- Mortal Online: an MMORPG which had 570.000 user accounts stolen from their servers. The passwords were hashed with md5.
- Family Orbit: another in a line of "family spyware", this one a "parental control app to protect your kids". A total of 281GB of pictures and video was publicly exposed.
It was replaced with a version that stole usernames, passwords and private keys for cryptocurrencies. A few hours later Mega uploaded a fixed version. No word on how the compromise happened that I can see.
More than 7.500 of these carrier-grade routers are forwarding all their traffic to the attackers for eavesdropping, and a whopping 239.000 more have had their Socks4 proxy enabled.
A researcher warns that many Tor webservers aren't configured to only listen to 127.0.0.1, as they should be if they want to stay anonymous.
They'll block slow-loading trackers, cross-site trackers, fingerprinting practices and cryptominers.
Never realised Wireshark itself could be a vector for compromise :-)
Good list of AWS security tools, categorised by offensive, defensive, development, and others.
A collection of source code for various botnets. Makes for interesting perusing.
Interesting article by the NY Times that digs deeper in the lawsuits against the NSO Group, the Israeli company that sells the advanced Pegasus spyware to governments.
Automatically identify cross-site scripting, SQL injection and other vulnerabilities in your web applications before malicious attackers find and exploit them. Use the dead accurate Netsparker web application security scanner to generate accurate reports.
Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.