DevOps, Security, Cryptography

InfoSec Week 4, 2019

Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.

Posted

#Weekly-News

InfoSec Week 3, 2019

35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, 'Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.'

Posted

#Weekly-News

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.

Posted

#Weekly-News

InfoSec Week 1, 2019

Let's Encrypt recapitulated the last year in the operation of their ACME based certification authority, and summarized the challenges that they will work on in 2019. They intend to deploy multi-perspective validation, checking multiple distinct Autonomous Systems for domain validation, preventing potential BGP hijacks. They also plan to run own Certificate Transparency (CT) log.

Posted

#Weekly-News

InfoSec Week 52, 2018

The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.

Posted

#Weekly-News

InfoSec Week 51, 2018

Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly. They are using it to detect code statically-linked vulnerable library functions in executables.

Posted

#Weekly-News

InfoSec Week 50, 2018

According to the New York Times sources, Marriott customers' data were breached by Chinese hackers. Attribution is hard, especially when investigating government related hacks. We have to wait for more information.

Posted

#Weekly-News

InfoSec Week 49, 2018

Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview). The new WebAuthentication as implemented supports USB-based CTAP2 devices.

Posted

#Weekly-News