Tag Android

InfoSec Week 38, 2018

Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.
https://puri.sm/posts/introducing-the-librem-key/

Google built a prototype of a censored search engine which should be used in China, that links users’ searches to their phone numbers.
https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/

According to a Swiss officials, two Russian spies caught in the Netherlands had been plotting a cyber attack on a Swiss defense lab analyzing the Novichok nerve agent used in the Salisbury poisoning.
https://www.nytimes.com/2018/09/14/world/europe/russians-salisbury-swiss-lab-sabotage.html

Citizen Lab has published a new report about the Pegasus spyware created by Israeli cyber-security firm NSO Group.
The malware is operating on both Android and iOS devices, and the researchers identified 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.
https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/

Hackers were running cryptocurrency mining malware on the Indian government sites.
https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/hackers-mined-a-fortune-from-indian-websites/articleshow/65836088.cms

Every day this week, Cloudflare is announcing support for a new technology that uses cryptography.
They have introduced Onion service, BGP PKI (RPKI), IPFS node. Essentially, we can call them an active global adversary now.
https://blog.cloudflare.com/crypto-week-2018/

The Western Digital My Cloud was affected by an authentication bypass vulnerability.
An unauthenticated attacker could exploit this vulnerability to authenticate as an admin user without needing to provide a password.
https://securify.nl/en/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html

NSS Labs filed an antitrust suit against CrowdStrike, Symantec, ESET and the Anti-Malware Testing Standards Organization (AMTSO), because they found out that the "vendors have conspired to prevent testing of their products by placing clauses in their end user licensing agreements (EULA) that make testing of their products subject to their permission."
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/

The new Necurs botnet spam campaign targets Banks with the malicious Wizard (.wiz) files used by Microsoft programs such as Word to guide users through complex or repetitive tasks.
https://blog.barkly.com/wiz-file-malware-necurs-campaign

Informative blog by the LineageOS engineers covering Qualcomm bootloader chain of trust to the point of Android OS being loaded.
https://lineageos.org/engineering/Qualcomm-Firmware/

GnuPG can now be used to perform notarial acts in the State of Washington.
https://lists.gnupg.org/pipermail/gnupg-users/2018-September/060987.html

A new CSS-based web attack will crash and restart your iPhone.
https://techcrunch.com/2018/09/15/a-new-css-based-web-attack-will-crash-and-restart-your-iphone/

Interesting project - SlotBot: Hacking slot machines to win the jackpot with a buttonhole camera and brute-force search.
https://github.com/tensor8/hacking_slot_machines

InfoSec Week 35, 2018

Google started selling their Titan Security Key bundle that support FIDO standards for secure authentication. They have written the firmware by themselves, but the price should be lower for this kind of hardware.
https://store.google.com/us/product/titan_security_key_kit

Interesting three month research on hacking Australian law firms by registering expired domain names. Thousands of emails received with sensitive material.
https://medium.com/@gszathmari/hacking-law-firms-abandoned-domain-name-attack-560979e0b774

Researchers systematically retrieved 3500 AT controlling commands from over 2000 Android smartphone firmware images across 11 vendors and "demonstrated that the AT command interface contains an alarming amount of unconstrained functionality and represents a broad attack surface on Android devices."
https://atcommands.org/

Fortnite Installer created by Epic Games allowed to install anything on the customer Android phone. An Epic security engineer requested Google to delay public disclosure for the 90 days period, to allow time for the update, but Google refused.
https://m.androidcentral.com/epic-games-first-fortnite-installer-allowed-hackers-download-install-silently

US T-Mobile Database was breached, 2 millions of customers' data exposed.
https://www.databreachtoday.com/t-mobile-database-breach-exposes-2-million-customers-data-a-11420

Ars Technica published a good introductory review of the WireGuard next generation VPN software.
https://arstechnica.com/gadgets/2018/08/wireguard-vpn-review-fast-connections-amaze-but-windows-support-needs-to-happen/

WhatsApp has warned users that by using a free backup service offered by Google, messages will no longer be protected by end-to-end encryption.
https://www.zdnet.com/article/whatsapp-warns-free-google-drive-backups-are-not-encrypted/

Assured researchers published an article which provides a brief overview of the new TLS 1.3.
https://assured.se/2018/08/29/tls-1-3-in-a-nut-shell/

If you wanted to know how to use PGP in an organization of 200 people, read this blog about OpenPGP key distribution.
They are now turning the lessons learned into an Internet standard.
https://tech.firstlook.media/keylist-rfc-explainer

