Weekly news · malgregator

InfoSec Week 37, 2018

Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.

Posted Sep 14, 2018

#Weekly-News

InfoSec Week 36, 2018

USB media shipped with the Schneider Electric Conext ComBox and Conext Battery Monitor solar products were infected with malware.

Posted Sep 7, 2018

#Weekly-News

InfoSec Week 35, 2018

Google started selling their Titan Security Key bundle that support FIDO standards for secure authentication. They have written the firmware by themselves, but the price should be lower for this kind of hardware.

Posted Aug 30, 2018

#Weekly-News

InfoSec Week 34, 2018

If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.

Posted Aug 24, 2018

#Weekly-News

InfoSec Week 33, 2018

There is an OpenSSH user enumeration attack against all software versions on all operating systems. It's a timing attack with proof of concept already published.

Posted Aug 17, 2018

#Weekly-News

InfoSec Week 32, 2018

A Comcast security flaws exposed more than 26 millions of customers’ personal information. Basically, an attacker could spoof IP address using 'X-forwarded-for' header on a Comcast login page and reveal the customer’s location.

Posted Aug 10, 2018

#Weekly-News

InfoSec Week 31, 2018

Reddit got hacked. According to the investigation, it looks like hackers accessed employees 2FA protected accounts. An attacker 'compromised a few of Reddit's accounts with cloud and source code hosting providers by intercepting SMS 2FA verification codes'.

Posted Aug 3, 2018

#Weekly-News

InfoSec Week 30, 2018

Researchers from the Palo Alto Networks analyzed new Mirai and Gafgyt IoT/Linux botnet campaigns. The samples used more than 11 exploits for spreading, exploiting D-Link, Dasan GPON routers.

Posted Jul 26, 2018

#Weekly-News

InfoSec Week 29, 2018

The academics have mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The novel part is that they are using real map data to generate plausible malicious instructions.

Posted Jul 20, 2018

#Weekly-News

InfoSec Week 28, 2018

Hackers have poisoned the Arch Linux PDF reader package named “acroread” that was found in a user-provided Arch User Repository (AUR). They have put downloader malware inside.

Posted Jul 13, 2018

#Weekly-News

InfoSec Week 27, 2018

Samsung Galaxy S9 and S9+ devices, maybe others, are texting camera photos to random contacts through the Samsung Messages app without user permission.

Posted Jul 5, 2018

#Weekly-News

InfoSec Week 26, 2018

A reverse shell connection is possible from an OpenVPN configuration file. So be cautious and treat ovpn files like shell scripts.

Posted Jun 29, 2018

#Weekly-News