We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.
Have you heard about the new Cloud Snooper malware which uses a Linux kernel driver to attack cloud servers?
Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. Learn more:
Chinese security researchers were able to successfully discover zero-day vulnerabilities in Chrome, Edge, Safari, Office 365, qemu-kvm + Ubuntu and more at a recently held hacking competition in the city of Chengdu in China. Learn more in an interesting TechWorm article:
A team of cybersecurity researchers has discovered a clever technique which relies on a vulnerability in MEMS microphones embedded in voice-controllable systems to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Learn more about this hack and how to protect yourself against it in real-life in a great The Hacker News article:
NordVPN suffered a breach nineteen months ago, which has only recently been disclosed to the public. VPN security in general is questionable. What VPNs do you use, and why should they be considered trustworthy? Learn more about the NordVPN breach in an interesting Schneier on Security article:
Are you aware that Amazon Web Services (AWS) customers were hit by severe outages yesterday after an apparent DDoS attack took S3 and other services offline for up to eight hours? Learn more about the attack:
