Google stored G Suite passwords in plaintext

In today’s edition of privacy related topics, it is Google that apparently stored customer passwords in plaintext. Google didn’t disclose which (enterprise) customers have been affected, but was clear that improper access is out of question. With this recent incident, Google joins ranks of Facebook, Instagram, but also Twitter and LinkedIn. Google says it discovered […]

Phones Open to Attack through WhatsApp Flaw

Meanwhile, another flaw from the Facebook universe. While it appears it’s not immediately related to data leakage, it gives great potential to 3rd parties, though. On the upside, nobody will attribute it to Facebook this time. It’s a good opportunity to point out and recommend the alternatives to Whatsapp, in particular Signal and Threema. A […]

Offenbar ist der Grund für den gestrigen und heutigen Ausfall der Telekom: ein bekannter Bug in TR069. Es gibt offenbar auch ein Metasploit Modul dafür. Source: Port 7547 SOAP Remote Code Execution Attack Against DSL Modems – SANS Internet Storm Center

'Venom' bigger than Heartbleed

Security researchers say the zero-day flaw affects “millions” of machines in datacenters around the world. Security researchers found a flaw in QEMU, dating back to 2004. Lots of virtualization platforms inherited the bug. Since virtualization powers the cloud, this has some potential. Quelle: Bigger than Heartbleed, ‘Venom’ security vulnerability threatens most datacenters | ZDNet

Exploiting the DRAM rowhammer bug to gain kernel privileges

For the sake of having this here. Manipulating bits in memory is a big deal in multi-tenant virtualized and cloud environments, aka public cloud. Unfortunately this is a hardware issue and not something that a software patch will solve. Only new physical deployments can solve that problem. So rowhammer will be a nightmare for a […]