Airbnb open-sources malware scanning framework. AWS releases data monitoring service. One vulnerability affects Git, Mercurial and SVN.  

News

Airbnb open-sources BinaryAlert, a serverless, real-time framework for detecting malicious files

Looks pretty awesome. It's built on AWS and uses YARA to pattern-match all files against known threats.

medium.com

New AWS service Macie uses machine learning to guard s3 data

It looks at data coming in and out and reports anomalies. It also detects and reports certain data types like addresses and social security numbers. The Amazon blog has a walkthrough post of the service.

techcrunch.com

Vulnerabilities found in Git, Mercurial and SVN

An interesting vulnerability was found in all three versioning systems, where by cloning a certain repository URL could lead to command execution. All have been patched.

recurity-labs.com

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

He's allowed back online and will soon get his devices back, but is on house arrest and needs to wear a GPS tracker.

grahamcluley.com

Google adds anti-phishing warning to iOS Gmail app

This was previously rolled out to Android too. When a user clicks a suspicious link they get a pop-up. Links that are known to be malicious get a more stern warning.

googleblog.com

Air Force first bug bounty program wrap-up

Over the course of 25 days a total of 272 vulnerabilities were found and over $130.000 will be awarded. The top earning position is held by a 17-year old hacker, kudos!

hackerone.com

Hundreds of 'smart' locks bricked by faulty remote update

These are often used by AirBnb hosts. Over-the-air updates are always a tricky business.

grahamcluley.com

Estonia's digital policies are ahead of much of the Western world

Nice article on how Estonia got started as the 'digital pioneer' by having been the center of software and hardware for the USSR, and how they set up their citizen data framework called X-road.

qz.com

Israeli online attack service ‘vDOS’ earned $600,000 in two years

Great article by Brian Krebs with an in-depth look of how the DDoS-for-hire service operated, how it did customer support, and how it got hacked, leaking information on its customers.

krebsonsecurity.com

Why SPF alone will not protect you, and what DMARC does

Since I feel that way too few people know about SPF, DMARC (and for that matter, DKIM), I thought I'd share this short and clear article on what SPF and DMARC do.

valimail.com

A practical guide to securing macOS

A -very- in-depth guide on how to secure your Mac. Worth checking out.

oss.io

No spam, ever. We'll never share your email address and you can opt out at any time.