Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- UK mass interception law violates human rights
- Prisons to take Florida inmates’ MP3 players
- Decentralisation: The next big step for the world wide web
- Blockchain betting app mocks competitor for getting hacked. Gets hacked four days later
- Apple has started paying hackers for iPhone exploits
- Tech support scammers find a home on Microsoft TechNet pages
- How to stay alive – great book from the Red Cross (PDF)
- German troops face Russian ‘hybrid war’ in Lithuania
- Dutch detained Russians suspected of Swiss lab break-in
For the more technical
- True Key: The not so uncommon story of a failed patch
- Apple Safari & Microsoft Edge browser address bar spoofing
- Microsoft September Patch Tuesday summary + more information
- Adobe issues ColdFusion software update for 6 critical vulnerabilities
- Remote Code Execution in Alpine Linux
- The chilling reality of cold boot attacks
- Researcher finds vulnerability enabling disclosure of Intel ME encryption keys
- Buffer overflow vulnerabilities in industrial automation products by Opto22
- Flaws kound in Fuji Electric Tool that links corporate PCs to ICS
- BlueBorne: One year later, 2 billion devices still exposed
- Breaking the Facebook for Android application
- Trend Micro apps leak user data, removed from Mac App Store
- Bypassing CSP using polyglot JPEGs
- Sploitus – search engine for pentesters
- KRONOS/Osiris banking trojan attack
- Dissecting Dridex banking malware: Loader and Avast “snxk.dll” hooking lib
- Fallout exploit kit used in malvertising campaign to deliver GandCrab ransomware
- Malware delivered through MHT files
- Microsoft Office macros: Still your leader in malware delivery
- Analyzing Turla’s keylogger
- The anatomy of a .NET malware dropper
- New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers
- Multi-exploit IoT/Linux botnets Mirai and Gafgyt target Apache Struts, SonicWall
- APT10 targeting Japanese corporations using updated TTPs
- Advanced deception with BEC fraud attacks
- LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
- Unsuccessfully defaced websites
- UIDAI’s Aadhaar software hacked, ID database compromised, experts confirm
- Protecting Mozilla’s GitHub repositories from malicious modification
- Office VBA + AMSI: Parting the veil on malicious macros
- Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
- Towards in-baggage suspicious object detection using commodity WiFi (PDF)
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – September 16, 2018”