Mozilla Firefox 62 and newer support a new TLS API for WebExtensions.
There is now a certificate viewer leveraging new API called Certainly Something (Certificate Viewer).
https://addons.mozilla.org/en-US/firefox/addon/certainly-something/

In-depth blog spot by voidsecurity about the VirtualBox code execution vulnerability.
https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html

Mark Ermolov and Maxim Goryachy researchers have published a detailed walk-through for accessing an Intel's Management Engine (IME) JTAG feature, which provides debugging access to the processor.
https://github.com/ptresearch/IntelTXE-POC

InfoSec Week 32, 2018

A Comcast security flaws exposed more than 26 millions of customers’ personal information. Basically, an attacker could spoof IP address using "X-forwarded-for" header on a Comcast login page and reveal the customer’s location.
https://www.buzzfeednews.com/article/nicolenguyen/a-comcast-security-flaw-exposed-millions-of-customers

According to the Check Point Research, more than 150k computers are infected with the new variant of Ramnit botnet named Black. Botnet install second stage malware with the proxy functionality.
https://research.checkpoint.com/ramnits-network-proxy-servers/

Malware infected Apple chip maker Taiwan Semiconductor Manufacturing. All of their factories were shut down last week, but they had already recovered from the attack.
https://www.bloomberg.com/news/articles/2018-08-04/tsmc-takes-emergency-steps-as-operations-hit-by-computer-virus

A flaw in the Linux kernel may cause a remote denial of service [CVE-2018-5390]. Attack require less than 2 Kbps of traffic.
https://access.redhat.com/articles/3553061

GDPR and other cookie consent scripts are used to distribute malware.
https://blog.sucuri.net/2018/08/cookie-consent-script-used-to-distribute-malware.html

Interesting blog on how criminals in Iran make money by creating Android malware apps.
https://blog.certfa.com/posts/pushiran-dl-malware-family/

Let's Encrypt root CA certificate is now trusted by all major root programs. They were dependent on a cross-signing on some systems, so this is great news!
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html

There is a really effective new attack on WPA PSK (Pre-Shared Key) passwords. Attackers can ask Access Point for the data required for offline cracking, no client traffic sniffing is needed anymore.
https://hashcat.net/forum/thread-7717.html

Innovative new research on a software implementation hardening was published with the name "Chaff Bugs: Deterring Attackers by Making Software Buggier".
The idea is simple, introduce a large number of non-exploitable bugs in the program which makes the bug discovery and exploit creation significantly harder.
https://arxiv.org/abs/1808.00659

Researchers from the University of Milan published padding oracle attack against Telegram Passport.
Don't roll your own cryptography schemes if other people depend on it...
https://pequalsnp-team.github.io/writeups/analisys_telegram_passport

A Handshake is a new experimental peer-to-peer root DNS. They have published resolver source code and have test network up and running. Looks like really promising project.
https://handshake.org/

InfoSec Week 29, 2018

The academics have mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The novel part is that they are using real map data to generate plausible malicious instructions.
https://www.bleepingcomputer.com/news/security/researchers-mount-successful-gps-spoofing-attack-against-road-navigation-systems/

Folks from Cloudflare, Mozilla, Fastly, and Apple during a hackaton implemented Encrypted Server Name Indication (SNI). There are implementations in BoringSSL, NSS and picotls.
https://twitter.com/grittygrease/status/1018566026320019457

Good insight on how credit card thieves use free-to-play apps to steal and launder money from the credit cards.
https://kromtech.com/blog/security-center/digital-laundry

Chromium recently introduced Cross-Origin Read Blocking (CORB) that helps mitigate the threat of side-channel attacks (including Spectre).
https://www.chromium.org/Home/chromium-security/corb-for-developers

For anybody interested in reverse engineering, nice write up about the Smoke Loader malware bot unpacking mechanism and communication with the C&C.
https://www.cert.pl/en/news/single/dissecting-smoke-loader/

A research on how to bypass memory scanners using Cobalt Strike’s beacon payload and the gargoyle memory scanning evasion technique.
https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/

Eset researchers analyzed ongoing espionage campaign against the Ukrainian government institutions.
https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf

The intercept summarized what the public has learned about Russian and U.S. spycraft from the Special Counsel Robert Mueller’s indictment of hackers.
https://theintercept.com/2018/07/18/mueller-indictment-russian-hackers/

Security researchers have uncovered a highly targeted mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

There is an exploit for Ubuntu Linux (up to 4.17.4) where other users coredumps can be read via setgid directory and killpriv bypass.
https://www.exploit-db.com/exploits/45033/

