We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates. ACMEv2 is an updated version of our ACME protocol which has gone through the… Read More


The International Monetary Fund is an ideological enemy to Bitcoin and decentralized virtual currencies in general. The Washington, DC-based organization centrally controls a global system of payments and loans, often given to struggling nations on the condition that they impose strict austerity. Now, the IMF wants to use the same technology behind Bitcoin to regulate… Read More


It took me three months to finish writing this article. I had so many tasks on my to-do list that sadly this one was pushed down to the bottom of the list. Last weekend I made a promise to myself that until Sunday I’m going to finish writing it, I successfully kept my word and… Read More


Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential… Read More


According to researchers, theAPT15 group was able to deploy three backdoors – identified as RoyalCli, RoyalDNS andBS2005 – on an unnamed UK contractor’s systems. These backdoors helped the threat actor collect data related to the UK government’s military technology. The networks were compromised from May 2016 until late 2017 and infected over 30 contractor controlled… Read More


The interesting aspect about social engineering is that it capitalizes on the user’s poor decision to execute code that would have been much harder to inject, or that could have been caught by security solutions otherwise. In other words, letting victims do the work remains an effective means for attackers to compromise endpoints. Source: malwarebytes… Read More


To find a potential entry point into medical infrastructure, we extract the IP ranges of all organizations that have the keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name, then we start the masscan (port scanner) and parse the specialized search engines (like Shodan and Censys) for publicly available resources of these organizations.… Read More


Flying sucks enough as it is, but a Transportation Security Administration employee deciding to root around in your laptop or cellphone can make it even worse. This practice of searching electronic devices has been going on for years at international airports, but this was limited to travelers flying in and out of the US. Recently… Read More


This utility, going by the codename of ‘Territorial Dispute,’ is meant to alert NSA operators about the presence of other cyber-espionage hacking groups on a compromised computer and allows an NSA operator to retreat from an infected machine and avoid further exposure of NSA hacking tools and operations to other nation-state attackers. Source: bleepingcomputer… Read More


Some readers may remember our Analysis of .git folders in the Alexa Top 1M. WIth our tools we were able to discover and retrieve (hidden) directories and files (even without directory listing). We developed a similar approach of uncovering hidden files again, but this time with the help of .DS_Store files. In this blogpost we… Read More