IT Security Weekend Catch Up – September 16, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. UK mass interception law violates human rights
  2. Prisons to take Florida inmates’ MP3 players
  3. Decentralisation: The next big step for the world wide web
  4. Blockchain betting app mocks competitor for getting hacked. Gets hacked four days later
  5. Apple has started paying hackers for iPhone exploits
  6. Tech support scammers find a home on Microsoft TechNet pages
  7. How to stay alive – great book from the Red Cross (PDF)
  8. German troops face Russian ‘hybrid war’ in Lithuania
  9. Dutch detained Russians suspected of Swiss lab break-in

For the more technical

  1. True Key: The not so uncommon story of a failed patch
  2. Apple Safari & Microsoft Edge browser address bar spoofing
  3. Microsoft September Patch Tuesday summary + more information
  4. Adobe issues ColdFusion software update for 6 critical vulnerabilities
  5. Remote Code Execution in Alpine Linux
  6. The chilling reality of cold boot attacks
  7. Researcher finds vulnerability enabling disclosure of Intel ME encryption keys
  8. Buffer overflow vulnerabilities in industrial automation products by Opto22
  9. Flaws kound in Fuji Electric Tool that links corporate PCs to ICS
  10. BlueBorne: One year later, 2 billion devices still exposed
  11. Breaking the Facebook for Android application
  12. Trend Micro apps leak user data, removed from Mac App Store
  13. Bypassing CSP using polyglot JPEGs
  14. Sploitus – search engine for pentesters
  15. KRONOS/Osiris banking trojan attack
  16. Dissecting Dridex banking malware: Loader and Avast “snxk.dll” hooking lib
  17. Fallout exploit kit used in malvertising campaign to deliver GandCrab ransomware
  18. Malware delivered through MHT files
  19. Microsoft Office macros: Still your leader in malware delivery
  20. Analyzing Turla’s keylogger
  21. The anatomy of a .NET malware dropper
  22. New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers
  23. Multi-exploit IoT/Linux botnets Mirai and Gafgyt target Apache Struts, SonicWall
  24. APT10 targeting Japanese corporations using updated TTPs
  25. Advanced deception with BEC fraud attacks
  26. LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
  27. Unsuccessfully defaced websites
  28. UIDAI’s Aadhaar software hacked, ID database compromised, experts confirm
  29. Protecting Mozilla’s GitHub repositories from malicious modification
  30. Office VBA + AMSI: Parting the veil on malicious macros
  31. Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
  32. Towards in-baggage suspicious object detection using commodity WiFi (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *