News
IBM's Watson being used to help in security defence
IBM started a beta program with 40 companies where Watson will be assisting in cyber security. It will match incoming attacks with known current malware campaigns to provide useful background information, and monitor security events like incorrect login attempts.
‘Avalanche’ Global Fraud Ring Dismantled
After a four-year cooperation between Europol, the FBI and other parties, the Avalanche botnet was taken down. It controlled over 500.000 machines, used over 800.000 unique domains and at its peak hosted and distributed 17 different malware packages.
Google announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software
Google is announcing OSS-Fuzz, a continuous fuzzing engine which will be used to harden select open source projects against errors like buffer overflows. It currently churns out about 4 trillion test cases per week and has already found 150 bugs in various projects. To be eligible for the beta the open source project needs to have a large user base and/or be critical to the global IT infrastructure.
Fry all the things - USB Killer zaps tons of computing devices
The "USB Killer" is a USB stick with the ability to collect power from USB power lines, and use it to zap the USB port with 220 volts, usually killing the device it's connected to. Here you see it killing a Lenovo laptop, XBox One S, PS4 and the dashboard of a car.
Adobe introduces Voco, Photoshop for voices
With 20 minutes of sample data, they can make 'you' say anything in your own voice. I wonder what the impact on court cases will be. Fortunately, they do also say that they are working hard on making the use of it detectable by watermarking.
When combined with facial reenactment technology I imagine the possibilities will be, well, scary.
A beginner’s guide to beefing up your privacy and security online
This article is a great resource to send to your coworkers, or at least use it as a checklist on what to harass them with in order to get their security on par. You might want to check if you do all of the mentioned security steps, too.
Companies struggle to enforce DKIM email authentication
According to research by Valimail, of all the companies trying to implement DKIM only about 25% are successfully enforcing it. Some obvious reasons are the complex nature of DKIM/SPF/DMARC, and the high impact in case you get something wrong.
Firefox and Tor users update now: 0-day exploit in the wild
There is an exploit that will trigger your browser to send its IP address to an external server, which isn't great if you're using Tor and want to stay anonymous.
AirDroid app opens millions of Android users to device compromise
If you use AirDroid, a remote management tool for Android, you might want to uninstall or disable it for now. Although it does require the attacker to be on the same unsecured network as you are.
CyberChef, a swiss army knife for cyber operations
This might be worth bookmarking. It's a handy tool to perform all kinds of "cyber" operations, like base64 encoding/decoding, various hashing and encrypting algorithms, and more. Fun to play around with.