malgregator

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.

Posted Jan 11, 2019

#Weekly-News

InfoSec Week 1, 2019

Let's Encrypt recapitulated the last year in the operation of their ACME based certification authority, and summarized the challenges that they will work on in 2019. They intend to deploy multi-perspective validation, checking multiple distinct Autonomous Systems for domain validation, preventing potential BGP hijacks. They also plan to run own Certificate Transparency (CT) log.

Posted Jan 4, 2019

#Weekly-News

InfoSec Week 52, 2018

The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.

Posted Dec 28, 2018

#Weekly-News

InfoSec Week 51, 2018

Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly. They are using it to detect code statically-linked vulnerable library functions in executables.

Posted Dec 20, 2018

#Weekly-News

InfoSec Week 50, 2018

According to the New York Times sources, Marriott customers' data were breached by Chinese hackers. Attribution is hard, especially when investigating government related hacks. We have to wait for more information.

Posted Dec 14, 2018

#Weekly-News

InfoSec Week 49, 2018

Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview). The new WebAuthentication as implemented supports USB-based CTAP2 devices.

Posted Dec 7, 2018

#Weekly-News

InfoSec Week 48, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store. They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication.

Posted Nov 30, 2018

#Weekly-News

InfoSec Week 47, 2018

The German government-issued identity card (nPA) SDK had a critical security vulnerability allowing an attacker to impersonate arbitrary users against affected web applications.

Posted Nov 23, 2018

#Weekly-News

InfoSec Week 46, 2018

Researchers at the University of California have found that GPUs are vulnerable to side-channel attacks and demonstrated multiple types of attacks. After reverse engineering Nvidia GPU, researchers were able to steal rendered password box from a browser, sniffed other browser related data and also settings from the neural network computations on a GPU in the data center.

Posted Nov 16, 2018

#Weekly-News

InfoSec Week 45, 2018

A default VirtualBox virtual network device has a vulnerability allowing an attacker with root privilege to escape guest OS, execute commands in ring3 on a host. All operating systems affected.

Posted Nov 9, 2018

#Weekly-News

InfoSec Week 44, 2018

The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.

Posted Nov 2, 2018

#Weekly-News

InfoSec Week 43, 2018

A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!

Posted Oct 26, 2018

#Weekly-News