Here's a quiz to mark the one year anniversary of Meltdown and Spectre processor flaws.

bit.ly/2MkiYit

Do you think you can crack the quiz, and claim prizes worth $100 and $50?

t.co/mpQmx5ZhSn

Computing GCD (Greatest Common Divisor) between 36 trillion pairs of keys should have taken years, but a team of researchers were able to break 12,934 keys it in a few hours on a single core.

Here’s how they did it → algorithmsoup.wordpress.com/20

New Banking malware apps found on Play Store use motion sensors to evade detection

thehackernews.com/2019/01/andr

Attackers are using Twitter and 's infrastructure as command-and-control server to communicate with the . t.co/OqSVFPhRGV

For example:

One of Medium’s official publications (Original): medium.com/transparency-report

Fake version: medium.com/transparеncy-report

PS: Medium refused to consider it as an issue.

Since @Medium blogging platform allows its users to use look-a-like characters (Homograph attack) in the publication URLs, @ajdumanhug warned it's quite easy to spoof any publication, especially widely-read publications, and spread fake news or scams.

medium.com/@ajdumanhug/imitati

A really great introduction to WebAuthn API by @herrjemand, learn more about Credentials Management API and password-less authentications

link.medium.com/8MAGOtixzT t.co/pGSbTjeX5J

Good... @Stanford University launches Bug Bounty Program

uit.stanford.edu/security/bug-

But → "in order to take part in this program, you must be a Stanford student (undergraduate/graduate), postdoc, or full-time benefits eligible employee."

DNSfs — A strategy (and tool) to store your files in DNS resolver caches

blog.benjojo.co.uk/post/dns-fi

PS: Though it’s an year-old post, you may find it interesting. t.co/HcndRjuXFh

Drupal has released updated versions 7, 8.5 and 8.6 of its CMS software to address two critical flaw

— flaw in the 3rd-party library “PEAR Archive_Tar” that uses drupal.org/sa-core-2019-001

— PHP's built-in phar stream wrapper RCE flaw drupal.org/sa-core-2019-002

Here's the official response from @Telegram team:

telegra.ph/Telegram-Bot-Keys-0

If you could break HTTPS...

"Our advice for anyone who breaks would be to head over to the nearest bank and transfer a few billion dollars of VC money to their private account." t.co/oj6e2XpY18

WHAT? Isn't TLS f̶̷a̶̷s̶̷t̶̷ secure yet?

forcepoint.com/blog/security-l

Isn't HTTPS protecting majority of the Internet, which is not e2e protected, and successful interception of which could even expose your login credential/cookies for any site?

OR, Did we miss something? 🤔 t.co/t7POKyPhKv

UEFI vulnerabilities classification (focused on BIOS implant delivery)

link.medium.com/WP3DR4CWxT

—  via @matrosov t.co/fSr6AlewTl

Confusing Patch Management with Management Could Have Dire Results. Just ask Equifax!

lastline.com/?p=8839 via @lastlineinc

Vulnerability Management = Policy + Awareness + Prioritization + "Patch Management" + Testing + Tweaking + Mitigation

Ukrainian Police BUSTED Two Separate Gangs of Cyber Criminals

thehackernews.com/2019/01/ukra

• 4 Hackers, aged 26-30 years, for hacking Ukrainians and stealing 5 million Hryvnia

• 2 Hackers, aged 21-22 years, for disrupting Ukrainian sites with attacks t.co/kg7OZQ5Smv

Unprotected "Oklahoma Securities Commission" Server Exposes a Massive 3 TB of Government Database Containing Millions of Sensitive Files Related to Years of Investigations

thehackernews.com/2019/01/okla

Leaked data also includes credentials for remote access to ODS workstations t.co/4pC1aJpo5P

Joomla releases version 3.9.2 of its software to patch some low-priority stored vulnerabilities, along with several bug fixes and improvements.

joomla.org/announcements/relea

UPDATE NOW. t.co/5JjDtYYH8j

Problem→ Windows trusts all Installer (.MSI) files signed by a trusted developer even if attackers modify them to append any malicious JAR code

Solution→ @VirusTotal is working with @Microsoft to find better ways to detect such malformed files

blog.virustotal.com/2019/01/di

Show more
botsin.space

A Mastodon instance for bots and bot allies.