The Network is the Computer: A Conversation with Ray Rothrock
Last week I spoke with Ray Rothrock, former Director of CAD/CAM Marketing at Sun Microsystems, to discuss his time at Sun and how the Internet has evolved. In this conversation, Ray discusses the importance of trust as a principle, the growth of Sun in sales and marketing, and that time…
The Network is the Computer
We recently registered the trademark for The Network is the Computer®, to encompass how Cloudflare is utilizing its network to pave the way for the future of the Internet.The phrase was first coined in 1984 by John Gage, the 21st employee of Sun Microsystems, where he was credited with building…
Silent Mac update nukes dangerous webserver installed by Zoom
Enlarge (credit: Kena Betancur/Getty Images) Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server…
Kali Linux is now available for Raspberry Pi 4!
Offensive Security has released an official version of Kali Linux for Raspberry Pi 4, the last (and most powerful) version of the compact computer board, released just two weeks ago with a 1.5 GHz 64-bit quad-core ARM Cortex-A72 processor and 4GB of RAM. Kali Linux has always been the number one…
A gentle introduction to Linux Kernel fuzzing
For some time I’ve wanted to play with coverage-guided fuzzing. Fuzzing is a powerful testing technique where an automated program feeds semi-random inputs to a tested program. The intention is to find such inputs that trigger bugs. Fuzzing is especially useful in finding memory corruption bugs in C or C++…
Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News
A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID: $> lsof -i :19421 $> kill -9 [pid]…
Patch Tuesday Lowdown, July 2019 Edition
Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially…
How to Hunt Down Social Media Accounts by Usernames with Sherlock
When researching a person using open source intelligence, the goal is to find clues that tie information about a target into a bigger picture. Screen names are perfect for this because they are unique and link data together, as people often reuse them in accounts across the internet. With Sherlock,…
Operation Soft Cell: threat actors are stealing years of call records from hacked telecommunication providers
Security researchers from Cybereason have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven…
Backdoor found in Ruby strong_password library
The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The code was used to check the password strength of user-chosen passwords when the library was being used in a production environment: In production, the code would download a payload from Pastebin.com and execute it…
Who’s Behind the GandCrab Ransomware?
The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may…
CVE-2019-13053: Logitech keyboards and mice vulnerable to cyber attacks
There are security vulnerabilities in several Logitech keyboards, mice and wireless presenters that may allows an attacker to send keystrokes and infect the computer. Many Logitech wireless input devices are vulnerable to wireless attacks and can pose a security risk. This is the conclusion of security expert Marcus Mengs, with…
Guest Post: Using BinaryEdge to hunt for Panda Banker C2 servers and Android Malware
Panda Banker is a trojan that is used for financially motivated targeted attacks on victims across the globe. This malware has been active since 2016, spreading through an initial phishing email and a malicious attachment accompanying it. Panda was first discovered by Fox-IT as targeting the Netherlands with a malicious…
Canonical’s GitHub Account has been compromised!
Don’t worry, Ubuntu source code was not impacted! On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution. The company immediately launched an investigation, the good news is that the source code of the popular Linux distro was not impacted.…
Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech
Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also…