IT Security Weekend Catch Up – September 7, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! newsletter: Scamming you through social media (PDF)
  2. A huge database of Facebook users’ phone numbers found online
  3. Over 328,000 users hit by Foxit data breach
  4. XKCD forum breach exposes emails, passwords of 562,000 users
  5. The mystery hacker who stole data on 168 million people
  6. German bank loses €1.5 million in mysterious cashout of EMV cards
  7. Feds ordered Google location dragnet to solve Wisconsin bank robbery
  8. The man who found Stuxnet – Sergey Ulasen in the Spotlight
  9. How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
  10. China hacked Asian telcos to spy on Uighur travelers
  11. Ransomware gang wanted $5.3 million from US city, but they only offered $400,000
  12. A voice deepfake was used to scam a CEO out of $243,000
  13. It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years, records show
  14. Malicious attack on Wikipedia—What we know, and what we’re doing
  15. Brave uncovers Google’s GDPR workaround
  16. Incarcerated Anonymous hacker called before grand jury, sparking WikiLeaks questions

For the more technical

  1. The making of CheckLab, a website dedicated to security tests
  2. Enabling developers and organizations to use differential privacy
  3. Zero-day privilege escalation disclosed for Android
  4. Android exploits are now worth more than iOS exploits for the first time
  5. Critical Exim TLS flaw lets attackers remotely execute commands as root
  6. Virtual Media vulnerability in BMC opens servers to remote attack
  7. Zero PMK Installation (CVE-2019-12587)
  8. The golden Pulse Secure SSL VPN RCE chain, with Twitter as case study
  9. External DNS requests in Zyxel USG/UAG/ATP/VPN/NXC series
  10. CVE-2019-10677 multiple cross-site scripting (XSS) in the web interface of DASAN Zhone ZNID
  11. Cisco REST API container for IOS XE software authentication bypass vulnerability
  12. Making a Blind SQL Injection a little less blind
  13. Advanced SMS phishing attacks against modern Android-based smartphones
  14. The secret life of GPS trackers
  15. iOS 12.4 file system extraction
  16. Large-scale surveillance and exploitation of Uyghurs
  17. UPSynergy: Chinese-American spy vs. spy story
  18. Inside the APT28 DLL backdoor blitz
  19. Fully equipped spying Android RAT from Brazil: BRATA
  20. XMR cryptomining targeting x86/i686 systems
  21. TrickBot adds new trick to its arsenal: tampering with trusted texts
  22. Threat actor behind Astaroth is using Cloudflare Workers to bypass your security solutions
  23. Sodinokibi ransomware spreads via fake forums on hacked sites
  24. Ransomware protection and containment strategies: Practical guidance for endpoint protection, hardening, and containment

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *