The criminalization of encryption and security tools in France
On the morning of the 8 December 2020, nine French citizens were arrested on association with terrorism charges. The nine French citizens had joined the Kurdish People’s Defense Units (YPG) to fight against ISIS. When they returned in 2018, they were designated as far-left extremists by the General Directorate for Internal Security. The arrests have […]
Remote Code Execution bug found in CS:GO
Discovering vulnerabilities in the software we used on a day to day basis is important as it forms the foundation for proactive defense against these vulnerabilities. Identifying these vulnerabilities in software, hardware, or network systems and then reporting them responsibly fosters continuous improvement in security and development practices. Finding vulnerabilities is a massive time investment […]
Reddit’s new API pricing leads to the closure of several 3rd party apps
Reddit announced that 3rd party apps will now have to pay to use its API, seemly to increase revenue as well as limit the scraping of its data from various AI startups that are training models. The pricing is $0.24 per 1000 API calls and with many 3rd party apps doing millions of requests per […]
Security.txt becomes mandatory for all Dutch Government Websites
When bug-bounty hunters and other security researchers need to disclose a vulnerability to an organization, they often can’t find an email address to conduct an organization through. The concept of security.txt originated from the need to streamline communication between security researchers and organizations. An idea was submitted to the Internet Engineering Task Force (IETF) to […]
Volt Typhoon, a Chinese state actor attacked US critical infrastructure to disrupt communication channels
Microsoft has detected stealthy malicious activity by Volt Typhoon, a Chinese state-backed entity known for espionage and data collection. The focus of the attack was critical infrastructure entities in the US and it is believed that the attacks are part of a larger capability that China is building to disrupt crucial communication channels between the […]
CVE Proof of Concept Scams
When a new vulnerability is made public, a Common Vulnerabilities and Exposures (CVE) number is assigned to it. A CVE will contain a brief description of a security vulnerability and is a way to uniquely ID each security vulnerability that may be found. These CVE numbers allow security professionals to track vulnerabilities, patches to fix […]
Google’s Trust Problem
Earlier this week, Google announced in a blog post that it would be shutting down Stadia, its consumer gaming service: A few years ago, we also launched a consumer gaming service, Stadia. And while Stadia’s approach to streaming games for consumers was built on a strong technology foundation, it hasn’t gained the traction with users […]
SEC Fines Morgan Stanley $35 Million after unencrypted hard drives are sold at auction
The SEC has fined Morgan Stanley $35 million for improperly disposing of customer data when decommissioning hardware at their data centers and local branches. The SEC states in their complaint that over a 5 year period, Morgan Stanley failed to dispose of thousands of hard drives containing the data of over 15 million customers in […]
Yet Another Uber Breach
Uber has suffered another breach that was the result of a social engineering attack. The attacker managed to get an Uber employees password and then used that password to login, however Uber uses MFA so the attacker called the Uber employee and pretended to be from the IT department and stated that the Uber employee […]
Ubiquiti files SLAPP Suit against security journalist Brian Krebs
Ubiquiti has filed a lawsuit against intrepid security journalist Brian Krebs for defamation stemming from his coverage of the Ubiquiti breach that took place in 2020. From the lawsuit: Ubiquiti Inc. files this defamation action because blogger Brian Krebs falsely accused the company of ‚Äúcovering up‚Äù a cyberattack by intentionally misleading customers about a so-called […]