Going to the rabbit hole ... sat down to write a new blog post, as a result decided to transfer my blog to a new platform. Been using Blogger platform for a while, and wondered if it can be easier to use, as a result stumbled upon combination of Jekyll and GitHub Pages. After a transfer my blog it going to be just a code on a GitHub that can be managed from console. Here is quick glimpse.
Some one wrote malware in Delphi, such an unusual choice, I bet it was quite large and slow. However it explains connections, Delphi and Pascal are the languages kids usually study at school in post soviet countries. https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html
Malware to run alternative advertisement market? Are you serious? https://threatpost.com/adrozek-malware-fake-ads-30k-devices/162217/
Facebook has a lot of weight, but it kind of fishy when they uncovering state sponsored hackers conviniently in the place where they having problems with government. https://www.reuters.com/article/facebook-vietnam-cyber/facebook-tracks-oceanlotus-hackers-to-it-firm-in-vietnam-idUSKBN28L03Y
I guess MS Teams going through some growing pains, more users it has more often people will attempt to exploit it. https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html
💜 TODAY! @ Dec 11, 18:00 UTC / 13:00 Eastern / 10:00 Pacific. Edward Snowden will host Tor’s third PrivChat, a fundraising livestream & conversation with human rights defenders + real-life Tor users Alison Macrina, Ramy Raoof, & Berhan Taye. #UseAMaskUseTor
📺 Set your reminder!
https://youtu.be/S2N3GoewgC8
MySQL is one of the widely used database servers, and it looks like has been an interesting target for cyber criminal. This year pandemic has changed the way we live and in many areas those changes are permanent, so many companies were faced with attacks on their data assets. https://threatpost.com/please_read_me-ransomware-mysql-servers/162136/
Whether you will break some benemoth corporation into smaller piece or not that won't protect privacy of their users, those who are in behavioral advertisement business and want to exploit people can still do that just on a smaller scale, users have no other choice, but to run social network themselves. https://www.wired.com/story/facebook-ftc-antitrust-case-smoking-gun/
Breaking into to steal tools is an interesting approach, however I think most importantly bad guys were after information on how to avoid detection by those tools or how to protect their systems against those tools. https://www-nytimes-com.cdn.ampproject.org/c/s/www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.amp.html
DuckDuckGo making a case for fair competition in mobile search, however there were some troubling notes in this article. I would say random order for search provider is a good start, but placing Goggle on the last screen is unfair to Google, I'd say stay random all the time. https://spreadprivacy.com/search-preference-menu-research/
I had to agree with author, advertising industry has gotten it wrong. https://adactio.com/journal/17658
Interesting approach, going after firmware, sounds like holy grail once you can embed something into firmware it can stay on the system even after full rebuild from scratch. https://threatpost.com/trickbot-returns-bootkit-functions/161873/
For developers who designing API here is good starting point. Remember it's just starting point there are way more items to think about especially on security side, as article only "touched" on that subject. https://stackoverflow.blog/2020/03/02/best-practices-for-rest-api-design/
Interesting writing about vulnerability in iOS devices ... I guess conclusion it's better to avoid proprietary protocols. https://thehackernews.com/2020/12/google-hacker-details-zero-click.html
Hmmmm interesting, looks like mics in Alexa Echo, Google Home will react on light, or is there a photo element. For now move your smart speakers away from windows, ready more: https://threatpost.com/light-based-attacks-digital-home/161583/
According to quick search on Shodan there are 3813 docker instances with exposed API responding on default port. I guess owners has to be on lookout https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
Salesforce buys Slack, interesting move, I am wondering what is the long term vision for such deal. https://www.entrepreneur.com/article/360808
This is just pure negligence apparently researchers attempted to contact developers since Aug and devs took no actions to protect their users and some of these users paid for this app https://threatpost.com/android-messenger-app-leaking-photos-videos/161741/
Experienced technology entrepreneur on the quest for ethics and privacy. Follow #punkprivacy tag to get regular privacy tips. You can also follow @ethiork account to get information about progress of Ethiork project that enables people to own their data and protect their privacy.