The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.
The New York Times published an article about the insecurity of the mobile networks' Signaling System 7 (SS7) and the unwillingness to address mobile network vulnerabilities in general.
Iraq government took down unlicensed towers used for illegal internet bandwidth smuggling operation in the disputed province of Kirkuk.
Indias' Ministry of Home Affairs has issued a notification authorizing 10 agencies to tap, intercept and decrypt all personal data on computers and networks.
Yet another article from NY Times, this time on how Facebook uses 7500 moderators around the world to keep content "normal".
Hackers are infecting Linux servers with JungleSec ransomware using IPMI remote console, manually running encryption program, then asking for ransom.
The beta version of the WireGuard next gen VPN for iOS was released into the App Store.
Someone from the France uploaded a new sample of Shamoon wiper malware to VirusTotal. The sample is signed with Baidu digital certificate expired back in 2016.
The Wired magazine published a list of articles they have published on a security topic in 2018. Some of them are really good.
Amazon sends 1700 Alexa voice recordings to a random person.
Some good souls are selling Ransomware as a service. It has own logo, support, bug tracker, and a clean website.
The webpage of the open-source video transcoder application Handbrake was compromised and served malware for the Mac users.
Comparison of the "http81 IoT botnet" against the Mirai source code. The C&C code is different, but they took some parts of the published source code.
IBM shipped malware infected USB flash drives to the customers.
Shodan can now find malware C&C servers.
Deep insight into use-after-free vulnerability and many possibilities how to exploit it. https://scarybeastsecurity.blogspot.ch/2017/05/ode-to-use-after-free-one-vulnerable.html
Critical remotely exploitable vulnerability found in the Microsofts' Malware Protection service.
The criminals are stealing 2FA tokens by abusing widespread telecommunications network equipment.
Guido Vranken found a vulnerability (CVE-2017-8779) that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote RPCBIND host, and the memory is never freed unless the process crashes or the administrator halts or restarts the RPCBIND service.
Good summary of an iCloud Keychain Secrets vulnerability (CVE-2017–2448). From the blog:
"This allows an adversary to craft an OTR message which can negotiate a key successfully while bypassing the actual signature verification...Considering that OTR uses ephemeral keys for encryption, this flaw implies that a syncing identity key is no longer required for an adversary with Man In The Middle capabilities to negotiate an OTR session to receive secrets."
Researchers developed the cheapest way so far to hack a passive keyless entry system, as found on some cars. No cryptography broken.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Linux Malware Detect (LMD) is a malware scanner for Linux designed around the threats faced in shared hosted environments.