Saturday, June 25, 2022

OpenSSL issues a bugfix for the previous bugfix

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Capital One identity theft hacker finally gets convicted

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

Interpol busts 2000 suspects in phone scamming takedown

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

We tried it out to make sure, so you don't have to.

Murder suspect admits she tracked cheating partner with hidden AirTag

O! What a tangled web we weave, when first we practise to deceive.

You’re invited! Join us for a live walkthrough of the “Follina” story…

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
The Hacker News

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...