home

thehackernews.com

• Breach at Bulgaria's Tax Agency Exposed Data of Over 70% Citizens
• EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
• New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
• Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
• Engage Your Management with the Definitive 'Security for Management' Presentation Template
• Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

sciencedaily.com

• Review evaluates how AI could boost the success of clinical trials
• Researchers build transistor-like gate for quantum information processing -- with qudits
• Personalized medicine software vulnerability uncovered
• Building a bridge to the quantum world
• Discovery of a 'holy grail' with the invention of universal computer memory
• Hackproofing smart meters

wired.com

• Think FaceApp Is Scary? Wait Till You Hear About Facebook
• Why Microsoft’s BlueKeep Bug Hasn’t Wreaked Havoc—Yet
• Hackers Made an App That Kills to Prove a Point
• How To Clear Out Your Zombie Apps and Online Accounts
• Palantir Manual Shows How Law Enforcement Tracks Families
• An Amazon Phishing Scam Hits Just in Time For Prime Day

securityfocus.com

• Vuln: Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
• Vuln: Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
• Vuln: Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability
• Vuln: Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
• Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
• Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

bleepingcomputer.com

• Real-Time Location of Millions Exposed by Mobile Loan Apps
• Stalkerware Apps on Google Play Installed Over 130,000 Times
• US Govt Rolls Out New DNS Security Measures for .gov Domains
• New EvilGnome Backdoor Spies on Linux Users, Steals Their Files
• Group Behind Windows 10 App Malvertising Pushed 100M Ads in 2019
• Trojan-Riddled WinRAR, Winbox, IDM Spreads StrongPity Spyware

itpro.co.uk

• Why the telecoms industry is particularly vulnerable to BlueKeep
• NHS systems still reliant on Windows XP
• Turning the page on password security as its creator, Fernando Corbato, dies at 93
• NCSC hails successful proprietary anti-phishing technique
• NCSC issues guidance for combatting global DNS hijacking campaign
• US may reopen trade with Huawei 'within weeks'

reddit.com/r/security

• Researchers are developing firmware hardening technologies for uefi that will restrict what an attacker can do, even with code execution inside firmware.
• Accidentally Uploaded Pic With OAuth Domain
• Look at this text I have received twice. Should I be scared? I blocked it but how does a random email like that have my number?
• Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.
• Malware framework creates one billion fake Google Adsense ad impressions in only a few months
• Random phone number called, help!

reddit.com/r/netsec

• Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect
• That XMR is MINE! [Blog Post]
• Show /r/netsec: Dlint, a static analysis tool for helping ensure Python code is secure
• Automating local DTD discovery for XXE exploitation
• [libreoffice] CVE-2019-9848 LibreLogo arbitrary script execution
• Windows Kernel Debugging & Exploitation Part1 – Setting up the lab - VoidSec

reddit.com/r/websec

• Nemesida WAF Free now supports Nginx Stable, Mainline and Plus version
• Content-type charset
• WordPress Vulnerability Table
• Web application security testing methodology / checklist / mindmap
• How I was able to access AWS credentials by first finding an unusual redirection then getting kind of Remote File Inclusion (RFI), escalating it to Server Side Request Forgery (SSRF) and finally getting hold of AWS EC2 Credentials.

reddit.com/r/InfoSecNews

• Anti-Debugging Techniques from a Complex Visual Basic Packer
• Mysterious hackers steal data of over 70% of Bulgarians
• iOS URL Scheme expose users to App-in-the-Middle attack
• Turla APT group adds Topinambour Trojan to its arsenal
• DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape
• Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code

krebsonsecurity.com

• Party Like a Russian, Carder’s Edition
• Meet the World’s Biggest ‘Bulletproof’ Hoster
• Is ‘REvil’ the New GandCrab Ransomware?
• FEC: Campaigns Can Use Discounted Cybersecurity Services
• Patch Tuesday Lowdown, July 2019 Edition
• Who’s Behind the GandCrab Ransomware?

