Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Russian hackers may have tried to infiltrate World Anti-Doping Agency
- Russians planned attack on lab testing Salisbury nerve agent, Swiss say
- Russian hacker pleads guilty for role in Kelihos botnet
- Mirai botnet authors avoid jail time
- Greece U-Turns – now approves Mr. Bitcoin’s extradition to Russia
- After riches and jail, Belarusian ex-hacker’s life lesson? ‘Don’t steal from Americans. Ever’
- Bristol Airport working to restore full display system after cyber-attack
- You didn’t think the Sony saga was over, did you?
- Files with 42 million emails and passwords found on free hosting service
- State Department email breach exposed employees’ personal information
- GovPayNow.com leaks 14M+ records
- Hackers steal $60 million from Japanese crypto exchange Zaif
- California may ban terrible default passwords on connected devices
- Dark web drugs markets – more TripAdvisor than Amazon
- Amazon plants fake packages in delivery trucks to ‘trap’ drivers who are stealing
- NIST’s encryption standard has minimum $250 billion economic benefit
- Stung by hacks, the Democratic National Committee is switching from Android to iPhones
For the more technical
- [VIDEO] 4 common Node.js security issues inside NPM
- Microsoft’s Jet crash: Zero-day flaw drops after deadline passes + more information
- This Windows file may be secretly hoarding your passwords and emails
- A major bug in Bitcoin software could have crashed the currency + more information
- ProtonVPN, NordVPN patch Windows bug
- Security bulletin for Adobe Acrobat and Reader
- Dangerous vulnerabilities in Siemens industrial solutions
- Google’s Android team finds serious flaw in Honeywell devices
- Peekaboo critical vulnerability in NUUO network video recorder
- Authentication bypass vulnerability in Western Digital My Cloud
- Fake finance apps on Google Play target users from around the world
- Twitter: Fixing a bug in Account Activity API
- Local file inclusion at IKEA.com
- Playing with CloudGoat: Hacking AWS EC2 service for privilege escalation
- Pre-pwned AMI images in Amazon’s AWS public instance store
- Static analysis of client-side JavaScript for pen testers and bug bounty hunters
- Click2Gov: Targeting local government payment portals + more information
- Access to thousands of breached sites found on underground market
- Magecart strikes again: Newegg in the crosshairs + more information
- Threats posed by using RATs in ICS
- Inside a demo of NSO Group’s powerful iPhone malware
- Increased use of a Delphi Packer to evade malware classification
- DanaBot shifts its targeting to Europe, adds new features
- A look into the lifecycle of Brazilian financial malware
- Xbash combines botnet, ransomware, coinmining in worm that targets Linux and Windows
- GandCrab malware keeps a step ahead of network defenses
- Meet Black Rose Lucy, the latest Russian MaaS botnet
- Viro botnet ransomware breaks through
- Wannamine cryptominer that uses EternalBlue still active
- Cyber Threat Alliance releases cryptomining whitepaper (PDF)
- New trends in the world of IoT threats
- ICANN sets plan to reinforce internet DNS security
- Android and Google Play security rewards programs surpass $3M in payouts
- iOS 12 enhances USB Restricted Mode
- Introducing the Cloudflare Onion Service
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – September 23, 2018”