Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Russia accuses Facebook and Google of illegal election interference
- 198 million car-buyer records exposed online for all to see
- FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew
- Business Email Compromise the $26 billion scam
- Operation reWired: 281 suspects arrested in Business Email Compromise crackdown
- Over $37 million lost by Toyota Boshoku subsidiary in BEC scam
- Man hacked ‘international superstars,’ sold unreleased songs for cryptocurrency
- Infosec duo cuffed after physically breaking into courthouse during IT security assessment
- Selling drugs in the age of social media
For the more technical
- Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
- September Patch Tuesday bears more Remote Desktop vulnerability fixes and two zero-days
- BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)
- Initial Metasploit exploit module for BlueKeep (CVE-2019-0708)
- From BinDiff to zero-day: A proof of concept exploiting CVE-2019-1208 in Internet Explorer
- Adobe releases security updates for Flash Player and Application Manager
- RIG Exploit Kit chain internals
- Multiple vulnerabilities in Comba and D-Link routers
- Telegram fixes privacy bug caused by improperly deleted messages
- New Simjacker vulnerability exploited by surveillance companies for espionage operation
- Snoops can bypass iOS 13 lock screen to eyeball your address book
- Apache HTTP [2.4.17-2.4.38] local root privilege escalation
- Extended Validation not so… extended? How I revoked $1,000,000 worth of EV certificates
- Chrome OS: U2F ECDSA vulnerability
- Patch-gapping Google Chrome + PoC
- The dangers of VHD and VHDX files
- Facebook patches “memory disclosure using JPEG images” flaws in HHVM servers
- How menstruation apps are sharing your data
- Flashlight apps on Google Play request up to 77 permissions
- Analysis of Joker: A spy & premium subscription bot on Google Play
- Threats to macOS users
- New clues show how Russia’s grid hackers aimed for physical destruction
- CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection-focused attack (PDF)
- Report reveals play-by-play of first U.S. grid cyberattack
- U.S. manufacturer most recent target of LokiBot malspam campaign
- Meet the three North Korean hacking groups funding the country’s weapons programs
- Cobalt Dickens goes back to school… again
- ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
- Watchbog and the importance of patching
- Sustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)
- Thousands of servers infected with new Lilocked (Lilu) ransomware
- Fake PayPal site spreads Nemty ransomware
- Massive fraud network uncovered, targeting Groupon & online ticket vendors
- New phishing campaign uses captcha to bypass email gateway
- Google experiments with DNS-over-HTTPS in Chrome
- Mozilla launches Firefox VPN extension for US users
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – September 14, 2019”