darkreading.com

• Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
• 800K Systems Still Vulnerable to BlueKeep
• Sprint Reveals Account Breach via Samsung Website
• A Password Management Report Card
• Data Loss, Leakage Top Cloud Security Concerns
• For Real Security, Don't Let Failure Be Your Measure of Success

threatpost.com

• Wormable BlueKeep Bug Still Threatens Legions of Windows Systems
• Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted
• Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices
• Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain
• StrongPity APT Returns with Retooled Spyware
• LenovoEMC Storage Gear Leaks Sensitive Financial Data

welivesecurity.com

• BlueKeep patching isn’t progressing fast enough
• How your Instagram account could have been hijacked
• Week in security with Tony Anscombe
• Cybercrime seen to be getting worse: The time to act is now
• Buhtrap group uses zero‑day in latest espionage campaigns
• Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

scmagazine.com

• JetBlue flight evacuated after photo of suicide vest sent to crew, passengers via AirDrop
• Malware framework generates 1B fake ad impressions in 3 months
• Dutch police, McAfee nail macro toolkit-builder, ‘Rubella’
• 2.2 million Clinical Pathology Laboratories patients exposed in AMCA breach
• Sprint customer data breached via Samsung website flaw

helpnetsecurity.com

• Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
• Over 80% of network teams play a role in security efforts
• The importance of hardening firmware security
• Enterprises catching up with the explosion of cloud use and shadow IT in the workplace
• Companies still don’t understand the importance of DMARC adoption

trendmicro.com

• New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service
• This Week in Security News: Banking Malware and Phishing Campaigns
• Migrating Network Protection to the Cloud with Confidence
• Where Will Ransomware Go In The Second Half Of 2019?
• Trend Micro Named Best Company To Work For In Taiwan

securityweek.com

• AMCA Breach Impacts 2.2 Million Patients of Clinical Pathology Laboratories
• EvilGnome Malware Helps Hackers Spy on Linux Users
• SLUB Backdoor Spreads via Newly Patched Vulnerability
• BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers
• Endpoint Security Evolving Against Airport Searches, GDPR

siliconrepublic.com

• Sprint says customer accounts were breached via Samsung.com
• Fernando Corbató, father of the computer password, has died
• Have you considered a career in cybersecurity?
• Are you interested in a career in cybersecurity?
• Cork data protection firm snapped up by US player in €5.25m deal

nakedsecurity.sophos.com

• RDP exposed: the wolves already at your door
• Microsoft, Google and Apple clouds banned in Germany’s schools
• Facebook rolls out anti-scam reporting tool in UK
• Researchers hide data in music – and human ears can’t detect it
• GandCrab ransomware revisited – is it back under a (R)evil new guise?

securityintelligence.com

• Enterprise Mobility Management Gets Personal
• The Expiration Date on Passwords Has Expired
• The Fine Art of Protecting Microsoft Office 365 Apps With Multifactor Authentication
• The Wild West Era Has Ended — What’s Next for Data Privacy?
• Threat Intelligence Is the SOC’s Road Map to DNS Security

securityboulevard.com

• Artificial intelligence in cyber security: The savior or enemy of your business?
• Ducks-In-A-Row
• BSides Cleveland 2019, Jeremy Mio’s ‘Public Partnership Panel For Security Response’
• XKCD, ‘First News Memory’
• BSides Cleveland 2019, Dennis Goodlett’s ‘Eval Villain: Simplifying DOM XSS And JS Reversing’

grahamcluley.com

• Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps
• Unlock the power of threat intelligence with this practical guide. Get your free copy now
• Alan Turing – the face of the new £50 note
• How any Instagram account could be hacked in less than 10 minutes
• Apple pushes out silent update to remove sketchy Zoom code from Macs

cyberdefensemagazine.com

• Bitglass 2019 Cloud Security Report: Only 20 Percent of Organizations Use Cloud Data Loss Prevention Despite Storing Sensitive Information in the Cloud
• La Porte County finally opted to pay $130,000 Ransom
• Could Your Reactive Cyber Security Approach Put You Out Of Business?
• Surveying Anti-Phishing Standards – Part 2
• Ransomware: Nothing to Sneeze At