Sergey Shkundaleu @archit3ct@social.ssbx.dev

MySQL is one of the widely used database servers, and it looks like has been an interesting target for cyber criminal. This year pandemic has changed the way we live and in many areas those changes are permanent, so many companies were faced with attacks on their data assets. https://threatpost.com/please_read_me-ransomware-mysql-servers/162136/

Whether you will break some benemoth corporation into smaller piece or not that won't protect privacy of their users, those who are in behavioral advertisement business and want to exploit people can still do that just on a smaller scale, users have no other choice, but to run social network themselves. https://www.wired.com/story/facebook-ftc-antitrust-case-smoking-gun/

Breaking into to steal tools is an interesting approach, however I think most importantly bad guys were after information on how to avoid detection by those tools or how to protect their systems against those tools. https://www-nytimes-com.cdn.ampproject.org/c/s/www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.amp.html

DuckDuckGo making a case for fair competition in mobile search, however there were some troubling notes in this article. I would say random order for search provider is a good start, but placing Goggle on the last screen is unfair to Google, I'd say stay random all the time. https://spreadprivacy.com/search-preference-menu-research/

I had to agree with author, advertising industry has gotten it wrong. https://adactio.com/journal/17658

Interesting approach, going after firmware, sounds like holy grail once you can embed something into firmware it can stay on the system even after full rebuild from scratch. https://threatpost.com/trickbot-returns-bootkit-functions/161873/

For developers who designing API here is good starting point. Remember it's just starting point there are way more items to think about especially on security side, as article only "touched" on that subject. https://stackoverflow.blog/2020/03/02/best-practices-for-rest-api-design/

Interesting writing about vulnerability in iOS devices ... I guess conclusion it's better to avoid proprietary protocols. https://thehackernews.com/2020/12/google-hacker-details-zero-click.html

If you are running Calibre on Ubuntu 20.04 and ran into error like: AttributeError: 'NoneType' object has no attribute 'cancel' here problem and solution for ya.

Hmmmm interesting, looks like mics in Alexa Echo, Google Home will react on light, or is there a photo element. For now move your smart speakers away from windows, ready more: https://threatpost.com/light-based-attacks-digital-home/161583/

According to quick search on Shodan there are 3813 docker instances with exposed API responding on default port. I guess owners has to be on lookout https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/

Salesforce buys Slack, interesting move, I am wondering what is the long term vision for such deal. https://www.entrepreneur.com/article/360808

This is just pure negligence apparently researchers attempted to contact developers since Aug and devs took no actions to protect their users and some of these users paid for this app https://threatpost.com/android-messenger-app-leaking-photos-videos/161741/

Hello World! This is my first post on new platform, so I will be talking mostly about software development, privacy, security and entrepreneurship.