A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      European Central Bank announced a framework for cyber attack simulation on financial firms
·      Google announces the open-source Asylo framework for confidential computing
·      New ZooPark APT targets Android users in Middle East since 2015
·      A new report sheds the lights on state-sponsored Chinese APTs under Winnti umbrella
·      Chrome freezes PC running Windows OS after Windows 10 April update
·      SynAck ransomware Employs Many Novel Techniques to Avoid Detection
·      Experts released an unofficial patch for Zero-Days in Dasan GPON home routers
·      Hackers continue to hack Drupal installs to install backdoors and inject cryptocurrency malware
·      Reading the 2017 Internet Crime Complaint Center (IC3) report
·      Secret Conversation – Twitter is testing End-to-End Encryption for direct messages
·      UPDATED – Critical RCE vulnerability found in over a million GPON Home Routers
·      Adobe fixed a Critical Code Execution issue in Flash Player
·      Are you using Python module ‘SSH Decorator? Newer versions include a backdoor
·      baseStriker attack technique allow to bypass Microsoft Office 365 anti-phishing filter
·      May 2018 Android Security Bulletin includes additional Meltdown fix
·      May 2018 Patch Tuesday: Microsoft fixes 2 zero-day flaws reportedly exploited by APT group
·      Signal disappearing messages can be recovered by the macOS client
·      Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
·      Lenovo releases updates to fix Secure Boot flaw in servers and other issues
·      Misinterpretation of Intel docs is the root cause for the CVE-2018-8897 flaw in Hypervisors and OSs
·      The source code of the TreasureHunter PoS Malware leaked online
·      Allanite threat actor focused on critical infrastructure is targeting electric utilities and ICS networks
·      Mining passwords from dozens of public Trello boards
·      Tech giant Telstra warns cloud customers theyre at risk of hack due to a SNAFU
·      Throwhammer, the new Rowhammer attack to remotely hack systems over the LAN
·      Google addresses critical security vulnerabilities in Chrome 66
·      iVideon Russian-based video surveillance solution leaked data, hundreds of thousands of records exposed
·      Wannacry outbreak anniversary: the EternalBlue exploit even more popular now


Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 162 – News of the week appeared first on Security Affairs.