The 10th Pwn2Own event happened this week, with a set of interesting vulnerabilities being discovered. Including a virtual machine escape in VMware Workstation based on a Microsoft Edge vulnerability, netting a record breaking $105.000. Trend Micro, the sponsor of the event, provides a high-level overview here.
Tavis Ormandy, the same Google Project Zero researcher who discovered CloudBleed a few weeks back, reported on vulnerabilities he found in Lastpass that could leak credentials. They have been fixed, and Lastpass released a well-written blogpost on the issue.
A hacker group known as the Turkish Crime Family claims to have over 220 million compromised iCloud accounts in its possession. They demand $150.000 from Apple or they threaten to delete all data associated with those accounts.
Google removed a set of apps that were part of what they call the Chamois botnet. They were used to show fraudulent ads and downloading other malicious apps.
As a follow-up to news of a few weeks back that spam levels dropped significantly, it seems the Necurs botnet is active again and has been used for an old-school stock scam.
A blogpost from Sophos taking a look at the threat landscape for Mac users.
Two flaws were found in Nest security cameras that can disable the camera for a short while. The patch is said to be ready but not yet put live.
This article takes a brief look at Nexuslogger, a cloud-based keylogger with a license fee and customer support.
An informative blogpost/rant from Jeff Atwood (of Stack Overflow and Discourse) on the frustration with password rules and the advocacy for only looking at length as a parameter for password strength, with maybe some pragmatic extra measures.
A very interesting view in how Alexey Beltan, a hacker on the FBI most wanted list, hacked several large West Coast tech companies. Reads like a script for a Mr. Robot monologue :-)
This is a blogpost with all kinds of advise on what security measures to take as a startup. I found it to be a very useful resource with lots of pragmatic information. It's on Github so anyone can contribute.
This article takes a fun look at how information warfare isn't new at all, neither is it Russian. Fascinating to see some examples of such warfare from Colonial times.