Issue 22

Flaws found in 20 Linksys Smart Wifi routers

Researchers from IOActive have identified 10 security issues across 20 Linksys devices. Owners are advised to disable their guest network while waiting for patches. The original IOActive post can be found here.

theregister.co.uk

 

Antivirus provider Webroot melts down as update quarentines hundreds of legit files

The anti-virus application Webroot widely identified regular Windows files as malware and started to quarantine them, which hasn't quite endeared them to their customers.

arstechnica.com

 

Atlassian resets HipChat passwords following breach

Atlassian has executed a service-wide password reset for HipChat, saying that a breach might have happened due to an insecure third-party library. Passwords might have leaked, which fortunately were hashed with bcrypt.

threatpost.com

 

Smart TV hack embeds attack code into broadcast signal—no access required

An interesting attack on Samsung Smart TV's uses a manipulated radio signal to trigger an exploit in the built-in browser through the DVB receiver. Being radio waves, it can potentially be done on a large scale.

arstechnica.com

 

Interpol identifies 8,800 malicious C&C servers in South-East Asia

Interpol, together with investigators of various countries and private companies, has identified 8.800 command & control servers in South-East Asia used to host malware, launch DDOS attacks, and more. Reports were given to the proper authorities in the hopes of taking them down.

bleepingcomputer.com

 

Thousands of Windows computers infected by leaked NSA backdoor

The NSA backdoor exploit called DoublePulsar, leaked by the Shadow Group recently, has been used by others to infect between 30.000 and 100.000 Windows computers. A tool was also released to disinfect a remote computer, with our without the owner's consent.

arstechnica.com

 

Air Force hopes to attract hackers with bug bountry program

The US Air Force has launched a bug bounty program, "Hack the Air Force", following the similar programs "Hack the Army" and "Hack the Pentagon". The programs are managed by bug bounty platform HackerOne.

threatpost.com

 

Facebook released SDK for Delegated Recovery service

Facebook and Github teamed up a while ago around 'Delegated Recovery', a way to regain access to Github through your Facebook account. Facebook has now released a beta SDK to let other services try it out too.

wired.com

 

The backstory behind carder kingpin Roman Seleznev’s record 27 year prison sentence

Brian Krebs writes the backstory of Roman Seleznev, a hacker and credit card thief who just received 27 years in prison in the US, the most severe hacking-related sentence to date.

krebsonsecurity.com

 

The Line of Death – text/plain

An interesting look at what the author (a bit theatrically) refers to as the 'line of death', the divide in a browser window between what the website controls and what the browser itself controls, and how it can impact user security.

textslashplain.com

 

Serverless security implications - from infra to OWASP

A good high-level overview of which security concerns either improve or become worse by deploying code to 'serverless' infrastructure (think Ironworker, AWS Lambda).

snyk.io

 

Top 10 developer crypto mistakes

Very interesting writeup on mistakes that developers often make with regards to crypto.

wordpress.com