Not sure if anyone posted this yet, but the youtube-dl takedown also screwed over journalists who relied on it for archival and analysis purposes:

freedom.press/news/riaa-github

Loginizer < 1.6.4 - Unauthenticated SQL Injection

wpscan.com/vulnerability/10441

This is serious. Over 1m WordPress sites have this plugin running.

If you are using WordPress, check if this plugin is installed - and update now.

NSA publishes list of top vulnerabilities currently targeted by Chinese hackers

zdnet.com/article/nsa-publishe

Pulse Secure VPN servers, F5 BIG-IP, Citrix ADC, Oracle, Atlassian Confluence, ...

Plus a bunch undisclosed/currently unknown vulnerabilities I assume.

QAnon/8Chan Sites Briefly Knocked Offline

krebsonsecurity.com/2020/10/qa

All it took was one phone call to their DDoS mitigation provider...

My response to this popular thread on Twitter (link and image attached for those not on Twitter)

Crazy! It's more than a theoretical threat...

AGPL partially protects from these parasitical moves. Amazon would need to open source their modification which would probably prevent them from trying.

Relevant to our license change earlier this week: plausible.io/blog/open-source-

Source: twitter.com/tim_nolet/status/1

The level of blatant censorship occurring on all social platforms, regardless of where you sit on the political spectrum, should worry us all. Social platforms should not be arbiters of truth, and it's just getting worse.

Robinhood estimates that ~2,000 accounts were compromised in a recent hack:

bloomberg.com/news/articles/20

Robinhood said a "limited number" were affected by personal email breaches...

Iranian state hacker group linked to ransomware deployments

zdnet.com/article/iranian-stat

"Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers.

While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions to MuddyWater, a known Iranian state-sponsored hacking group..."

New Filter Alert:

We're happy to announce our new filter: "Academic Fraud". With kids going back to school, both schools and parents are looking for ways to combat the plethora of do-it for you online service (e.g., essays, homework).

Available in Beta to all paid plans.

Microsoft and others orchestrate takedown of TrickBot botnet

zdnet.com/article/microsoft-an

"A coalition of tech companies has announced today a coordinated effort to take down the backend infrastructure of the TrickBot malware botnet.

Companies and organizations which participated in the takedown included Microsoft's Defender team, FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec.

"

Pretty good team work.

I really hate it when IP address fields are coded this way. You can't just copy and paste an IP address in, and they usually behave in non-standard ways.

-2m scanned websites contained outdated software which could potentially lead to an exploit.

-70k sites were infected with SEO spam, accounting for 39.59% of website infections.

-19k scanned websites contained malicious scripts or iframes from blacklisted domains.

-11% of infected sites were found to include scripts and iframes from blacklisted domains.

Pretty good report from Sucuri:

blog.sucuri.net/2020/10/sitech

Nakabonne/ali: Generate HTTP load and plot the results in real-time (from your terminal):

github.com/nakabonne/ali

Testing it out, seems like a great tool.

Superb (and, interesting, too) historical context to counter the argument for the state's demand for intrusion into our privacy:

news.ycombinator.com/item?id=2

#privacy

Did you know that back in 2003, Verisign thought that it was a good idea to hijack NXDOMAIN answers for all .com and .net domains?

And pushed all those domain typos to their sitefinder product?

antonym.org/2003/10/verisign-v

jdebp.uk./FGA/verisign-internet-coup.html

Glad that did not last.

Show more
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Managed by the noc.org team.