Issue 28

OneLogin breach exposed ability to decrypt data

OneLogin, a single sign-on provider, reported a breach of customer data. They say they can't exclude the possibility that decryption keys were also compromised. The attacker gained access through stolen AWS access keys. OneLogin's blogpost can be found here.


Fireball - Chinese malware with 250 million infected computers

This malware has infected a whopping 20% of all corporate networks, according to Checkpoint. It's currently used for advertising and tracking purposes, but does allow for code execution. Strangely enough it's being run by a company, a Chinese digital marketing agency called Rafotech.


Gmail adds new security features

Google added some nice and welcome security features to Gmail, including early phishing detection (powered by machine learning), click-warnings for malicious links and unintended external reply warnings.


Cisco and IBM Security announce collaboration

Both parties will integrate some of each other's applications and services into their own. Their respective threat analysis teams, IBM X-Force and Cisco Talos, will also work more closely together.


Patches available for Linux Sudo vulnerability

Researchers at Qualys discovered a vulnerability in sudo that can allow privilege escalation to root. Patches have been released.


GnuPG developers start new fundraising effort

They are supported by companies such as Stripe, Facebook and the Linux foundation, but want to raise funds from the public to ensure long-term stability and have clarity on their loyalty to people, not corporations.


SophosLabs investigation into delivering malware via VBA

Very interesting read on dissecting a PDF document with Visual Basic-based ransomware code in it.


Google announces 2017 CTF contest

Qualifying rounds will be held on June 17th and 18th, the final round will be in October. Last year 2,400 teams participated in the qualifications. First prize is $31,337.


Free tools for auditing the security of an AWS account

Good overview of a set of tools that can help to detect insecure AWS settings.


Hacking Discourse's password hashes

Interesting article where Jeff Atwood (from Stack Overflow and Discourse) discusses securing data exports and passwords. He goes on an experiment to try and hack their own PBKDF2-based hashes. Hackernews discussion here.


Personal note: sponsorship

I'm thinking of adding the ability to sponsor an issue of the newsletter.
If you're interested give me a shout by replying to this e-mail. Thanks!

Dieter Van der Stock