IT Security Weekend Catch Up – September 10, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Cyberinsurance company refuses to pay out full amount to bank after hacking
  2. Theft of customer data at British Airways
  3. Alleged ‘Satori’ IoT botnet operator sought media spotlight, got indicted
  4. U.S. accuses North Korea of plot to hurt economy as spy is charged in Sony hack + more information
  5. Leader of DDoS-for-hire gang pleads guilty to bomb threats
  6. Google notifies people targeted by secret FBI investigation
  7. Riding with the diplomatic couriers who deliver America’s secret mail
  8. The women code breakers who unmasked Soviet spies

For the more technical

  1. Drupal Cache Poisoning SA-CORE-2018-005
  2. Bypassing latest Avast AV on Windows 10 x86_64
  3. Multi-provider VPN client privilege escalation vulnerabilities
  4. Keybase browser extension could allow sites to see messages
  5. Rogue MEGA Chrome extension stole passwords and crypto keys + more information
  6. Oracle products affected by exploited Apache Struts flaw
  7. Active exploitation of new Apache Struts vulnerability deploys cryptocurrency miner
  8. Schneider Electric shipped USB drives loaded with malware
  9. Malicious MDM: Let’s hide this app
  10. Popular Mac anti-adware app steals your browsing history + more information
  11. Thousands of compromised MikroTik routers send traffic to attackers
  12. PowerPool malware exploits ALPC LPE zero-day vulnerability
  13. New Chainshot malware found by cracking 512-bit RSA key
  14. Threat actors peddling weaponized IQY files via Necurs botnet
  15. Small businesses targeted by highly localized Ursnif campaign
  16. MagentoCore skimmer most aggressive to date
  17. CamuBot: New financial malware targets Brazilian banking customers
  18. White-hats go rogue, attack financial institutions
  19. FIN6 returns to attack retailer point of sale systems in US, Europe + more information
  20. Advanced deception with BEC fraud attacks
  21. Business email compromise via altered invoices
  22. For 2nd time in 3 years, mobile spyware maker mSpy leaks millions of sensitive records
  23. Global scan – exposed .git repos
  24. Threat landscape for industrial automation systems: H1 2018
  25. BADFET: Defeating modern secure boot using second-order pulsed electromagnetic fault injection (PDF)
  26. Researchers used sonar signal from a smartphone speaker to steal unlock passwords (PDF)
  27. Let’s trade: You read my email, I’ll read your password
  28. A story about a penetration test, where it was not possible to get a shell
  29. Reverse engineering Medium app (and making all stories in it free)
  30. Finding the real origin IPs hiding behind CloudFlare or TOR
  31. Mozilla to block Firefox ad-tracking by default
  32. Protecting user identities
  33. Cloud forensics: Why, what and how to extract evidence
  34. Google’s doors hacked wide open by own employee
  35. Inside MSRC: Sharing our story & customer tips

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *