IT Security Weekend Catch Up – September 14, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Russia accuses Facebook and Google of illegal election interference
  2. 198 million car-buyer records exposed online for all to see
  3. FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew
  4. Business Email Compromise the $26 billion scam
  5. Operation reWired: 281 suspects arrested in Business Email Compromise crackdown
  6. Over $37 million lost by Toyota Boshoku subsidiary in BEC scam
  7. Man hacked ‘international superstars,’ sold unreleased songs for cryptocurrency
  8. Infosec duo cuffed after physically breaking into courthouse during IT security assessment
  9. Selling drugs in the age of social media

For the more technical

  1. Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
  2. September Patch Tuesday bears more Remote Desktop vulnerability fixes and two zero-days
  3. BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)
  4. Initial Metasploit exploit module for BlueKeep (CVE-2019-0708)
  5. From BinDiff to zero-day: A proof of concept exploiting CVE-2019-1208 in Internet Explorer
  6. Adobe releases security updates for Flash Player and Application Manager
  7. RIG Exploit Kit chain internals
  8. Multiple vulnerabilities in Comba and D-Link routers
  9. Telegram fixes privacy bug caused by improperly deleted messages
  10. New Simjacker vulnerability exploited by surveillance companies for espionage operation
  11. Snoops can bypass iOS 13 lock screen to eyeball your address book
  12. Apache HTTP [2.4.17-2.4.38] local root privilege escalation
  13. Extended Validation not so… extended? How I revoked $1,000,000 worth of EV certificates
  14. Chrome OS: U2F ECDSA vulnerability
  15. Patch-gapping Google Chrome + PoC
  16. The dangers of VHD and VHDX files
  17. Facebook patches “memory disclosure using JPEG images” flaws in HHVM servers
  18. How menstruation apps are sharing your data
  19. Flashlight apps on Google Play request up to 77 permissions
  20. Analysis of Joker: A spy & premium subscription bot on Google Play
  21. Threats to macOS users
  22. New clues show how Russia’s grid hackers aimed for physical destruction
  23. CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection-focused attack (PDF)
  24. Report reveals play-by-play of first U.S. grid cyberattack
  25. U.S. manufacturer most recent target of LokiBot malspam campaign
  26. Meet the three North Korean hacking groups funding the country’s weapons programs
  27. Cobalt Dickens goes back to school… again
  28. ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
  29. Watchbog and the importance of patching
  30. Sustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)
  31. Thousands of servers infected with new Lilocked (Lilu) ransomware
  32. Fake PayPal site spreads Nemty ransomware
  33. Massive fraud network uncovered, targeting Groupon & online ticket vendors
  34. New phishing campaign uses captcha to bypass email gateway
  35. Google experiments with DNS-over-HTTPS in Chrome
  36. Mozilla launches Firefox VPN extension for US users

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *