MEGA.nz Chrome extension compromised. Thousands of MicroTik routers being targeted.  

News

Breaches and leaks

  • Mortal Online: an MMORPG which had 570.000 user accounts stolen from their servers. The passwords were hashed with md5.
  • Family Orbit: another in a line of "family spyware", this one a "parental control app to protect your kids". A total of 281GB of pictures and video was publicly exposed.
Dieter Van der Stock

MEGA.nz Chrome extension temporarily compromised

It was replaced with a version that stole usernames, passwords and private keys for cryptocurrencies. A few hours later Mega uploaded a fixed version. No word on how the compromise happened that I can see.

zdnet.com

Thousands of MikroTik routers hijacked for eavesdropping

More than 7.500 of these carrier-grade routers are forwarding all their traffic to the attackers for eavesdropping, and a whopping 239.000 more have had their Socks4 proxy enabled.

threatpost.com

Public IP addresses of many Tor sites exposed via SSL certificates

A researcher warns that many Tor webservers aren't configured to only listen to 127.0.0.1, as they should be if they want to stay anonymous.

bleepingcomputer.com

Firefox announces more thorough anti-tracking

They'll block slow-loading trackers, cross-site trackers, fingerprinting practices and cryptominers.

mozilla.org

Wireshark can be crashed via malicious packet trace files

Never realised Wireshark itself could be a vector for compromise :-)

helpnetsecurity.com

List of AWS security tools

Good list of AWS security tools, categorised by offensive, defensive, development, and others.

blyx.com

GitHub - maestron/botnets

A collection of source code for various botnets. Makes for interesting perusing.

github.com

Hacking a Prince, an Emir and a journalist to impress a client

Interesting article by the NY Times that digs deeper in the lawsuits against the NSO Group, the Israeli company that sells the advanced Pegasus spyware to governments.

nytimes.com

Sponsorships

Is your website hackable?

Automatically identify cross-site scripting, SQL injection and other vulnerabilities in your web applications before malicious attackers find and exploit them. Use the dead accurate Netsparker web application security scanner to generate accurate reports.

netsparker.com

1Password for Teams and Business

Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.