Krebs on Security

MARCH 31, 2019

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive , a now-defunct cryptocurrency mining service that was massively abused by cybercriminals.

Cryptocurrency 165

Cryptocurrency Accountability Hacking 165

Malwarebytes

FEBRUARY 21, 2022

The suit contains arguments that Facebook’s now-defunct photo-tagging feature illegally collected data about Texan people’s faces, including those who are non-Facebook users but were tagged by someone who is, without asking for consent. Paxton filed the lawsuit on Monday in the state’s Harrison County District Court.

Artificial Intelligence 102

Artificial Intelligence Consumer Protection Technology Media 102

Security Affairs

MARCH 20, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. March 18 – node-ipc NPM Package sabotage to protest Ukraine invasion. The developer behind the popular “node-ipc” NPM package uploaded a destructive version to protest Russia’s invasion of Ukraine.

Government 85

Government Antivirus Hacking Software 85

Malwarebytes

JUNE 29, 2022

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. The spyware, dubbed Hermit, is reported to have government clients much like Pegasus. Italian vendor RCS Labs developed Hermit.

Spyware 107

Spyware Government Social Engineering Mobile 107

Security Affairs

JULY 29, 2019

For lower level users, WordPress does not sanitize them for usage as HTML tag attributes. The code in the last line shows output as HTML tag attributes that are not being escaped. To protest against the moderators of the WordPress Support Forum’s, the experts decided to disclose the flaw and to share the proof-of-concept code.

Authentication 70

Authentication Advertising Information Security Hacking 70

The Security Ledger

DECEMBER 11, 2018

In this week’s podcast (#124): we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french "Yellow Vest" protests. Part 1: the Twitter bots pumping up French Protests? Now similar protests have popped up in Belgium and other neighboring countries. What is fueling them?

Social Engineering 40

Social Engineering Engineering Software Accountability 40

Adam Levin

JULY 2, 2018

During the Dakota Access Pipeline stand-off, Morton County public information issued a release alleging that protesters doxed a Bismarck Police officer, releasing his date of birth and home address. Bottom line: You should act like the bad guys are out to get you, because they are.

Social Engineering 101

Social Engineering Media Identity Theft Engineering 101