Incident Report: Employee and Customer Account Compromise - August 4, 2022
https://www.twilio.com/blog/august-2022-social-engineering-attack
"To Uncover a Deepfake Video Call, Ask the Caller to Turn Sideways"
https://metaphysic.ai/to-uncover-a-deepfake-video-call-ask-the-caller-to-turn-sideways/
"Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service"
"Use One Big Server"
https://specbranch.com/posts/one-big-server/
Interesting discussion here: https://news.ycombinator.com/item?id=32319147
* "The Illustrated TLS 1.3 Connection": https://tls13.xargs.org/
* "The Illustrated DTLS Connection": https://dtls.xargs.org/
Dpaste now has a '.well-known/security.txt' file to aid in reporting of any discovered vulnerabilities. https://securitytxt.org/
"Apple’s Lockdown Mode"
https://www.schneier.com/blog/archives/2022/07/apples-lockdown-mode-2.html
👍 🤔
"The dangers of Microsoft Pluton"
https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/
"Vodafone & Deutsche Telekom to introduce persistent user tracking"
https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking
Roberta Arcoverde, Director at Stack Overflow, previously a staff engineer and tech lead:
Stack Overflow platform:
* .. backed by just 9 servers,
* .. run on-prem from own data center (not cloud),
* .. team of 50 engineers (up from 10 in 2014),
* .. deployed as monolith in 4min multiple times daily,
* .. pragmatic, ignore trends like k8s and microservices.
> Giving SQL 1.5 TB of RAM was more effective than caching page fragments in Redis.
https://hanselminutes.com/847/engineering-stack-overflow-with-roberta-arcoverde
"Twitter data breach exposes contact details for 5.4M accounts"
Hardcoded password in Confluence app has been leaked on Twitter
Link: https://arstechnica.com/information-technology/2022/07/atlassian-warns-hardcoded-password-flaw-is-likely-to-be-exploited-in-the-wild/
Discussion: https://news.ycombinator.com/item?id=32195700
Dutch schools must stop using Google's email and cloud services due to privacy concerns. To protect pupil's privacy, we recommend schools to switch to Tutanota, your privacy-first email service, made in Europe. 😉
https://tutanota.com/blog/posts/dutch-schools-must-stop-using-google-email-and-cloud-services
RT @RandoriSec
Heap buffer overflow within the Netfilter subsystem of the Linux kernel (CVE-2022-34918).
ps: @metasploit module coming soon.
Another clever hack that could be used for fingerprinting.
https://www.ctrl.blog/entry/teamviewer-font-privacy.html
This comment explain the purpose: https://news.ycombinator.com/item?id=32165103
however as a user I don't really feel comfortable if any software I end up installing uses it.
"Log4j vulnerabilities remain 'endemic', says US DHS"
https://www.itnews.com.au/news/log4j-vulnerabilities-remain-endemic-says-us-dhs-582768
"20 years of payment processing problems"
https://kaimi.io/en/2022/07/20-years-of-payment-processing-problems-en/
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]