Issue 54

Andromeda botnet dismantled in international operation

The FBI, Europol, Microsoft and others worked together to take down the Andromeda botnet, which served about 80 malware species to an average of 1 million machines per month. Someone suspected of running the botnet was also arrested in Belarus.


EU sponsors bug bounty program for VLC Media Player

It's part of an initiative to bolster the security of open-source projects used by EU institutions. Apache HTTP Server and Keepass were previous beneficiaries. The project is hosted on HackerOne and has a total budget of €60.000.


WhatsApp now supports two-step verification

When turned on, it will ask for a passcode. You can optionally enter an e-mail address in case you forget your passcode.


Russia wants to launch backup DNS system by August 1, 2018

They critize the fact that the US has too much control over the current DNS system, fearing that it gives them a big edge on cyber warfare.


Personal data of 31 million AI.type keyboard app users exposed online

Not only were they negligent in security, as all data was exposed due to a misconfigured MongoDB instance, but it also seems they were collecting much more information than strictly needed.


TIO Networks breached; personal data of 1.6 million users impacted

TIO is a company that runs utility and bill payment kiosks in North America. The company is owned by Paypal, but their data is separate from Paypal's.


111GB of personal information in public s3 bucket of a US credit repair company

Another week, another s3 bucket. This time with personal information on tens of thousands of people, including driver’s license and Social Security card images, financial reports, and more.


Blockchain Graveyard: list of cryptocurrency-related breaches

Currently the ticker is at 45 incidents. The creator also conveniently breaks down the root causes of the incidents.


Update all the things \o/

  • Apple released a bunch of updates, including one for MacOS that permanently fixes the IAmRoot bug: link
  • Google released updates to Android, fixing 47 vulnerabilities of which 10 are rated high, and shipped a separate patch for Pixel and Nexus phones for a vulnerability there: link
  • Cisco patched several vulnerabilities in its WebEx suite: link
  • HP released firmware patches for its enterprise printers to fix a remote code execution flaw: link
  • Two critical vulnerabilities were found and patches in the RSA authentication agent and SDK: link


Humble Book Bundle: Network & Security Certification

For those interested, another great Humble Bundle for books on networks and security. Paying $15 (or more) gives you 13 books!

Personal note: started a Hackernews newsletter

This one sends you a daily e-mail with all HN articles over x points.
Feel free to subscribe if that sounds handy :-)

Dieter Van der Stock


Is your website hackable?

Use the dead accurate Netsparker web application security scanner to do the work for you, including eliminating false positives.