Category: Security & Privacy

  • Nevermind

    The CISO Ran-som-ware. Nevermind.

  • LockBit Group published Proof for Accenture Hack has published material the LockBit Group provided to proof their hack of the Accenture Network.At first glance, it looks huge and worrying. Social media response at this time appears to acknowledge the proof. More here: LockBit 2.0 Proof for Accenture Hack – DeepWeb intelligence Feed

  • AI Wrote Better Phishing Emails

    WIRED schreibt, dass es Forschern gelungen ist, mit Hilfe von GPT3, dem Generative Pre-trained Transformer 3 ML Netzwerk, Phishing Mails zu erzeugen, die deutlich wirksamer sind als von Menschen geschriebene Mails. Endlich ein Einsatzbereich für AI, der sich auch ohne VC Geld lohnt. Source: AI Wrote Better Phishing Emails Than Humans in a Recent Test […]

  • Amazon schaltet NSO ab

    heise schreibt, dass Amazon NSOs, das ist der Hersteller der Pegasus Spyware, Infrastruktur abschaltet und deren Accounts löscht. Nun bin ich sicher kein Freund von so fraglicher Software und ganz sicher kein Unterstützer der dazugehörigen Hersteller. Allerdings ist an der Stelle auch ein anderes Problem deutlich: die Abhängigkeit unabhängiger Hersteller vom Wohlwollen von Cloud-Providern. Soweit […]

  • Malicious PyPI Packages

    It was a matter of time. After the npm-repository was hit later last year and ruby gems were found mining crypto-currency, this times it’s PyPI that spreads bad code. Supply chain attacks, as this vector is typically referred to, becomes an increasing problem. Foremost for software vendors. The rich supply of community maintained packages make […]

  • Clubhouse leakt 3,8 Milliarden Telefonnummern

    Clubhouse. Das war diese App, die vor einem halben oder ganzen Jahr so unglaublich gehyped worden ist. Man kam nicht rein, das war Invite Only. Man kam nicht von alleine rein, cool waren nur die, die drin waren. Alle in meiner Bubble hatten FOMO, Fear Of Missing Out. Diesen menschlichen Effekt haben vor 15 Jahren […]

  • Styra Extends Open Policy Agent Security to Public Clouds

    Once upon a time, we tried to code policy positions into our programs. It didn’t — it really didn’t — work well. Then in 2016, some developers at a company they called Styra came up with Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments. Source: Styra Extends Open Policy Agent Security to Public […]

  • Fastly Global CDN Disruption

    Fastly is one of the major CDN vendors globally. As a regular consumer you wouldn’t be aware of their service, until a failure hits. Today the service faced a configuration issue, that apparently hit global pages like NYTimes and Bloomberg, but also Amazon, Reddit and Twitter, as reported in multiple sources. The issue is reported […]

  • For the VMware users here.

    VMWare’s vCenter Server is vulnerable to a remote code execution (RCE) vulnerability. That means, an attacker would be able to execute code on any machine with that software reachable from the internet. Executing arbitrary code would also allow malware to replicate, AKA worm. The vulnerability is tracked as CVE-2021-21985. Code execution flaw in vCenter is […]

  • Is anyone here using Azure?

    Are you using Azure? A newly published Hyper-V bug could possibly crash ‘big portions of Azure cloud infrastructure’. Security researchers have posted proof of concept code that exploits a recently patched vulnerability in Microsoft’s Hyper-V hypervisor. The bug enables code in the guest to crash the host, and in some circumstances compromise the host’s security. […]