Buffer security breach has been resolved – here is what you need to know: As of today, we’ve learnt some important, new information about how the hackers were able to get access to the Buffer database and steal the API tokens for Twitter and Facebook that were used to post spam on our users behalf. […]

MongoHQ Security Breach: On October 28, our operations team detected unauthorized access to an internal, employee-facing support application. We immediately responded to this event, by shutting down our employee support applications and beginning an investigation which quickly isolated the improperly secured account. We have determined that the unauthorized access was enabled by a credential that […]

Spain demands details of US eavesdropping: Spain on Monday met US Ambassador James Costos, summoned to explain the latest revelations in a growing scandal over the US snooping on telephone and online communications of ordinary citizens and world leaders, including German Chancellor Angela Merkel. The news emerged as a European Parliament delegation was to begin […]

Amy Winehouse is a victim of the Buffer hack (despite being dead): The weekend hack of the social-media sharing service Buffer saw thousands of victims sending out spam messages promoting miracle diets to their Twitter and Facebook followers. Buffer is used by plenty of different people, of course – individuals who want to know the […]

Adobe hack attack affected 38 million accounts: A cyberattack launched against Adobe affected more than 10 times the number of users initially estimated. On October 3, Adobe revealed that it had been the victim of an attack that exposed Adobe customer IDs and encrypted passwords. At the time, the company said that hackers gained access […]

Tech companies turn to lobbyists after NSA fallout: In the months following revelations that the National Security Agency accessed troves of data through several major U.S. Internet providers, Brazil’s president has declared Web-based data about Brazilian clients should only be stored on servers in Brazil. The leader of German software giant SAP has used the […]

Monitoring command line executions: A new feature coming to WLS is the ability to monitor commands executed at the command prompt. Using methods similar to Volatility’s cmdhistory.py and Extracting Windows Cmd Line Details from Physical Memory (pdf), commands and their associated cmd.exe PID can now be logged in near real-time.

Fake Whatsapp notification delivers malware: WhatsApp is one of the most popular instant-messaging services out there, and its huge user base (over 300 million active users) makes Whatsapp-themed spam a great way to infect a large number of computers. The latest of these spam campaigns is currently delivering emails claiming that the user has “Voice […]

SSL ATTACKS: In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were prominent in the field of cryptography. Transport layer security (TLS) ensures integrity of data transmitted between two parties (server and client) and also provides […]

Metasploit: A Penetration Tester’s Guide to IPM…: Dan Farmer is known for his groundbreaking work on security tools and processes. Over the last year, Dan has identified some serious security issues with the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMCs) that speak it. This post goes into detail on how […]