Not sure if anyone posted this yet, but the youtube-dl takedown also screwed over journalists who relied on it for archival and analysis purposes:
Loginizer < 1.6.4 - Unauthenticated SQL Injection
This is serious. Over 1m WordPress sites have this plugin running.
If you are using WordPress, check if this plugin is installed - and update now.
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers
Pulse Secure VPN servers, F5 BIG-IP, Citrix ADC, Oracle, Atlassian Confluence, ...
Plus a bunch undisclosed/currently unknown vulnerabilities I assume.
QAnon/8Chan Sites Briefly Knocked Offline
All it took was one phone call to their DDoS mitigation provider...
Scary growth of the DDoS attacks size through the years...
Good read to understand how Google thinks and handles DDoS attacks.
My response to this popular thread on Twitter (link and image attached for those not on Twitter)
Crazy! It's more than a theoretical threat...
AGPL partially protects from these parasitical moves. Amazon would need to open source their modification which would probably prevent them from trying.
Relevant to our license change earlier this week: https://plausible.io/blog/open-source-licenses
How to do string operations in bash
Robinhood estimates that ~2,000 accounts were compromised in a recent hack:
Robinhood said a "limited number" were affected by personal email breaches...
Iranian state hacker group linked to ransomware deployments
"Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers.
While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions to MuddyWater, a known Iranian state-sponsored hacking group..."
Microsoft and others orchestrate takedown of TrickBot botnet
"A coalition of tech companies has announced today a coordinated effort to take down the backend infrastructure of the TrickBot malware botnet.
Companies and organizations which participated in the takedown included Microsoft's Defender team, FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec.
Pretty good team work.
Facebook is a monopoly that buys, copies, kills competitors: antitrust committee
I hope this get somewhere.
-2m scanned websites contained outdated software which could potentially lead to an exploit.
-70k sites were infected with SEO spam, accounting for 39.59% of website infections.
-19k scanned websites contained malicious scripts or iframes from blacklisted domains.
-11% of infected sites were found to include scripts and iframes from blacklisted domains.
Pretty good report from Sucuri:
If doctors were interviewed like software developers
Had to share...
Nakabonne/ali: Generate HTTP load and plot the results in real-time (from your terminal):
Testing it out, seems like a great tool.
Did you know that back in 2003, Verisign thought that it was a good idea to hijack NXDOMAIN answers for all .com and .net domains?
And pushed all those domain typos to their sitefinder product?
Glad that did not last.