35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, "Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output."
Multiple U.S. government websites SSL certificates have expired and some sites are inaccessible due to properly used HTTP Strict Transport Security.
There's nobody there to renew them due to a government shutdown.
Researchers found a new kind of Windows malware using encrypted messaging app Telegram to receive "encrypted" instructions. Nothing innovative with the malware sample, but what is really interesting is, that telegram messages are coupled with unique IDs and malware analysts from the Forcepoint Labs were able to retroactively scrape all the messages issued by the malware operator.
Not sure what kind of channel was used by the bot, but it looks really suspicious to be able to scrape old messages.
The researchers at the CanSecWest Vancouver conference will be able to participate in the annual Pwn2Own challenge. This year also in car hacking as Tesla Model 3 will be available.
One of last surviving Navajo code talkers, Alfred Newman, has passed away at 94. Newman, with many others, developed during World War II an unbreakable code for military transmissions using the unwritten Navajo language.
Security researcher Troy Hunt updated his service Have I Been Pwn with 772,904,991 new email addresses and lots of passwords after finding 87GB of leaked passwords and email addresses by the MEGA cloud storage provider.
There was a massive data breach at the Oklahoma Securities Commission with millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials leaked.
Hackers broke into an SEC database and made millions from inside info.
Malicious former employee installed Raspberry Pi in the company network closet, but the Reddit crowd helped with the investigation.
Great blog post about the factors in authentication. The more factors to be used, the bigger headache from the enrollment procedures.
Noise Protocol Framework Explorer created by Nadim Kobeissi now supports generating secure implementations in Go for any arbitrary Noise Handshake Pattern.
CERT Poland (CERT Polska) opens access to its malware database (MWDB).
Turla malware is communicating with the C&C infrastructure by leaving comments in Britney Spears's Instagram account.
The gang behind Platinum threat is using Intel Active Management technology Serial-over-LAN channel to bypass the software firewall when transferring files, due to operating system independence of this low level technology.
Montenegro is continuously targeted by cyber attacks attributed to the APT28 group as a part of a broader influence campaign.
MacSpy malware-as-a-service is a feature rich RAT targeting OS X operating system.
IBM researchers analyzed QakBot banking trojan responsible for "lock out" of the hundreds of Active Directory users.
A Linux malware is installing cryptocurrency mining software on Raspberry Pi via SSH. It's using only default SSH user & passphrase.
The GNU Privacy Guard (GnuPG) developers start new fundraising effort for the continued development of this well known encryption software.
If you want to know more about the capabilities of GnuPG, check the linked "An Advanced Intro to GnuPG" presentation from the last year.