- 1. Hacker could’ve printed unlimited ‘Ether’ but chose $2M bug bounty instead
"Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty." - Interesting, if the bug bounty is high enough, people may not steal...
- 2. Hacking group is on a tear, hitting US critical infrastructure and SF 49ers
Print bombing: "Another characteristic of BlackByte, Red Canary said, was its use of “print bombing.” This feature caused all printers connected to an infected network to print ransom notes at the top of each hour that said, “Your [sic] HACKED by BlackByte team. Connect us to restore your system.”"
- 3. Never Use Text Pixelation To Redact Sensitive Information
"Today, we’re focusing on one such technique – pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. To show you why, I wrote a tool called Unredacter that takes redacted pixelized text and reverses it back into its unredacted form. There’s plenty of real-world examples of this in the wild to redact sensitive information, but I won’t name names here. " - Black bars are the way to go...(just don't distribute the PPT LOL)
- 4. Patch now: Adobe releases emergency fix for exploited Commerce – Magento zero-day
"The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a "product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." - Well yea, this is so many bugs... Curious to see the exploit.
- 5. A Hacker Group Has Been Framing People for Crimes They Didn’t Commit
Interesting: "The most prominent case involving Elephant centers around Maoist activist Rona Wilson and a group of his associates who, in 2018, were arrested by India security services and accused of plotting to overthrow the government. Evidence for the supposed plot—including a word document detailing plans to assassinate the nation’s prime minister, Narendra Modi—was found on Wilson’s laptop. However, later forensic analysis of the device showed that the documents were actually fake and had been planted using malware. According to Sentinel researchers, it was Elephant that put them there."
- 6. Linux kernel patches remote stack overflow bug
Used for clustering. "The TIPC module must be loaded for the system to be vulnerable. In addition, for the system to be targeted remotely, it needs to have a TIPC bearer enabled."
- 7. 74% of ransomware revenue goes to Russia-linked hackers
Or is it a group that wants to make it look like Russia? (Adorns tin foil hat): "Their ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country, The gang operates in Russian on Russian-speaking forums, The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US"
- 8. Apple moves to stop AirTag tracking misuse
Yea, a stern warning, that'll work: "As part of the changes to make misuse harder, Apple said every user setting up their AirTag for the first time will see a message warning that using the device to track people without consent is a crime in many regions around the world." So, if you don't have an air tag, you still need to install the app: "Currently, iPhone users (and Android users who download an app) receive "unwanted tracking" alerts if an unknown AirTag moves with them."
- 9. Experts disclose details of Apache Cassandra DB RCE
- 10. Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
- 11. High-Severity RCE Bug Found in Popular Apache Cassandra Database
- 12. Ukraine Defense and Bank Networks DDoS-ed
- 13. Securing IoT from the ground up – Help Net Security