InfoSec Week 24, 2018

Yet another high severity attack against the Intel CPUs. Unpatched systems can leak SIMD, FP register state between privilege levels. These registers are used for private keys nowadays.
The cost of a patch is more expensive context switches because the fix has to unload and reload all SIMD, FP state.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

The team behind the CopperheadOS, hardened Google-free Android fork, has imploded. Guys, CEO and CTO (main and probably the only developer) are blaming each other.
https://twitter.com/DanielMicay/status/1006299769214562305

Chromium devs are planning to enforce TLS protocol invariants by rolling new TLS 1.3 versions every six weeks.
According to the developers: "Every six weeks, we would randomly pick a new code point. These versions will otherwise be identical to TLS 1.3, save maybe minor details to separate keys and exercise allowed syntax changes. The goal is to pave the way for future versions of TLS by simulating them (“draft negative one”)."
https://www.ietf.org/mail-archive/web/tls/current/msg26385.html

The Kromtech Security Center found 17 malicious docker images stored on Docker Hub for an entire year. With more than 5 million pulls, containers were primarily used to mine cryptocurrency.
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers

At least 74 persons, mostly Nigerians, were arrested due to crimes related to the business e-mail compromise schemes.
https://garwarner.blogspot.com/2018/06/74-mostly-nigerians-arrested-in.html

Good summary of the existing inter-service authentication schemes. Bearer, hmac based tokens etc.
https://latacora.singles/2018/06/12/a-childs-garden.html

There is an Ancient "su - hostile" vulnerability in Debian 8 & 9. Doing "su - hostile" may lead to the root privilege escalation. Default sudo -u probably is affected too.
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/

There is a critical command injection vulnerability in the macaddress NPM package.
https://nodesecurity.io/advisories/654

Blog about the crafting remote code execution via server-side spreadsheet injection.
https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/

An implementation flaw in multiple cryptographic libraries allows a side-channel based attacker to recover ECDSA or DSA private keys. Lots of libraries affected, like LibreSSL, Mozilla NSS, OpenSSL, etc.
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

InfoSec Week 22, 2018

Google Pixel 2 devices implement insider attack resistance in the tamper-resistant hardware security module that guards the encryption keys for user data.
It is not possible to upgrade the firmware that checks the user's password unless you present the correct user password.
https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html

Avast Threat Labs analyzed malware pre-installed on a thousands of Android devices. More than 18000 users of Avast already had this adware in a device. Cheap smartphones are primarily affected.
https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Great blog post about the USB reverse engineering tools and practices by the Glenn 'devalias' Grant.
http://devalias.net/devalias/2018/05/13/usb-reverse-engineering-down-the-rabbit-hole/

FBI advice router users to reboot devices in order to remove VPNFilter malware infecting 500k devices.
https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

If you didn't hear about the recent arbitrary code execution vulnerability in git software (CVE 2018-11234, CVE 2018-11235), there is a high level summary on the Microsoft DevOps blog.
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/

The white hat hacker received $25000 bug bounty for getting root access on all Shopify instances by leveraging Server Side Request Forgery (SSRF) attack.
https://hackerone.com/reports/341876

Attacking browsers by site-channel attacks using CSS3 features. The guys demonstrated how to deanonymize website visitors and more.
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/

The Underhanded Crypto Contest for 2018 started, the topic has two categories: Backdooring messaging systems & Deceptive APIs. If you want to write some backdoor to the cryptographic implementation bud you do not harm anybody, this is a good opportunity.
https://underhandedcrypto.com/2018/05/27/rules-for-the-2018-underhanded-crypto-contest/

Article about the new threat model and potential mitigations for the Chrome browser against the Spectre like vulnerabilities.
https://chromium.googlesource.com/chromium/src/+/master/docs/security/side-channel-threat-model.md

New article by the Intercept about the Google military drone AI contract. They want to make fortune on an image recognition.
https://theintercept.com/2018/05/31/google-leaked-emails-drone-ai-pentagon-lucrative/

Codechain - secure multiparty code reviews with signatures and hash chains.
According to the author, Codechain is not about making sure the code you execute is right, but making sure you execute the right code.
https://github.com/frankbraun/codechain

InfoSec Week 21, 2018

500,000 routers in more than 50 countries are infected with the malware targeting routers. Primarily home devices like Linksys, MikroTik, NETGEAR and TP-Link.
Cisco's Talos Security attributed malware to the future Russian cyber operations against the Ukraine. The US FBI agents seize control of the botnet.
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet

