- Last post
- 38 Responses
Change your passwords around amazon systems from all amazon sites to AWS accounts. No official info yet but there is a huge database for sale, with aws security credentials.
- Ooft, that'll torpedo Bezos massively, if true - especially where AWS is concerned.detritus
- i just changed it like 2 weeks ago! is this a separate breech from the big one last month?sarahfailin
- yes, they released some parts of the db to prove that it's realsted
- They can only hack your account *IF* you change your password... dun dun dunrobthelad
so my Linkedin account has been "pwned"
what are they going to do with my login exactly?
Move your private projects out of github, entire source was leaked, breach is expected.
seriously, I dont care if the gov is spying on my sms... what i say over there is very uninteresting... like making joke to my gf, asking her whats for dinner or "want me to buy ticket for this show"
I'm using Signal anyway because I like it.
Popular BitTorrent client uTorrent's forum, which has over 388,000 registered members and sees tens of thousands of visitors each day, has been hacked.
it's important to mention that you should never register at any circumstances on torrent sites.
- I would expect hackers to attack banks, or corporations and stuff...but this is like thieves going after thieves.Maaku
- ...assuming they're black hat and/or independentprophetone
- it makes perfect sense, not like a bunch of content pirates can run to the authoritiesterry_cloth
An unpatched vulnerability in Apple's Safari web browser could be exploited to allow for the transfer of local files from a victim's machine or mobile device. Although Apple requested the researcher to hold off on disclosing the vulnerability, the researcher felt the timeline for a patch was too long. Apple stated it would not release a patch until Spring 2021. The vulnerability abuses the Web Share API, which allows users to share links from Safari through third-party applications. Using the "file:" scheme, an attacker could pass a link to the navigator.share function containing a file from the user file system. To perform the attack, a user must be compelled to visit a malicious website and perform actions detailed on that website. The researcher provided a proof-of-concept with an innocuous image file, which he urged visitors to share amongst their friends. Upon pressing the share button, the user is presented with various ways by which to share the image. Should the user choose email, the code, image URL, and an arbitrary file are attached. Additionally, he was able to demonstrate the stealing of the passwd file. In some cases, the victim may not notice the attachment or the name of the attachment may not be displayed, giving the attacker a slight advantage as the attachment could be out of sight on the victim's screen. The victim would need to scroll down to see the attached file. This vulnerability affects devices running iOS 13.4.1 and 13.6, macOS Mojave 10.14.16 with Safari 13.1, and macOS Catalina 10.15.5 with Safari 13.1.1. Further details can be found in the links located within the Reference section below.
Do you use 3rd party/open-source scripts in your website and application builds? Should you trust them?
This guy lays out a shockingly simple method to spread malware and steal user data by taking advantage of developer laziness: Offer free opensource plugins, npm dependencies, etc.
Adult Friend Finder and others
Sexual secrets for hundreds of millions exposed in largest hack of 2016
Spotify is writing massive amounts of junk data to storage drives
It's in the air since the summer but still nobody knows what data is actually written on the users disk (as it isn't using that much network traffic). Spotify now made an official statement (after 4 months)
I recommend following @SwiftOnSecurity - an entertaining and informative albeit sometimes jargon-heavy mix of security news/talk and Taylor Swift.
Zoom *.* :D