Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! newsletter: Scamming you through social media (PDF)
- A huge database of Facebook users’ phone numbers found online
- Over 328,000 users hit by Foxit data breach
- XKCD forum breach exposes emails, passwords of 562,000 users
- The mystery hacker who stole data on 168 million people
- German bank loses €1.5 million in mysterious cashout of EMV cards
- Feds ordered Google location dragnet to solve Wisconsin bank robbery
- The man who found Stuxnet – Sergey Ulasen in the Spotlight
- How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
- China hacked Asian telcos to spy on Uighur travelers
- Ransomware gang wanted $5.3 million from US city, but they only offered $400,000
- A voice deepfake was used to scam a CEO out of $243,000
- It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years, records show
- Malicious attack on Wikipedia—What we know, and what we’re doing
- Brave uncovers Google’s GDPR workaround
- Incarcerated Anonymous hacker called before grand jury, sparking WikiLeaks questions
For the more technical
- The making of CheckLab, a website dedicated to security tests
- Enabling developers and organizations to use differential privacy
- Zero-day privilege escalation disclosed for Android
- Android exploits are now worth more than iOS exploits for the first time
- Critical Exim TLS flaw lets attackers remotely execute commands as root
- Virtual Media vulnerability in BMC opens servers to remote attack
- Zero PMK Installation (CVE-2019-12587)
- The golden Pulse Secure SSL VPN RCE chain, with Twitter as case study
- External DNS requests in Zyxel USG/UAG/ATP/VPN/NXC series
- CVE-2019-10677 multiple cross-site scripting (XSS) in the web interface of DASAN Zhone ZNID
- Cisco REST API container for IOS XE software authentication bypass vulnerability
- Making a Blind SQL Injection a little less blind
- Advanced SMS phishing attacks against modern Android-based smartphones
- The secret life of GPS trackers
- iOS 12.4 file system extraction
- Large-scale surveillance and exploitation of Uyghurs
- UPSynergy: Chinese-American spy vs. spy story
- Inside the APT28 DLL backdoor blitz
- Fully equipped spying Android RAT from Brazil: BRATA
- XMR cryptomining targeting x86/i686 systems
- TrickBot adds new trick to its arsenal: tampering with trusted texts
- Threat actor behind Astaroth is using Cloudflare Workers to bypass your security solutions
- Sodinokibi ransomware spreads via fake forums on hacked sites
- Ransomware protection and containment strategies: Practical guidance for endpoint protection, hardening, and containment
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.