Skip to main content

Posts

Showing posts from March, 2021

How to achieve Smart Home nirvana (or, home automation without subscription)

With some work and planning, Home Assistant sets your Smart Home. https://bit.ly/39sHHxS

Android sends 20x more data to Google than iOS sends to Apple, study says

Google contests the estimate, saying it's based on flawed methodology. https://bit.ly/3djVOqr

Nike sues over “Satan Shoe,” disavowing all connection to soul soles

Nike really doesn't like anyone thinking it made or endorses the Satan Shoe. https://bit.ly/3sxbvB7

Hackers backdoor PHP source code after breaching internal git server

Code gave code-execution powers to anyone who knew the secret password: "zerodium." https://bit.ly/3decsYM

The massive cargo ship that blocked the Suez Canal is now moving again

After impeding traffic for days, high tide and plenty of tugs got it unstuck. https://bit.ly/3w7RDXq

New Android malware with full range of spying capabilities has been found

Despite its sophistication, the app can be easy for more experienced users to spot. https://bit.ly/3lYJWOO

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

40,000 lines of flawed code almost made it into FreeBSD's kernel—we examine how. https://bit.ly/3sporZD

OpenSSL fixes high-severity flaw that allows hackers to crash servers

The widely used code library is also purged of a certificate verification bypass. https://bit.ly/31hvHL9

Slack pledges update to “Connect DM” after realizing harassment exists

Users immediately spotted the gaping loophole the company didn't notice. https://bit.ly/3slHnsb

Musk: Tesla accepts bitcoin as payment, won’t convert it “to fiat currency”

Bitcoin option live on Tesla's site in US now, coming to other countries later. https://bit.ly/3vWla6p

Ransomware operators are piling on already hacked Exchange servers

The fallout from the Microsoft Exchange server crisis isn't abating just yet. https://bit.ly/3riQSHk

Judge grants class-action status to MacBook butterfly-keyboard suit

Apple phased out the design after 2019, but older models still have issues. https://bit.ly/3rfXUN4

Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10

As if the mass-exploitation of Exchange servers wasn't enough, now there's BIG-IP. https://bit.ly/3s52i2M

“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

The breadth and abundance of exploits for unknown vulnerabilities sets group apart. https://bit.ly/30Wi8Rj

Attackers are trying awfully hard to backdoor iOS developers’ Macs

XcodeSpy uses malicious Xcode project to install the EggShell backdoor. https://bit.ly/3bYt2wn

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet

DDoS-for-hire services adopt new technique that amplifies attacks 37 fold. https://bit.ly/3vAOWgG

I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence

Florida teen pleads guilty to attack that took over Twitter's internal systems. https://bit.ly/3eNxiAp

Touch of gray: The Air Force can’t retire the Boeing 707

In this installment of SitRep, we look at the 707's longevity as a military workhorse. https://bit.ly/3rUeeV5

$16 attack shows how easy carriers make it to intercept text messages

Reporter details problem in story titled, "A Hacker Got All My Texts for $16." https://bit.ly/38NfnWC

“Please someone help me.” FaceTime users bombarded with group call spam

Apple doesn't provide tools that effectively ease a major headache for FaceTime users. https://bit.ly/2OUJ3tZ

Exchange servers first compromised by Chinese hackers hit with ransomware

As if Exchange users didn't already have enough to worry about, they have this. https://bit.ly/3qJE2l6

AT&T promises fiber-to-the-home expansion in 90 metro areas this year

Tens of millions in AT&T territory lack fiber—3 million should get it in 2021. https://bit.ly/30G75vi

Critics fume after Github removes exploit code for Exchange vulnerabilities

Microsoft-owned Github pulls down proof-of-concept code posted by researcher. https://bit.ly/30xKj97

A Russian ISP confirms Roskomnadzor’s Twitter-blocking blooper

Our source demonstrated heavy throttling of microsoft.com, not just t.co. https://bit.ly/3qBP6Rl

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

A half-dozen groups exploiting the same 0-days is unusual, if not unprecedented. https://bit.ly/3qyrzAF

Hackers access security cameras inside Cloudflare, jails, and hospitals

Cloud-based camera service Verkada exposed hardcoded password—and its customers. https://bit.ly/3qwVrO1

Critical 0-day that targeted security researchers gets a patch from Microsoft

Hackers spent weeks building relationships with researchers and then tried to infect them. https://bit.ly/3rAkAsl

T-Mobile will sell your web usage data to advertisers unless you opt out

Data sales begin April 26 unless you opt out; T-Mobile claims it'll be anonymous. https://bit.ly/30u6gWw

Google tells harassment victims to take “medical leave,” report finds

Nearly two dozen current and former employees reported a widespread pattern. https://bit.ly/3kXnvJ6

SpaceX plans Starlink broadband for trucks, ships, and planes [Updated]

Dishes will be modified for vehicles, vessels, and aircraft, SpaceX tells FCC. https://bit.ly/3cbhfcR

Demand for fee to use password app LastPass sparks backlash

Pay up or face restrictions on access, say new private-equity owners. https://bit.ly/2OwJQRF

Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack

Multiple hacking groups are exploiting vulnerabilities to backdoor unpatched servers. https://bit.ly/38fMt1p

A new type of supply-chain attack with serious consequences is flourishing

New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow. https://bit.ly/3cbrdLl

China’s and Russia’s spying spree will take years to unpack

Full extent of SolarWinds hack, Hafnium’s attack on Exchange Server may never be known. https://bit.ly/2OtMsQ8

SpaceX Starlink factory in Texas will speed up production of Dishy McFlatface

Austin factory to create systems that improve SpaceX's high-volume manufacturing. https://bit.ly/3sQmFAF

Comcast hides upload speeds deep inside its infuriating ordering system

Comcast upload speeds of 3 to 35Mbps are hidden until last page of checkout. https://bit.ly/3e5MSXI

Parler sues Amazon (again), claims AWS ban sank a billion-dollar valuation

The lawsuit is dead. Long live the lawsuit. https://bit.ly/3kJ0vxh

Microsoft issues emergency patches for 4 exploited 0-days in Exchange

Attacks are limited for now but may ramp up as other hackers learn of them. https://bit.ly/3bO5p88

Rookie coding mistake prior to Gab hack came from site’s CTO

Site executive introduces, then removes, insecure code, then hides the evidence. https://bit.ly/308gk7w

Donald Trump is one of 15,000 Gab users whose account just got hacked

GabLeaks includes 70,000 messages in more than 19,000 chats by over 15,000 users. https://bit.ly/2Pe9Npp

Verizon tells users to disable 5G to preserve battery, then deletes tweet

Verizon's now-deleted tweet said using 4G only will conserve battery life. https://bit.ly/3rjxLhr