Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Russia accuses Facebook and Google of illegal election interference
- 198 million car-buyer records exposed online for all to see
- FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew
- Business Email Compromise the $26 billion scam
- Operation reWired: 281 suspects arrested in Business Email Compromise crackdown
- Over $37 million lost by Toyota Boshoku subsidiary in BEC scam
- Man hacked ‘international superstars,’ sold unreleased songs for cryptocurrency
- Infosec duo cuffed after physically breaking into courthouse during IT security assessment
- Selling drugs in the age of social media
For the more technical
- Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
- September Patch Tuesday bears more Remote Desktop vulnerability fixes and two zero-days
- BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)
- Initial Metasploit exploit module for BlueKeep (CVE-2019-0708)
- From BinDiff to zero-day: A proof of concept exploiting CVE-2019-1208 in Internet Explorer
- Adobe releases security updates for Flash Player and Application Manager
- RIG Exploit Kit chain internals
- Multiple vulnerabilities in Comba and D-Link routers
- Telegram fixes privacy bug caused by improperly deleted messages
- New Simjacker vulnerability exploited by surveillance companies for espionage operation
- Snoops can bypass iOS 13 lock screen to eyeball your address book
- Apache HTTP [2.4.17-2.4.38] local root privilege escalation
- Extended Validation not so… extended? How I revoked $1,000,000 worth of EV certificates
- Chrome OS: U2F ECDSA vulnerability
- Patch-gapping Google Chrome + PoC
- The dangers of VHD and VHDX files
- Facebook patches “memory disclosure using JPEG images” flaws in HHVM servers
- How menstruation apps are sharing your data
- Flashlight apps on Google Play request up to 77 permissions
- Analysis of Joker: A spy & premium subscription bot on Google Play
- Threats to macOS users
- New clues show how Russia’s grid hackers aimed for physical destruction
- CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection-focused attack (PDF)
- Report reveals play-by-play of first U.S. grid cyberattack
- U.S. manufacturer most recent target of LokiBot malspam campaign
- Meet the three North Korean hacking groups funding the country’s weapons programs
- Cobalt Dickens goes back to school… again
- ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
- Watchbog and the importance of patching
- Sustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)
- Thousands of servers infected with new Lilocked (Lilu) ransomware
- Fake PayPal site spreads Nemty ransomware
- Massive fraud network uncovered, targeting Groupon & online ticket vendors
- New phishing campaign uses captcha to bypass email gateway
- Google experiments with DNS-over-HTTPS in Chrome
- Mozilla launches Firefox VPN extension for US users
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – September 14, 2019”