Hackers broke into an SEC database and made millions from inside information, says DOJ https://www.cnbc.com/2019/01/15/international-stock-trading-scheme-hacked-into-sec-database-justice-dept-says.html
35-year-old vulnerability discovered in #scp https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
How a Russian firm helped catch an alleged NSA data thief
Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
The overall number of guests affected by the hacking, in which Chinese intelligence is the leading suspect, declined to 383 million. But the passport data is critical to intelligence agencies. https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html
What a surprise!
#Facebook users cannot avoid location-based ads, investigation finds.
No combination of settings can stop location data being used by advertisers, says report. https://www.theguardian.com/technology/2018/dec/19/facebook-users-avoid-location-based-ads-settings-investigation-reveals
A look at home routers, and a surprising bug in Linux/MIPS https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
50 CVEs in 50 Days: #Fuzzing #Adobe #Reader - Check Point Research #cpr https://research.checkpoint.com/50-adobe-cves-in-50-days/
Adventures in Video Conferencing Part 1: The Wild World of WebRTC https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html
An Ingenious Data Hack Is More Dangerous Than Anyone Feared
Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.
Researchers have significantly increased the scope of the Rowhammer threat - https://www.wired.com/story/rowhammer-ecc-memory-data-hack/
'Cuddly' German chat app slacking on hashing given a good whacking under GDPR: €20k fine
PLAIN TEXT passwords showed up on file-hosting site https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Don't try it at home 😎
Most advanced XSS detection suite - https://github.com/s0md3v/XSStrike
VirtualBox E1000 Guest-to-Host Escape. #MorteNoir1 https://github.com/MorteNoir1/virtualbox_e1000_0day
Self-encrypting deception: weaknesses in the encryption of solid state drives.
Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password. https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/
What about the traffic that goes through US?
China Telecom's Internet Traffic Misdirection - https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/
Stealing Chrome Cookies without root or password on OSX, Linux, and Windows via Remote Debugging Protocol. https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
A Mastodon instance for info/cyber security-minded people.