writeup Exploiting TinyTinyRSS Me and Benjamin have spent many days hacking a self hosted tt-rss instance, and we have managed to achive remote code execution on the tt-rss clients subscribed to a malicious feed. You can read our blog post or even the full report. I still
digest Pausing digests Hello dear netizens! After some thoughts, I have decided to pause writing digests and focus my time on starting a new company. Expect to hear more news from me in the near future.
digest 2020-09-04 Friday digest European ISPs report mysterious wave of DDoS attacks, NSA spying exposed by Snowden ruled illegal and not very useful after 7 years, former IT director sentenced for selling government's Cisco gear on eBay, and more...
digest 2020-09-02 Wednesday digest CISA and FBI claim they've seen no cyber attacks this year on voter registration databases, hackers breached Norwegian Parliament, Twitter hack may have had another mastermind, Apple notarized malware by mistake, Iranian hackers selling access to corporate networks, and more...
digest 2020-08-31 Monday digest Former Cisco engineer wiped 456 virtual machine causing Webex disruption, New Zealand stock exchange halted trading after DDoS attack, US sues to recovery cryptocurrency stolen by North Korea, Elon Musk confirmed Russia tried recruiting an insider to plant malware in Tesla networks, and more...
digest 2020-08-24 Monday digest Google fixed vulnerability that allowed bypassing SPF and DMARC, former Uber CSO charged for the 2016 hack cover-up, Michigan college forcing students to enable tracking with a flawed app, data breaches at Freepik, LiveAuctioneers, and more...
digest 2020-08-20 Thursday digest Large data breach at Experian South Africa, US govt exposes new North Korean malware, FBI arrested tens of suspects for cashing-out Santander ATMs using software glitch, and more...
digest 2020-08-19 Wednesday digest Some email clients are vulnerable to 'mailto' links, vulnerabilities in GNU libc trigonometry functions, TeamTNT gang is stealing AWS credentials from compromised Docker and Kubernetes systems, Gym app management platform Fizikal exposes info of thousands of users, and more...
digest 2020-08-18 Tuesday digest Canon cloud platform lost users' files, Canada Revenue Agency hit by attackers, US Army reports that North Korea has at least 6000 hackers working abroad, Microsoft put off fixing zero day for 2 years, a bunch of medical data breaches, and more...
digest 2020-08-16 Sunday digest Citrix/Adobe/SAP/vBulletin critical vulnerabilities, FBI & NSA expose new Linux malware Drovorub used by Russian's GRU, researchers have been secretly "vaccinating" users against Emotet, Belarus shuts down internet, Mozilla fired security department, Bundeswehr fleet service attacked, and more...
digest 2020-08-09 Sunday digest Trump gave 45 days for Microsoft to buy TikTok, US shares info on election interference, 20GB of Intel source code leaked, Reddit defaced with pro-Trump messages, Canon suffers ransomware attack, new CPU side-channel attack, and more...
digest 2020-08-04 Tuesday digest Maze ransomware operators publish leaks from LG and Xerox, BlackBerry Phone cracked by Australian law enforcement after 5 years, Wordpress Newsletter plugin vulnerability affect over 300k sites, Linux Foundation announced Open Source Security Foundation (OpenSSF) and more...
digest 2020-08-03 Monday digest Malware writer pleaded guilty for operating FastPOS, new unpatchable Apple Secure Enclave Chip vulnerability, Singapore will require travelers to wear electronic tags to enforce quarantine, and more...
digest 2020-08-01 Saturday digest Hacker releases 386 million user records from multiple companies, four teenagers arrested for the Twitter hack, critical BootHole GRUB bootloader vulnerability, fake news posted in real news site by a hacking group, EU sanctions Russia, China and North Korea for cyber attacks and much more...
digest 2020-07-28 Tuesday digest Source code from dozens companies leaked online, Facebook sues EU antitrust regulator for "excessive data requests", Emotet operation hacked to show memes to victims, Cerberus Trojan team breaks and auctions the project, and more...
digest 2020-07-24 Friday digest Garmin shuts down services after ransomware attack, Dutch lawmaker's personal data exposed during Twitter hack, 'Meow' attack wiped unsecured databases, Twilio's SDK was compromised with malvertising code, and more...
digest 2020-07-22 Wednesday digest HaveIBeenPwned reached 10 billion accounts, US indicts hackers working with China's Ministry of State Security, Wirecard's COO involved in a bizarre attempt to buy Hacking Tools, Coinbase blocks $280k in Bitcoin theft from Twitter hack, and more..
digest 2020-07-20 Monday digest Twitter suffers a mega hack, cloudflare error shuts down a big chunk of the internet, Emotet is back, Diebold Nixdorf ATMs in Europe hacked, Iran cyberspies leak training videos, "zero logs" VPN exposes logs, and more...
digest 2020-07-15 Wednesday digest Wormable Windows DNS server vulnerability with maximum severity score, Google faces €600k fine in Belgium, Huawei to be banned in UK by 2027, Catalan politicians targeted with NSO Group spyware, new malware found in official Chinese tax software, and more
digest 2020-07-14 Tuesday digest Security firm DataViper breached, LiveAuctioneers reports data breach, critical SAP vulnerability allows creating new admin users, USA threatens to restrict WeChat following TikTok, malware adds Any.Run sandbox detection, and more...
writeup Disabling newsletters Today I have received the following mail from Mailchimp: Our automated abuse-prevention system, Omnivore, has detected an action or content in your account that may be in violation of our Acceptable Use Policy. For more information on these violations, please review our Acceptable Use
digest 2020-07-12 Sunday Mega digest Due to personal and health issues I had lately, I have stopped maintaining this blog, and now I want to work on it again, and this digest contains a bunch of things that happened while I was gone.
digest 2020-06-11 Thursday digest New Intel and ARM CPU vulnerabilities, data breaches at A1 Telekom, Honda, Nintendo, ZEE5, Fitness Depot, and a bunch of healthcare providers; new vulnerabilities in SMBv3, GnuTLS, UPnP, and much more...
digest 2020-06-05 Friday digest Data breaches at Zoomcar, CPA Canada, Bank of America, and others, ransomware attacks Conduent and healthcare organizations, Zoom vulnerabilities could be used for code execution, another large scale attack on WordPress steals configuration files, and more...
digest 2020-06-03 Wednesday digest Data breaches at Lead Hunter, French civic service, TVSmiles, REvil ransomware breached Plaza Collection Ltd and started auctioning stolen data, Netwalker ransomware targeted Columbia College of Chicago, DopplePaymer ransomware breached one of NASA's IT contractors, and more...
