Collaborate Disseminate
Last month, Vinny Troia, the founder of Data Viper and Bob Diachenko, an independent cybersecurity consultant discovered a “wide-open” Elasticsearch server. The server exposed the personal information of about 1.2 billion unique users inclu… Continue reading An unsecured Elasticsearch server exposed 1.2 billion user records containing their personal and social information
Earlier this month, at DEF CON 2019, a Turkish security researcher, Özkan Mustafa Akkuş presented a zero-day remote code execution vulnerability in Webmin, a web-based system configuration system for Unix-like systems. Following this disclosu… Continue reading A year-old Webmin backdoor revealed at DEF CON 2019 allowed unauthenticated attackers to execute commands with root privileges on servers
Yesterday, the Microsoft Defender Advanced Threat Protection (ATP) Research Team shared details of a fileless malware campaign through which attackers were dropping Astaroth Trojan into the memory of infected computers. We recently unearthed a campaign… Continue reading Microsoft Defender ATP detects Astaroth Trojan, a fileless, info-stealing backdoor
Last week, an appellate court in San Francisco ruled against Facebook’s appeal to block a class-lawsuit over a massive data breach it witnessed last year. This data breach impacted nearly 30 million Facebook users. On September 25th last year, Fa… Continue reading Facebook fails to fend off a lawsuit over data breach of nearly 30 million users
Last week, the Rust team was informed about a vulnerability in Rust’s standard library, the details of which they shared yesterday. The vulnerability is caused by a function that was stabilized in the Rust 1.34.0 and 1.34.1 versions. The Common V… Continue reading Rust’s recent releases 1.34.0 and 1.34.1 affected from a vulnerability that can cause memory unsafety
Earlier this month, a major vulnerability was discovered in Whatsapp by its security team that allowed attackers to remotely install surveillance software on iOS and Android smartphones. The malicious software was injected in users phone by making What… Continue reading A WhatsApp vulnerability enabled attackers to inject Israeli spyware on user’s phones
On Tuesday, Stripe, the online payments platform provider, announced that it has upgraded its products to be compliant with Strong Customer Authentication (SCA) under the second Payment Services Directive (PSD2). This announcement comes just after Stri… Continue reading Stripe updates its product stack to prepare European businesses for SCA-compliance
On Wednesday, ZDNet reported that hacker with the online name Lab Dookhtegan leaked a set of hacking tools belonging to Iran’s espionage groups, often identified as the APT34, Oilrig, or HelixKitten, on Telegram. The leaks started somewhere in th… Continue reading Hacker destroys Iranian cyber-espionage data; leaks source code of APT34’s hacking tools on Telegram
Last week, Mastodon 2.8, a self-hosted social media service, was shipped with Keybase’s brand new proof system. Yesterday, the team behind Keybase announced that this new proof system is now available for all Mastodon servers. With this update, a… Continue reading Keybase’s new proof system is now available for all Mastodon servers
The work collaboration hub, Slack, yesterday, launched Slack Enterprise Key Management (EKM) for its enterprise customers. The feature is introduced to give customers control over their encryption keys used for encrypting and decrypting the files and m… Continue reading Slack launches Enterprise Key Management (EKM) to provide complete control over encryption keys