Android breach project

An open source research tool and application that looks into the circumstances in which Android’s permission model can be compromised to harm user privacy. Note that we are not talking of exploits here, but normal usage of Android’s APIs which can be manipulated in ways that can expose the phone user’s privacy. For example. one issue is that apps can monitor the phone’s screen state, which of course has legitimate uses. but can also be...

Firefox up paying Bug Bounty

Mozilla has updated its bug bounty policy to make it more appealing to security researchers. It has also launched a new website for security researchers, and Firefox bug bounty participants. Tom Ritter, in his inaugural post to the new  Attack & Defense blog took the opportunity to review the recent performance of the Firefox bug bounty program, which he notes began in 2004. Between 2017-2019, Mozilla paid out $965,750 to researchers across 348 bugs, making the...

How to setup App Passwords by Google

App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification. Users are only required to enter App Passwords once and do not need to remember it. An App Password is a 16-digit passcode that gives a non-Google app or device permission to access a user’s Google Account. App Passwords can only be used with accounts that have 2-Step Verification turned on. To help keep your account secure, use...

Setup Duo 2FA for Instagram

As the fourth industrial revolution takes on at scale with socialization and business becoming more and more intimate with the online world, so is the issue of security. Today, almost all major social media platforms allow you to add an additional layer of protection to your accounts. Two-factor authentication settings can usually be enabled under your account’s security and login settings. You may find settings with names like “Additional Verification” or “Login Verification” or “2FA”...

Chrome patches 0-Day Bug

SecurityChrome patches 0-Day Bug

27 February, 20205 min

Google on Tuesday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked ‘HIGH’ in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild. The brief description of the Chrome bugs, which impose a significant risk...

6 of the biggest crypto heists of all time

When you store your money in a traditional bank, you do so because you have few other options. Of course, it’s possible to sidestep banks and store money in the form of government bonds or cash under your mattress, but the lack of insurance, physical security and convenience dissuades people from doing so. Let’s be honest: Until recently, no one had much other choice. The rise of cryptocurrencies gave people the option to “be their...

Jenkins server exposed to DoS Attacks

There has been an alert to DevOps to take precaution against an imminent Jenkins server exposure. Security researchers are warning that 12,000 cloud automation servers around the world could be hijacked to launch denial of service (DoS) attacks. Radware issued an emergency response team threat alert yesterday after discovering 12,802 Jenkins servers that are still vulnerable to a flaw patched at the end of January. Discovered by Adam Thorn of the University of Cambridge, CVE-2020-2100...

Facebook Instagram and Twitter accounts hacked

Hackers took over two social media accounts belonging to Facebook on Friday afternoon. Saudi white hat hacking group OurMine compromised Facebook’s official Twitter and Instagram accounts as part of a publicity stunt to advertise their own security services. After gaining access to Facebook’s socials, the hackers left a slightly misleading message that implied the Facebook website itself had been hacked as supposed to the company’s Twitter and Instagram accounts (or whichever third-party company was hired...

Chrome to block HTTP downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection – even if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and send data over to it in clear text. When using an HTTPS website, on the other hand, the browser checks that it has a legitimate SSL...