Broadcom Wi-fi chip vulnerability allows for remote code execution. iOS and Android devices vulnerable.
The vulnerability has been dubbed 'Broadpwn' and requires no user interaction. Android released a patch last week. It's unclear what the status is on iOS.
Making Let's Encrypt even more awesome. They'll depend on DNS validation, but they're looking into additional validation methods.
They were found in an insecure S3 bucket, held by a third-party partner of Verizon called NICE Systems. Verizon tried to down-play it, but the data did hold PIN numbers to people's accounts, which attackers can use to hijack 2fa.
Updating time. A total of 54 vulnerabilities, of which 19 were critical. Interestingly, one of those was for the Hololens, which was vulnerable to remode code execution through specially crafted Wi-fi packets.
You can also see which apps already have access to Drive, Calendar, etc, and for how many users. If you're responsible for a GSuite environment be sure to take a look.
Very interesting white-paper by Malwarebytes on what exploits and malware were most active and prevalent in the last quarter. If you want to get familiar with the names and relationships of all current malware, this is the document to read.
Check Point researchers released their findings on the CopyCat malware. At it's peak last year it had infected 14 million Android devices and rooted 8 million of them.
Using ads and fake app installs it generated around $1.5 million in revenue for the malware authors.
Matthew Bryant writes how he was able to hijack the .io TLD. Some domains where listed as nameservers but weren't actually registered.
Interesting write-up on, among other things, by whom a CVE number (the designation that new vulnerabilities get) is actually assigned.
Apparently not new, but I hadn't heard about it yet and quite love the idea :)
To deflect script-kiddy scanners, create a 10gig text file, gzip it, and serve it as an HTTP response. The tool or browser on the other end unzips it and probably crashes.
A long list of tools for vulnerability scanning, monitoring, intrusion detection, and much more.
It's a scene out of Castle. I ran across this on a random Youtube stroll and couldn't stop laughing.
Weekly e-mail that filters through news and tools in Amazon's cloud ecosystem (and then makes fun of it ^^) It's always an entertaining read. Check it out!