Issue 38

Airbnb open-sources BinaryAlert, a serverless, real-time framework for detecting malicious files

Looks pretty awesome. It's built on AWS and uses YARA to pattern-match all files against known threats.

medium.com

 

New AWS service Macie uses machine learning to guard s3 data

It looks at data coming in and out and reports anomalies. It also detects and reports certain data types like addresses and social security numbers. The Amazon blog has a walkthrough post of the service.

techcrunch.com

 

Vulnerabilities found in Git, Mercurial and SVN

An interesting vulnerability was found in all three versioning systems, where by cloning a certain repository URL could lead to command execution. All have been patched.

recurity-labs.com

 

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

He's allowed back online and will soon get his devices back, but is on house arrest and needs to wear a GPS tracker.

grahamcluley.com

 

Google adds anti-phishing warning to iOS Gmail app

This was previously rolled out to Android too. When a user clicks a suspicious link they get a pop-up. Links that are known to be malicious get a more stern warning.

googleblog.com

 

Air Force first bug bounty program wrap-up

Over the course of 25 days a total of 272 vulnerabilities were found and over $130.000 will be awarded. The top earning position is held by a 17-year old hacker, kudos!

hackerone.com

 

Hundreds of 'smart' locks bricked by faulty remote update

These are often used by AirBnb hosts. Over-the-air updates are always a tricky business.

grahamcluley.com

 

Estonia's digital policies are ahead of much of the Western world

Nice article on how Estonia got started as the 'digital pioneer' by having been the center of software and hardware for the USSR, and how they set up their citizen data framework called X-road.

qz.com

 

Israeli online attack service ‘vDOS’ earned $600,000 in two years

Great article by Brian Krebs with an in-depth look of how the DDoS-for-hire service operated, how it did customer support, and how it got hacked, leaking information on its customers.

krebsonsecurity.com

 

Why SPF alone will not protect you, and what DMARC does

Since I feel that way too few people know about SPF, DMARC (and for that matter, DKIM), I thought I'd share this short and clear article on what SPF and DMARC do.

valimail.com

 

A practical guide to securing macOS

A -very- in-depth guide on how to secure your Mac. Worth checking out.

oss.io