Security Leftovers
-
Uber Has Been Hacked - Invidious
Uber had a massive security breach, the hacker allegedly had access to Ubers internal AWS, vsphere, hackerone, gsuite, and domain admin accounts.
-
This Song Will Break Your MacBook’s Speakers
The speakers of a MacBook Air can be damaged just by playing a really, really loud song, and a loud sound for 40 seconds, according to a researcher who pushed the laptop’s speakers to their limits.
-
Microsoft Teams has been storing authentication tokens in plaintext
Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft's Electron framework. Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.
-
VirusTotal Result Comparisons for Honeypot Malware, (Mon, Sep 12th) [Ed: Does it detect Microsoft malware like Windows? Or is Microsoft exempt?]
VirusTotal has become an important tool for researchers and defenders alike. Unusual executables or files can be uploaded to get an idea of how different antivirus vendors will classify it. Keeping the discovery of customized malware secret is also important and, in those cases, file hashes can be used to find any preexisting results. It should always be assumed that any file submitted to VirusTotal is being looked at by someone. The malware seen by public honeypots, such as the DShield honeypot, generally are not considered sensitive. Malware seen by these devices is being broadly used around the world in an attempt to compromise IoT (Internet of Things) devices.
-
Thoughts on the use of noVNC for phishing campaigns
Dear Fellowlship, today’s homily is a rebuke to all those sinners who have decided to abandon the correct path of reverse proxies to bypass 2FA. Penitenziagite!