The Internet Archive's Wayback Machine is deleting evidence on the malware sellers. They have removed from their archive a webpage of a Thailand-based firm FlexiSpy, which offers desktop and mobile malware.
https://motherboard.vice.com/en_us/article/nekzzq/wayback-machine-deleting-evidence-flexispy

According to the McAfee team, North Korean threat actor Sun Team is targeting defectors using the malicious Android applications on Google Play.
https://securingtomorrow.mcafee.com/mcafee-labs/malware-on-google-play-targets-north-korean-defectors/

Don't use sha256crypt & sha512crypt primitives as shipped with GNU/Linux, they're leaking information about the password via time duration of a hashing operation.
Not critical vulnerability, but good to know.
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/

The Intercept published an interesting article about the Japanese signals intelligence agency, based on Snowden's leaks.
https://theintercept.com/2018/05/19/japan-dfs-surveillance-agency/

The US FBI repeatedly overstated encryption threat figures to Congress and the public.
https://www.washingtonpost.com/world/national-security/fbi-repeatedly-overstated-encryption-threat-figures-to-congress-public/2018/05/22/5b68ae90-5dce-11e8-a4a4-c070ef53f315_story.html

The US internet provider Comcast was leaking the usernames and passwords of customers’ wireless routers to anyone with the valid subscriber’s account number and street address number.
https://techcrunch.com/2018/05/21/comcast-is-leaking-the-names-and-passwords-of-customers-wireless-routers/

Amazon is pitching their facial recognition technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos.
https://www.nytimes.com/2018/05/22/technology/amazon-facial-recognition.html

Great blog about the SMS binary payloads and how SMS is weakening mobile security for years.
https://www.contextis.com/blog/binary-sms-the-old-backdoor-to-your-new-thing

Researchers from the Eclypsium found a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. They have even published Proof-of-concept.
https://blog.eclypsium.com/2018/05/17/system-management-mode-speculative-execution-attacks/

InfoSec Week 20, 2018

Major (probably not only) US cell carriers are selling access to the real-time phone location data.
Because, you know the Electronic Communications Privacy Act only restricts telecommunication companies from disclosing data to the government, it doesn't restrict disclosure to other companies. Which can resell back to the gov. Hacker News discussion on a topic is quite informative.
https://www.zdnet.com/article/us-cell-carriers-selling-access-to-real-time-location-data/
https://news.ycombinator.com/item?id=17081684

Guardian wrote that according to the Oracle findings, Android devices send detailed information on searches, what is being viewed and also precise locations to the Google. Even if location services are turned off and the smartphone does not have a Sim card or application installed.
https://www.theguardian.com/technology/2018/may/14/australian-regulator-investigates-google-data-harvesting-from-android-phones

A new report details a widespread campaign targeting several Turkish activists and protesters by their government, using the government malware made by FinFisher.
https://motherboard.vice.com/en_us/article/wjb8g5/finfisher-turkey-twitter-spyware

A new set of vulnerabilities affecting users of PGP and S/MIME were published. The main problem lies in how email clients handle the output of the encryption tool, the protocol itself is not vulnerable, GnuPG should be fine.
https://efail.de/
https://www.benthamsgaze.org/2018/05/15/tampering-with-openpgp-digitally-signed-messages-by-exploiting-multi-part-messages/
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html

Cryptocurrency mining malware was found in the Ubuntu Snap Store.
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store

Essential reading on how spies are able to shape narrative of a journalistic pieces by document leaking.
https://www.nytimes.com/2018/05/12/sunday-review/when-spies-hack-journalism.html

The US media has learned the identity of the prime suspect in the Vault7 WikiLeaks CIA breach. Should be a 29-year-old former C.I.A. software engineer, government malware writer.
https://www.nytimes.com/2018/05/15/us/cia-hacking-tools-leak.html

Great blog post about math behind and existing implementations of the homomorphic encryption.
https://blog.n1analytics.com/homomorphic-encryption-illustrated-primer/

There is an article about the common encryption workarounds in the criminal investigations written by Orin S. Kerr and Bruce Schneier.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033

Sunder is a new desktop application for dividing access to secret information between multiple participants using Shamir's secret sharing method.
https://freedom.press/news/meet-sunder-new-way-share-secrets/

DARKSURGEON is a Windows packer project to empower incident response, malware analysis, and network defense.
https://medium.com/@cryps1s/darksurgeon-a-windows-10-packer-project-for-defenders-1a57759856b6

InfoSec Week 16, 2018

Google disables domain fronting capability in their App Engine, which was used to evade censorship. What a fortunate timing.
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/

Bloomberg published article on how Palantir is using the War on Terror tools to track American citizens.
https://www.bloomberg.com/features/2018-palantir-peter-thiel/

Third-party javascript trackers are actively exfiltrating personal identifiers from websites which uses "login with Facebook" button and other such social login APIs.
https://freedom-to-tinker.com/2018/04/18/no-boundaries-for-facebook-data-third-party-trackers-abuse-facebook-login/

The U.S. and the UK blame Russia for a campaign of hacks into routers, switches and other connected infrastructure.
https://www.forbes.com/sites/thomasbrewster/2018/04/16/russia-accused-of-hacking-network-infrastructure/

One of the people charged for the Reveton ransomware trojan was actually working as a Microsoft network engineer.
https://www.bleepingcomputer.com/news/security/microsoft-engineer-charged-in-reveton-ransomware-case/

Intel processors now allow antivirus (mostly Microsoft right now) to Use built-in GPUs for in-memory malware scanning.
https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

Avast shared CCleaner breach timeline. They were infiltrated via TeamViewer. More than 2.3 million users, 40 companies infected.
https://blog.avast.com/update-ccleaner-attackers-entered-via-teamviewer

Nice blog post about the quantum resistant hash-based signature schemes. No public key cryptography.
https://blog.cryptographyengineering.com/2018/04/07/hash-based-signatures-an-illustrated-primer/

New Android P enables users to change default DNS server, it will also support DNS over TLS.
https://www.androidpolice.com/2018/04/14/google-explains-new-private-dns-setting-android-p/

There is a new web standard for authentication, designed to replace password login method with the public key cryptography and biometrics.
https://www.w3.org/TR/2018/CR-webauthn-20180320/

OpenSSL is vulnerable to a cache timing vulnerability in RSA Key Generation (CVE-2018-0737).
Could be theoretically exploited by some hypervisor, but they have decided not to release emergency fix.
https://mta.openssl.org/pipermail/openssl-announce/2018-April/000122.html

The Endgame has released Ember (Endgame Malware BEnchmark for Research), an open source collection of 1.1 million portable executable file metadata & derived features from the PE files, hashes and a benchmark model trained on those features.
https://github.com/endgameinc/ember

InfoSec Week 13, 2018

The city of Atlanta government has become the victim of a ransomware attack. The ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees were told to turn off their computers.
https://arstechnica.com/information-technology/2018/03/atlanta-city-government-systems-down-due-to-ransomware-attack/

The academic researchers have discovered a new side-channel attack method called BranchScope that can be launched against devices with Intel processors and demonstrated it against an SGX enclave. The patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf

Good insight into the ransomware business and how it operates, how it transfers Bitcoin funds, with data gathered over a period of two years.
The paper is named "Tracking Ransomware End-to-end"
https://www.elie.net/static/files/tracking-ransomware-end-to-end/tracking-ransomware-end-to-end.pdf

Mozilla has created a Facebook Container extension for Firefox, which should enable users to protect their online habits by sandboxing Facebook webpage.
https://blog.mozilla.org/firefox/facebook-container-extension/

Interesting article about the North Korean army of hackers operating abroad with the mission to earn money by any means necessary.
https://www.bloomberg.com/news/features/2018-02-07/inside-kim-jong-un-s-hacker-army

Unified logs in the MacOS High Sierra (up to 10.13.3) show the plain text password for APFS encrypted external volumes via disk utility application.
https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp

SophosLabs researchers analyzed a new Android malware which is pretending to he a legitimate QR reader application, but actually is monetizing users by showing them a flood of full-screen advertisements. More than 500k apps were installed.
https://nakedsecurity.sophos.com/2018/03/23/crooks-infiltrate-google-play-with-malware-lurking-in-qr-reading-utilities/

Brian Krebs analyzed the social network behind the recently famous Coinhive javascript cryptocurrency mining business.
https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

CloudFlare published a Merkle Town dashboard, Certificate Transparency logs visualization tool.
https://blog.cloudflare.com/a-tour-through-merkle-town-cloudflares-ct-ecosystem-dashboard/

Facebook is tracking users' phone call information via their Android Messenger application.
https://twitter.com/i/web/status/977325434030428160

There are multiple critical vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

New version (4.0) of the most secure operating system on the planet - Qubes OS was released.
https://www.qubes-os.org/news/2018/03/28/qubes-40/


Page 1 / 4