Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations.

Source: tripwire.com

…

A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates.

Source: arstechnica.com

…

On Jan. 15, FBI agents arrested Jerry Chun Shing Lee, a former CIA case officer, and charged him with unlawful retention of classified information. Lee is the sixth person charged by the Justice Department in the past two years for espionage-related offenses suspected to have been conducted on behalf of the People’s Republic of China. By comparison, prior to 2015, only one or two people on average per year were arrested for such offenses.

…

According to a Wednesday statement released by the San Diego County Sheriff’s Department, the unnamed 14-year-old boy posted a picture around 10pm Tuesday evening on Instagram with the message, ‘Don’t come to school tomorrow.’ Another student asked him to take the image down, but he refused.

Source: arstechnica.com

…

The latest zero-day threat to be discovered by Wandera’s mobile threat research team is RedDrop, a family of mobile malware inflicting financial cost and critical data loss on infected devices.

Source: wandera.com

…

According to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an Adobe Flash Player bug (CVE-2018-4878)  patched by Adobe earlier this month.

 Victims who fall for the ploy could ultimately hand over control of their systems to an attacker, according to researchers.

…

If the system flags anything suspicious – a large purchase of fertilizer, perhaps, or stockpiles of food considered a marker of terrorism – it notifies police, who are expected to respond the same day and act according to what they find. ‘Who ought to be taken, should be taken,’ says a work report located by the rights organization.

Source: theglobeandmail.com

…

Facebook recently expanded its face recognition features—and you may have opted in without even realizing it.

Source: wired.com

…

Duo found that buggy SAML libraries would read the NameID string in various ways, sometimes as [email protected] (treating the comment as a terminator for the data field), and sometimes as [email protected] (simply treating the comment as it it were not there at all).

Source: sophos.com

…

In this new lawsuit, Wright is accused of effectively swindling Dave Kleiman’s estate—his brother Ira Kleiman is the one who has filed the case—out of a massive cache of bitcoins that today are worth more than $5 billion.

Source: arstechnica.com

…

In part one of this series, Encryption 101: a malware analyst’s primer, we introduced some of the basic encryption concepts used in malware. If you haven’t read it, we suggest going back for a review, as it’s necessary in order to be able to fully follow part two, our case study. In this study, we will be reviewing the encryption of the ransomware ShiOne line by line.

…

Welcome to the cat surveillance state.

Source: vice.com

…

Talos has identified two different versions of a RAT, otherwise known as a remote access trojan, that has been written entirely in Python and is wrapped into a standalone executable. The RAT is impacting users of a Brazilian public sector management school.

Source: talosintelligence.com

…

Unauthorized mobile phone number porting is not a new problem, but T-Mobile said it began alerting customers about it earlier this month because the company has seen a recent uptick in fraudulent requests to have customer phone numbers ported over to another mobile provider’s network.

Source: krebsonsecurity.com

…

Wandera, a mobile security firm which spotted weaknesses in the CBS Sports app and mobile site back in 2016, uncovered the malware when a user clicked on an ad for the Chinese search engine Baidu. Their action redirected them to huxiawang[dot]cn, a distribution site which contains landing pages encouraging users to download one of 53 apps tainted by RedDrop. Those affected programs claim to help users learn a new language or dive into space exploration, for example, with engaging functionality.

…

China censored the letter N from its internet for at least a day. The ban came as China cracked down on online discussion over the Chinese Communist Party’s proposal to scrap presidential term limits. Abolishing term limits would allow President Xi Jinping to rule indefinitely.

It’s not entirely clear why the government targeted N, but we have a few theories.

…

A deep analysis of the Mobef ransomware revealed that it implements a number of functionalities, such as the capability to encrypt files, not only on the local drive but also on removable drives and network shares.

Source: securityaffairs.co

…

In this project you will find a full implementation of the “bpf” kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew.

This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.

…

The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites1 and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP object injection vulnerability in WooCommerce that allows to escalate privileges. The vulnerability was responsibly disclosed to the Automattic security team and was fixed last year with the release of version 3.2.4.

In this blog post we investigate how recent changes in the WordPress core database driver opened the doors for this vulnerability. Furthermore, we describe how the circumstances could be exploited with a unique and interesting injection technique.

…

Honeytrap is an extensible and opensource system for running, monitoring and managing honeypots.

Source: github.com

…