A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!
A massive ad fraud scheme involving more than 125 Android apps and websites exploited Android Phones to steal millions.
Literally, almost everybody is doing this scheme against the smartphone users these days.
Kaspersky Lab analyzed complex DarkPulsar backdoor administrative module for a malware leaked by the ShadowBrokers.
They have found around 50 victims located in Russia, Iran and Egypt, mostly companies working in the nuclear energy, telecommunications, IT, aerospace and R&D.
Haaretz investigation reveals Israel has become a leading exporter of tools for spying on civilians.
Dictators around the world use them eavesdrop on human rights activists, monitor emails, hack into apps and record conversations.
The consultancy firm McKinsey helping Saudi Arabia identify influential Saudis who opposed the government's line on Twitter.
Some of those individuals were later imprisoned & targeted with sophisticated spyware.
Companies building "Smart home" products refuse to say whether law enforcement is using their products to spy on citizens.
Mozilla announces experimental partnership with the ProtonVPN.
They will offer a virtual private network (VPN) service to a small group of Firefox users.
The UK grassroots internet provider is testing a data only SIM card that blocks any non-Tor traffic from leaving the phone.
That feeling when you can steal a Tesla by relay attack (or key cloning?), but you have to Google how to unplug the charger.
An insightful review of Android's secure backup practices published by NCC Group.
Endpoint security pioneer Joanna Rutkowska leaves Qubes OS, joins the Golem project.
Matthew Green wrote a post on password-based authenticated key exchange (PAKE )and the new OPAQUE protocol.
Quite useful techniques more people should know about.
Signal Desktop leaves message decryption key in the plain text.
Trail of Bits published a useful guide to the post-quantum cryptography.
Fraudsters are impersonating authors and publishing computer generated books so they can launder money via Amazon.
Crooks made over $3 million by installing cryptocurrency miners on Jenkins Servers by exploiting Java deserialization RCE vulnerability (CVE-2017-1000353) in the Jenkins.
Tesla's Kubernetes installed in the Amazon AWS infrastructure was compromised by hackers.They have set up private cryptocurrency mining pool there.
The co-founder of WhatsApp, Brian Acton, has given $50 millions to support Signal messenger and create a self-sustaining foundation. Very good news for this donation funded privacy technology.
Hackers are exploiting the CISCO ASA vulnerability (CVE-2018-0101) in attacks in the wild.
Security Researcher Troy Hunt published half a billion passwords collected and processed from various breaches. There is also API for this dataset, and some statistics about the password usage.
There is a critical vulnerability in Mi-Cam baby monitors that let attackers spy on infants. At least 52k users are affected.
Public key cryptography explained in the form of Ikea instructions. Check other images as well!