IT Security Weekend Catch Up – September 28, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Fraudsters hijack eBay parcels in a postcode lottery
  2. Massive wave of account hijacks hits YouTube creators
  3. Hackers stole data on nearly 5m DoorDash users, including order history
  4. Russian hacker pleads guilty for involvement in massive network intrusions at U.S. financial institutions
  5. Regional disruption of production due to malware at Rheinmetall Automotive

For the more technical

  1. New iOS exploit checkm8 allows permanent compromise of iPhones
  2. Apple warns about third-party keyboard issue in iOS 13 and iPadOS
  3. CVE-2019-0801: Microsoft Office Uri Hyperlink Hijinks
  4. Microsoft releases emergency patches for IE 0-day and Windows Defender flaw
  5. VMware patches six vulnerabilities in various products
  6. Cisco IOx for IOS software guest operating system unauthorized access vulnerability
  7. Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites
  8. Critical vulnerability addressed in Jira Service Desk
  9. Thousands of cloud computing servers could be owned with ‘very simple’ attack
  10. All your cloud are belong to us (CVE-2019-12491)
  11. Write-up of DOMPurify 2.0.0 bypass using mutation XSS
  12. Researchers think they know how many phones are vulnerable to ‘SIMjacker’ attacks
  13. Airbus hit by series of cyber attacks on suppliers
  14. How to monitor GitHub for secrets
  15. PcShare backdoor attacks targeting Windows users with FakeNarrator malware
  16. Hackers tried to compromise phones of Tibetans working for Dalai Lama
  17. How hundreds of fake apps spread on iOS App Store and Google Play
  18. Who IsErIk: A resurface of an advanced persistent adware? (PDF)
  19. Meet Stop ransomware: The most active ransomware nobody talks about
  20. CryptonDie – a ransomware developed for study purposes
  21. Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
  22. “Fileless” NodeJS malware burrows deep within the host
  23. Mapping the connections inside Russia’s APT Ecosystem
  24. Dtrack and ATMDtrack ATM malware linked to Lazarus
  25. Trickbot – An analysis of data collected from the botnet
  26. How Tortoiseshell created a fake veteran hiring website to host malware
  27. Zebrocy relies on dropbox to supply its dishes to an institution of Eastern Europe diplomatic sector
  28. No summer vacations for Zebrocy
  29. Continued targeting of the United States’ utilities sector reveals additional adversary TTPs
  30. xHunt campaign: Attacks on Kuwait shipping and transportation organizations
  31. Leading Magecart group targeting captive Wi-Fi users via L7 routers (PDF)
  32. Behind the scenes of a massively distributed credential stuffing attack
  33. USB Restricted Mode in iOS 13: Apple vs. GrayKey, round two
  34. Changes to file types blocked in Outlook on the web
  35. HTTP/3: the past, the present, and the future

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *