Issue 78

Malware called VPNFilter infects over 500.000 routers so far

It was discovered and reported on by Cisco. It has infected over 500.000 devices from Linksys, MikroTik, Netgear, TP-Link and QNAP. It can listen to traffic, fully brick the router in question, scan for SCADA systems and receive other payloads. It also survived reboots, however the FBI put a stop to that by seizing their C&C server.

Critical DHCP client vulnerability in Redhat and Fedora

The flaw is rated critical and allows for remote code execution. This article explains the vulnerability in more detail.

Google and Microsoft disclose new Spectre-like CPU flaw

It's called "Speculative Store Bypass", or Variant 4. Fixes are underway but are expected to slow down performance.

Chrome to remove “Secure” indicator from HTTPS pages in September

They'll instead only show something when the site is insecure rather than secure. First the 'secure' text will disappear, then the green padlock will be phased out.

Microsoft to block Flash, Shockwave and Silverlight in Office 365

Can't comment anything really except a slow clap. It only applies to Office 365 though, not Office 2016 and others.

Student receives $36,000 bug bounty for Google RCE flaw

The 18-year old student from Uruguay discovered a flaw giving him access to Google App Engine internals. He has a complete and awesome technical write-up here. Kudos!

BMW is working on firmware updates to fix 14 security issues

The issues were discovered during a year-long project by Chinese researchers, the same that previously discovered vulnerabilities in Tesla. They are complex to exploit but can be chained together to completely take over a vehicle.

Slack on integrating the Security Development Lifecycle (SDL)

They created (and open-sourced) a tool where PM's and devs can enter what they're about to make and receive a customised checklist of security and privacy related items. Reported security bugs went down as adoption went up. Pretty neat.

Web Developer Security Checklist

Very nice and thorough checklist of things to be mindful off when developing secure web applications.

What is the most sophisticated piece of software ever written? - Stuxnet

A nice little walk down memory lane where someone describes from start to finish what made Stuxnet, the worm that targeted Iran's nuclear facilities, so impressive.


A comprehensive guide to application-level denial of service

The availability of web applications is critical nowadays, more than ever. But it's also at risk because of very complex application-level denial of service attacks. Read this guide that highlights the different DoS techniques used so you know what to look for.

Manage and secure 10 Macs for free

Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure. If you sign up today you can manage 10 devices for free, and Fleetsmith's new zero-touch deployment allows you to ship devices without needing IT to set up WiFi and other apps.