OneLogin, a single sign-on provider, reported a breach of customer data. They say they can't exclude the possibility that decryption keys were also compromised. The attacker gained access through stolen AWS access keys. OneLogin's blogpost can be found here.
This malware has infected a whopping 20% of all corporate networks, according to Checkpoint. It's currently used for advertising and tracking purposes, but does allow for code execution. Strangely enough it's being run by a company, a Chinese digital marketing agency called Rafotech.
Google added some nice and welcome security features to Gmail, including early phishing detection (powered by machine learning), click-warnings for malicious links and unintended external reply warnings.
Both parties will integrate some of each other's applications and services into their own. Their respective threat analysis teams, IBM X-Force and Cisco Talos, will also work more closely together.
Researchers at Qualys discovered a vulnerability in sudo that can allow privilege escalation to root. Patches have been released.
They are supported by companies such as Stripe, Facebook and the Linux foundation, but want to raise funds from the public to ensure long-term stability and have clarity on their loyalty to people, not corporations.
Very interesting read on dissecting a PDF document with Visual Basic-based ransomware code in it.
Qualifying rounds will be held on June 17th and 18th, the final round will be in October. Last year 2,400 teams participated in the qualifications. First prize is $31,337.
Good overview of a set of tools that can help to detect insecure AWS settings.
Interesting article where Jeff Atwood (from Stack Overflow and Discourse) discusses securing data exports and passwords. He goes on an experiment to try and hack their own PBKDF2-based hashes. Hackernews discussion here.
Personal note: sponsorship
I'm thinking of adding the ability to sponsor an issue of the newsletter.
If you're interested give me a shout by replying to this e-mail. Thanks!