Latest Google+ flaw leads Chocolate Factory to shut down site early https://www.theregister.co.uk/2018/12/11/google_hacked_again/ Update now! Adobe issues emergency Flash update for a serious flaw https://www.komando.com/happening-now/518954/update-now-adobe-issues-emergency-flash-update-for-a-serious-flaw Adobe Security Bulletin https://helpx.adobe.com/security/products/flash-player/apsb18-42.html https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Australia passes new law to thwart strong encryption https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwart-strong-encryption/ GOOGLE TRACKS YOU EVEN IF LOCATION HISTORY'S OFF. HERE'S HOW TO STOP IT https://www.wired.com/story/google-location-tracking-turn-off/amp https://www.facebook.com/photo.php?fbid=2147208615360926&set=a.222301541184986&type=3&permPage=1 Iranians indicted in Atlanta city government ransomware attack https://arstechnica.com/information-technology/2018/12/iranians-indicted-in-atlanta-city-government-ransomware-attack/ Hackers breach Quora.com and steal password data for 100 million users https://arstechnica.com/information-technology/2018/12/quora-says-hackers-stole-password-data-and-other-details-for-100-million-users/ Microsoft is building its own Chrome browser to replace Edge https://www.theverge.com/2018/12/4/18125238/microsoft-chrome-browser-windows-10-edge-chromium New Report: Unknown Data Scraper Breach https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach/ Exploit Code for the Kubernetes Flaw Is Now Available https://www.bleepingcomputer.com/news/security/exploit-code-for-the-kubernetes-flaw-is-now-available/

Підвели підсумки 2018 року в інформаційній безпеці

Framework for Improving Critical Infrastructure Cybersecurity https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Доповідь Тараса про критичну інфраструктуру https://www.youtube.com/watch?v=vLy9i9OPcxU

На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom https://www.bloomberg.com/amp/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom Apple Insiders Say Nobody Internally Knows What's Going On With Bloomberg's China Hack Story https://www.buzzfeednews.com/amphtml/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi What Businessweek got wrong about Apple https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/ https://www.documentcloud.org/documents/4995748-Letter-20-October-208th-20version.html Facebook has been hacked and 50 million people's accounts have been exposed https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-hack-view-as-issue-bug-data-profile-am-i-safe-security-privacy-a8560061.html Google+ to shut down after coverup of data-exposing bug https://techcrunch.com/2018/10/08/google-plus-hack/ Here's how Google is revamping Gmail and Android security https://techcrunch.com/2018/10/08/heres-how-google-is-revamping-gmail-and-android-security/amp/ Google's Project Zero thwarts another major bug in Facebook's WhatsApp https://www.theinquirer.net/inquirer/news/3064393/googles-project-zero-thwarts-another-major-bug-in-facebooks-whatsapp Microsoft killing off the old Skype client… for real this time https://arstechnica.com/gadgets/2018/09/microsoft-killing-off-the-old-skype-client-for-real-this-time/ A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ How to Stop Google From Tracking Your Location https://www.wired.com/story/google-location-tracking-turn-off/ U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and

UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Yanick Fratantonio http://www.s3.eurecom.fr/~yanick/

Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Serhii Korolenko about #UISGCON14 #CTF

https://www.hackthis.co.uk The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 Passing Security By - Serhii Korolenko https://www.youtube.com/watch?v=rDOYUCy9phA Serhii Korolenko - XSS from zer0 to Hero (Workshop) https://www.youtube.com/watch?v=mKqc9u_BRLM

Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Alexander Færøy

Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave

https://www.news.com.au/technology/innovation/motoring/tech-billionaire-elon-musk-smokes-marijuana-and-drinks-whiskey-on-podcast/news-story/b228f58547f797e012c26074b959435e Windows 10 to get disposable sandboxes for dodgy apps https://arstechnica.com/staff/2018/08/windows-10-to-get-disposable-sandboxes-for-dodgy-apps/ Mongo Lock Attack Ransoming Deleted MongoDB Databases https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/ Open .Git Directories Leave 390K Websites Vulnerable https://threatpost.com/open-git-directories-leave-390k-websites-vulnerable/137299/ Tesla's new bug bounty protects hackers — and your warranty https://techcrunch.com/2018/09/06/teslas-new-bug-bounty-protects-hackers-and-your-warranty/ How Bitcoin's hidden footprint is impacting water use https://www.thesourcemagazine.org/how-bitcoins-footprint-is-impacting-water-use/

Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими

UISGCON14 https://14.uisgcon.org/ На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об'єкт критичної інфраструктури https://ssu.gov.ua/ua/news/1/category/2/view/5037#.MkS7rpun.dpbs Ukraine claims it blocked VPNFilter attack at chemical plant https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/ Speculative Buffer Overflows: Attacks and Defenses (pdf) https://people.csail.mit.edu/vlk/spectre11.pdf New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/ Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users https://thehackernews.com/2018/07/google-chrome-site-isolation.html Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу https://www.cisco.com/c/dam/global/uk_ua/assets/pdfs/Final_Files_Cisco_2018_ACR_Web.pdf?dtid=oemzzz000186&ccid=cc000160&ecid=10432&oid=anrsc005679 Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/ GitHub to Pythonistas: Let us save you from vulnerable code https://www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from_vulnerable_code/ Microsoft seeks regulation of facial recognition technology https://www.reuters.com/article/us-microsoft-facial-recognition/microsoft-seeks-regulation-of-facial-recognition-technology-idUSKBN1K32F0 Two-factor auth totally locks down Office 365? You may want to check all your services... https://www.theregister.co.uk/2018/07/13/2fa_o365_bypass_attacks/ The Tale of SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 Facebook fined for data breaches in Cambridge Analytica scandal https://amp.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres https://www.theregister.co.uk/2018/07/09/gas_station_hack/ 2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10864&cat=SIRT_1&actp=LIST Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10089 Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ Ammyy Admin compromised with malware again; World Cup used as cover https://www.welivesecurity.com/2018/07/11/ammyy-admin-compromised-malware-world-cup-cover/ https://regmedia.co.uk/2018/07/13/burkdoll_affidavit.pdf US: Government Has Planted Spy Phones With Suspects https://www.hrw.org/news/2018/07/13/us-government-has-planted-spy-phones-suspects The 111 Million Record Pemiblanc Credential Stuffing List https://www.troyhunt.com/the-111-million-pemiblanc-credential-stuffing-list/ June's Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors https://blog.checkpoint.com/2018/07/05/junes-most-wanted-malware-banking-trojans-crypto-mining/ Did CrowdStrike really miss the mark? https://medium.com/@rsatter/did-crowdstrike-really-miss-the-mark-ecedf0e09dd7 Securit13 Patreon https://www.patreon.com/securit13

В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель.

6688 http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=62236 Github Gentoo organization hacked - resolved https://gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html Apple corrects the record on reported iPhone vulnerability https://www.cyberscoop.com/iphone-brute-force-passcode-matthew-hickey/ Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature https://motherboard.vice.com/en_us/article/bj34wa/cops-unlock-iphones-without-a-warrant-apple-usb-restricted-mode Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles https://www.theregister.co.uk/2018/06/28/facebook_data_abuse_bug_bounty/ Former NSA contractor Reality Winner accepts guilty plea for leaking classified report https://www.cyberscoop.com/former-nsa-contractor-reality-winner-accepts-guilty-plea-leaking-classified-report/ Firefox is adding 'Have I Been Pwned' alerts https://www.cyberscoop.com/firefox-is-adding-haveibeenpwned-alerts/ «Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google https://thebell.io/gryaznyj-sekret-gmail-pisma-polzovatelej-chitayut-ne-tolko-sotrudniki-google/ "Stylish" browser extension steals all your internet history https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Brave browser adds private tabs with Tor for 'enhanced privacy protection' https://www.cyberscoop.com/brave-browser-adds-tor-tabs/ Fusion https://wiki.mozilla.org/Security/Fusion Alter attack https://alter-attack.net/ ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/ A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod https://www.theregister.co.uk/2018/06/27/notpetya_anniversary/ New RAMpage attack affects all Android phones released since 2012 [Update] https://www.androidcentral.com/rampage-attack-discovered Thanatos Ransomware Decryptor Released by the Cisco Talos Group https://www.bleepingcomputer.com/news/security/thanatos-ransomware-decryptor-released-by-the-cisco-talos-group/ First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million https://www.justice.gov/opa/pr/first-nationwide-undercover-operation-targeting-darknet-vendors-results-arrests-more-35 The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp/0451497899/ UISGCON14 https://14.uisgcon.org/ Securit13 Patreon https://www.patreon.com/securit13

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

SecurityBsides Odessa CTF is open! https://odessa.securitybsides.org.ua/#ctf All who wants to support BSides Odessa you can do it here https://bsidesodessa.ticketforevent.com/

SecurityBSides Kharkiv https://kharkiv.securitybsides.org.ua

The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies. https://motherboard.vice.com/en_us/article/wnxgwq/guccifer-20-is-likely-a-russian-government-attempt-to-cover-up-their-own-hack

The security firm halted the work after questions were asked in the European Parliament about its software. https://www.bbc.com/news/technology-44501506

She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave http://montrealgazette.com/news/local-news/mcgill-music-student-awarded-350000-after-girlfriend-stalls-career

Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done? https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ https://www.ieee-security.org/TC/SP2018/program.html https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ https://fpcentral.tbb.torproject.org

Apple is going after another way sites track you for ads. https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/

Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end https://www.cnbc.com/2018/06/12/you-think-its-your-friend-calling-but-its-actually-this-growing-phone-scam.html

Support us on Patreon https://patreon.com/securit13