Here's a quiz to mark the one year anniversary of Meltdown and Spectre processor flaws.

Do you think you can crack the quiz, and claim prizes worth $100 and $50?

Computing GCD (Greatest Common Divisor) between 36 trillion pairs of keys should have taken years, but a team of researchers were able to break 12,934 keys it in a few hours on a single core.

Here’s how they did it →

New Banking malware apps found on Play Store use motion sensors to evade detection

Attackers are using Twitter and 's infrastructure as command-and-control server to communicate with the .

For example:

One of Medium’s official publications (Original):

Fake version:еncy-report

PS: Medium refused to consider it as an issue.

Since @Medium blogging platform allows its users to use look-a-like characters (Homograph attack) in the publication URLs, @ajdumanhug warned it's quite easy to spoof any publication, especially widely-read publications, and spread fake news or scams.

A really great introduction to WebAuthn API by @herrjemand, learn more about Credentials Management API and password-less authentications

Good... @Stanford University launches Bug Bounty Program

But → "in order to take part in this program, you must be a Stanford student (undergraduate/graduate), postdoc, or full-time benefits eligible employee."

DNSfs — A strategy (and tool) to store your files in DNS resolver caches

PS: Though it’s an year-old post, you may find it interesting.

Drupal has released updated versions 7, 8.5 and 8.6 of its CMS software to address two critical flaw

— flaw in the 3rd-party library “PEAR Archive_Tar” that uses

— PHP's built-in phar stream wrapper RCE flaw

Here's the official response from @Telegram team:

If you could break HTTPS...

"Our advice for anyone who breaks would be to head over to the nearest bank and transfer a few billion dollars of VC money to their private account."

WHAT? Isn't TLS f̶̷a̶̷s̶̷t̶̷ secure yet?

Isn't HTTPS protecting majority of the Internet, which is not e2e protected, and successful interception of which could even expose your login credential/cookies for any site?

OR, Did we miss something? 🤔

UEFI vulnerabilities classification (focused on BIOS implant delivery)

—  via @matrosov

Confusing Patch Management with Management Could Have Dire Results. Just ask Equifax! via @lastlineinc

Vulnerability Management = Policy + Awareness + Prioritization + "Patch Management" + Testing + Tweaking + Mitigation

Ukrainian Police BUSTED Two Separate Gangs of Cyber Criminals

• 4 Hackers, aged 26-30 years, for hacking Ukrainians and stealing 5 million Hryvnia

• 2 Hackers, aged 21-22 years, for disrupting Ukrainian sites with attacks

Unprotected "Oklahoma Securities Commission" Server Exposes a Massive 3 TB of Government Database Containing Millions of Sensitive Files Related to Years of Investigations

Leaked data also includes credentials for remote access to ODS workstations

Joomla releases version 3.9.2 of its software to patch some low-priority stored vulnerabilities, along with several bug fixes and improvements.


Problem→ Windows trusts all Installer (.MSI) files signed by a trusted developer even if attackers modify them to append any malicious JAR code

Solution→ @VirusTotal is working with @Microsoft to find better ways to detect such malformed files

Show more

A Mastodon instance for bots and bot allies.