Thoughts on the XZ Utils Backdoor
The open-source community narrowly avoided a major security crisis with the discovery of a critical vulnerability (CVE-2024-3094) and backdoor that was discovered in XZ Utils, a data compression library used by many Linux distributions. XZ Utils provides a collection of
Crypto King Sentenced: FTX scandal leads to accountability
FTX, once a leading cryptocurrency exchange, crumbled in November 2022 after a massive fraud orchestrated by its founder, Sam Bankman-Fried (SBF). SBF diverted billions of dollars in customer funds for personal use, risky investments, and political donations. The house of
UN Investigating 58 crypto heists linked to North Korea’s Cyberattacks
A United Nations panel is investigating a series of cyberattacks allegedly conducted by North Korea. The report, released in March 2024, details how these attacks, carried out between 2017 and 2023, netted an estimated $3 billion for the regime. From
Tor releases WebTunnel to bypass censorship by mimicking HTTPS traffic
Roger Dingledine presented a talk at the 37th Chaos Communication Congress about the challenges of web censorship and the censorship attempts that countries including Russia, Iran and Turkenistan have attempted. Tor effectively has an technological arms race with these censors
CISA takes down 2 systems after Ivanti compromise
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed a cyberattack in February that exploited vulnerabilities in Ivanti software used by the agency. While CISA declined to disclose details about the attackers or data accessed, the compromised systems reportedly included critical
US looses $12.5 Billion to online fraud in 2023
Americans lost a staggering $12.5 billion to online fraud in 2023, according to the FBI’s annual Internet Crime Complaint Center (IC3) report. This alarming figure represents a 22% increase compared to 2022, highlighting the growing threat of cybercrime in the
US takes down Chinese Volt Typhoon Infrastructure
The US government took action against a large-scale Chinese hacking campaign that targeted internet-connected devices. This hacking group, known as Volt Typhoon, aimed to compromise critical infrastructure including utilities and internet service providers. The US Justice Department and FBI worked
Russian Internet Outage due to DNSSEC Glitch affecting .ru TLD
Russia experienced a widespread internet outage on Tuesday, affecting access to major websites including Yandex search, VKontakte social media, Sberbank online banking, and news outlets. The outage lasted for nearly four hours and primarily impacted users in Moscow, St. Petersburg,
ICANN Proposes a dedicated .internal TLD for internal networks
The organization that governs domain names on the internet, ICANN (Internet Corporation for Assigned Names and Numbers), is proposing a new type of top level domain (TLD) specifically designed for internal use within organizations. Unlike the familiar .com or .org
Jenkins vulnerability leaves 45 000 publicly exposed servers at risk
A critical vulnerability discovered in Jenkins, a popular open-source automation server widely used for building, testing, and deploying applications, has sent shudders through the developer community. This flaw, identified as CVE-2024-23897, allows attackers to potentially gain unauthorized access to sensitive
37c3 in Review: My favourite talks
The 37th edition of the Chaos Communication Congress (37c3) was held in Germany and was the first in person CCC event since the pandemic. The congress returns to the Congress Center Hamburg (CCH) in Hamburg after renovations, the event was
Five Eyes using push notifications to spy on smartphone users
The office of Senator Ron Wyden received a tip that foreign governments including the Five eyes were using push notifications to spy on users. Once this information was received, an investigation was launched and a letter requesting more information that
Have I Been Pwned celebrates 10 year anniversary
Have I Been Pwned (HIBP), a free online service created by Troy Hunt that enables users to check if their email address has been exposed in a data breach, celebrated its 10th anniversary earlier this week. HIBP has enabled users
NAFO goes after Truth Social
The North Atlantic Fella Organization (NAFO) is trying to take down Donald Trump’s Truth Social platform. NAFO is an online activist group founded to combat pro-Russia propaganda related to the invasion of Ukraine. Last month, the group turned its attention
Android 14 Bug Cripples Multiple User Profiles on Pixel Devices
Android 14 users beware! A critical bug is affecting devices running the new operating system, particularly those utilizing the “multiple profiles” feature. This bug renders devices practically unusable, locking users out of their own storage. The issue, likened to “ransomware”