Issue 93

Breaches and leaks

  • Mortal Online: an MMORPG which had 570.000 user accounts stolen from their servers. The passwords were hashed with md5.
  • Family Orbit: another in a line of "family spyware", this one a "parental control app to protect your kids". A total of 281GB of pictures and video was publicly exposed. Chrome extension temporarily compromised

It was replaced with a version that stole usernames, passwords and private keys for cryptocurrencies. A few hours later Mega uploaded a fixed version. No word on how the compromise happened that I can see.

Thousands of MikroTik routers hijacked for eavesdropping

More than 7.500 of these carrier-grade routers are forwarding all their traffic to the attackers for eavesdropping, and a whopping 239.000 more have had their Socks4 proxy enabled.

Public IP addresses of many Tor sites exposed via SSL certificates

A researcher warns that many Tor webservers aren't configured to only listen to, as they should be if they want to stay anonymous.

Firefox announces more thorough anti-tracking

They'll block slow-loading trackers, cross-site trackers, fingerprinting practices and cryptominers.

Wireshark can be crashed via malicious packet trace files

Never realised Wireshark itself could be a vector for compromise :-)

List of AWS security tools

Good list of AWS security tools, categorised by offensive, defensive, development, and others.

GitHub - maestron/botnets

A collection of source code for various botnets. Makes for interesting perusing.

Hacking a Prince, an Emir and a journalist to impress a client

Interesting article by the NY Times that digs deeper in the lawsuits against the NSO Group, the Israeli company that sells the advanced Pegasus spyware to governments.


Is your website hackable?

Automatically identify cross-site scripting, SQL injection and other vulnerabilities in your web applications before malicious attackers find and exploit them. Use the dead accurate Netsparker web application security scanner to generate accurate reports.

1Password for Teams and Business

Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.