IT Security Weekend Catch Up – October 7, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! newsletter: Email oops, and how to avoid them (PDF)
  2. Sales engagement startup Apollo says its massive contacts database was stolen in a data breach
  3. Open-source crypto is no better than closed-source crypto
  4. Voice phishing scams are getting more clever
  5. How companies use fake websites and backdated articles to censor Google’s search results
  6. How a hapless Bitcoin entrepreneur started a multimillion-dollar Ponzi scheme
  7. FBI solves mystery surrounding 15-year-old Fruitfly Mac malware
  8. Travellers refusing digital search now face $5000 Customs fine
  9. CEO pleads guilty to selling encrypted phones to organized crime
  10. French police officer caught selling confidential police data on the dark web
  11. FSB agents leaked secret data to the FBI for 10 million dollars
  12. Russian envoy rejects reports of cybercrimes
  13. Saudi-linked cyber espionage against Canadian victim discovered
  14. A Russian-speaking journalist visits China’s dystopian police state
  15. In El Chapo’s trial, extraordinary steps to keep witnesses alive

For the more technical

  1. Windows 10 October 2018 Update is deleting user data
  2. Intel ME Manufacturing Mode – obscured dangers
  3. Intel Q1’18 – security review cumulative update
  4. Critical vulnerabilities in Emerson AMS Device Manager
  5. An interesting Google vulnerability that got me 3133.7 reward
  6. A new vulnerability in Google PDFium’s JBIG2 library
  7. Telegram leaks IP addresses by default when initiating calls
  8. Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking
  9. Multiple vulnerabilities in Fuji Electric industrial products
  10. Auditing KRACKs in Wi-Fi (PDF)
  11. Cyber actors increasingly exploit the Remote Desktop Protocol to conduct malicious activity
  12. Threat actors customize URLs to avoid detection
  13. Hackers can stealthily avoid traps set to defend the cloud
  14. A staggering amount of stolen data is heading to Zoho domains
  15. Identifying a phisher
  16. Someone used my IPFS gateway for phishing
  17. When security researchers pose as cybercrooks, who can tell the difference?
  18. MageCart: now with tripwire
  19. Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks + additional information
  20. Researchers analyzed a stealthy malware family named Stegoloader
  21. Fileless malware: part deux
  22. New Betabot campaign under the microscope
  23. Roaming Mantis: iOS crypto-mining and spreading via malicious content delivery system
  24. Hidden Cobra – FASTCash campaign
  25. Shedding skin – Turla’s fresh faces
  26. Details of Qatar’s cyber espionage campaign in the United States
  27. APT38: Details on new North Korean regime-backed threat group
  28. APT37: Final1stspy reaping the FreeMilk + technical description
  29. Video analysis of Android SMS worm spying on victims
  30. Mini pwning with GL-iNet AR150
  31. How to spot good fuzzing research
  32. Deployment of Microsoft 365 security solutions
  33. Trustworthy Chrome extensions, by default
  34. Everything you wanted to know about Activation Lock and iCloud Lock
  35. Recipe for the Apple Wireless Direct Link ad hoc protocol
  36. Jailbreaks demystified
  37. Violating your personal space with Webex
  38. Penetration testing dropbox – [1] [2] [3]

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *