DevOps, Security, Whatewer
Dutch security researcher Victor Gevers found misconfigured MongoDB database containing facial recognition and other sensitive information about the Uyghur Muslim minority in China. Looks like the company behind the database is Chinese surveillance company SenseNets.
Posted
#Weekly-News
Ubiquiti network devices are being remotely exploited, via port 10001 discovery service. Results in loss of device management, also being used as a weak UDP DDoS amplification attack: 56 bytes in, 206 bytes out.
Posted
#Weekly-News
Insurance Company says to the Mondelez customer that the NotPetya ransomware attack was an act of cyber war and therefore not covered by the policy.
Posted
#Weekly-News
According to a Reuters investigation, United Arab Emirates used former U.S. intelligence operatives to hack into the iPhones of activists, diplomats and foreign politicians using so-called Karma spyware.
Posted
#Weekly-News
Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.
Posted
#Weekly-News
35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, 'Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.'
Posted
#Weekly-News
Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
Posted
#Weekly-News
Let's Encrypt recapitulated the last year in the operation of their ACME based certification authority, and summarized the challenges that they will work on in 2019. They intend to deploy multi-perspective validation, checking multiple distinct Autonomous Systems for domain validation, preventing potential BGP hijacks. They also plan to run own Certificate Transparency (CT) log.
Posted
#Weekly-News