is heading to Zoho domains
15. Identifying a phisher
16. Someone used my IPFS gateway for phishing
17. When security researchers pose as cybercrooks, who can tell the difference?
18. MageCart: now with tripwire
19. Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks + additional information
20. Researchers analyzed a stealthy malware family named Stegoloader
21. Fileless malware: part deux
22. New Betabot campaign under the microscope
23. Roaming Mantis: iOS crypto-mining and spreading via malicious content delivery system
24. Hidden Cobra – FASTCash campaign
25. Shedding skin – Turla’s fresh faces
26. Details of Qatar’s cyber espionage campaign in the United States
27. APT38: Details on new North Korean regime-backed threat group
28. APT37: Final1stspy reaping the FreeMilk + technical description
29. Video analysis of Android SMS worm spying on victims
30. Mini pwning with GL-iNet AR150
31. How to spot good fuzzing research
32. Deployment of Microsoft 365 security solutions
33. Trustworthy Chrome extensions, by default
34. Everything you wanted to know about Activation Lock and iCloud Lock
35. Recipe for the Apple Wireless Direct Link ad hoc protocol
36. Jailbreaks demystified
37. Violating your personal space with Webex
38. Penetration testing dropbox – [1] [2] [3]

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.