We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
NordVPN suffered a breach nineteen months ago, which has only recently been disclosed to the public. VPN security in general is questionable. What VPNs do you use, and why should they be considered trustworthy? Learn more about the NordVPN breach in an interesting Schneier on Security article:
Are you aware that Amazon Web Services (AWS) customers were hit by severe outages yesterday after an apparent DDoS attack took S3 and other services offline for up to eight hours? Learn more about the attack:
Old passwords never die – they just become easier to decode. That’s the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago. Learn more:
Have you heard that Unix co-founder Ken Thompson's 39-year old BSD password has finally been cracked? Learn more in an interesting The Hacker News article:
Remember the O.MG cable? A project by self-taught electronics hacker _MG_, it’s a malicious Lightning cable that looks just like the regular overpriced piece of wire that connects your iPhone to a computer. The cable is now about to hit mass distribution. Learn more:
Did you know that the ex-Amazon employee responsible for the Capital One breach earlier this year used the infiltrated cloud servers to mine cryptocurrency? Learn the details in this interesting The Next Web article:
Have you heard about the new fake iPhone charging cable developed by security researcher Mike Grover which allows attackers to take over Linux, Mac and Windows computers as soon as they are plugged in? Learn more in this interesting PCMag article:
There isn’t an industry safe from data breaches. Frombanksand credit organizations to hotel and restaurant chains,academic institutions and more, hundreds of millions of individuals have had their personal information stolen – all via the companies with whom they do business.
A new variant of the Mirai botnet has been discovered which utilizes the Tor network to prevent command server takedowns or seizure.
In this article, Dave Dittrich discusses the buildup to his discovery of DDoS attacks 20 years ago. I was inspired to start a series of articles on the early history of DDoS by a few recent events. Rik Farrow interviewed me for a forthcoming issue (Fall 2019 Vol. 44, No. 3) ofUsenix;login:magazine while I was also writing up ahistory of the early days of the Honeynet Project, which refreshed my memory on a number of events in 1999-2000. I also read this MIT Technology Review article on the 20th anniversary of the “first DDoS attack” on the University of Minnesota It took me a little while to remember that July 22wasnotthe first of the three days that the University of Minnesota spent off-line from persistent flooding. That happened almost a month later. Nor was July 22 even thestart of the build upto that event. Now seemed like a good time to clarify this history.
Have you heard that hackers havestolen a massive trove of sensitive data and defaced the website of SyTech, a major contractor working for Russian intelligence agency FSB (Federal Security Service)? BBC Russia, which reported the breach, said âitâs possible that this is the largest data leak in the history of the work of Russian special services on the Internet.â The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.
Have you heard about Spearphone, a newly demonstrated attack that takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions?
Have you heard that Japanese cryptocurrency exchange Bitpoint has been hacked, resulting in the loss of $32 million worth of various digital currencies? The majority of funds lost (approximately $23 million) belonged to customers, while the rest were owned by the exchange.
Do you use Zoom for video chats? The company is now taking action to update its software only after a security researcher discovered several serious security vulnerabilities in the popular app.
A new ransomware family has been found targeting Linux-based NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid.
The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.
A new form of malware has been spotted in the wild by cybersecurity companies which say the code's main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.
US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed.
The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other software application to protect their secrets in RAM until the issues are fixed in future generations of SDRAM chips and CPUs.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
