Kali Linux 2019.1 Released!
It includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit 5.0, theHarvester, DBeaver, and more.

thispersondoesnotexist.com uses AI to generate startling fake human faces.
When you visit the Website, you will likely see a face smiling back at you. Seems innocent enough -- until you realize the face is not actually real, but generated by a neural network algorithm.

127 million user records from 8 companies put up for sale on the dark web.
The same individual sold 620 million user accounts from 16 other companies earlier this week.

has released a security update to address in . An attacker could exploit some of these vulnerabilities to take control of an affected system.
Update now to 60.5.1 version!
Sources: us-cert.gov/ncas/current-activ and mozilla.org/en-US/security/adv

WordPress plugin flaw lets you take over entire sites.
Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.


Vulnerabilities in OpenSSH:
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.

8 000 €, est le coût total d'un poste de travail infecté pour sa remédiation après intervention des professionnels de la chaîne IT avec indisponibilité de travail du collaborateur.
Source : Atelier sur les attaques cyber, AMRAE2019 événement de l'AMRAE, Association pour le Management des Risques et des Assurances de l'Entreprise

Threat Landscape and Defense in-Depth
Source: GRCAlert Inc

Les trottinettes Bird sont piratables avec un tournevis et 30 € (et la startup n’aime pas qu’on en parle) - Tech - Numerama

[Enquête Numerama] Détourner une trottinette Bird avec un simple kit à 30 dollars ? C'est possible. Parce qu'elle utilise des véhicules Xiaomi M365 standards très populaires, l'entreprise est plus ciblée que d'autres par des usagers mal intentionnés. Et ça l'empêche de trouver des solutions efficaces pour lutter contre ces pratiques.


US Senators ask DHS (Department of Homeland Security) to look into US government workers using foreign VPNs.
Senators alarmed that US government workers may be sending sensitive traffic to China or Russia.

Sweet32 Birthday attack in TLS.
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.



Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.