Is Donald Trump Putin’s Revenge?
A two-part Frontline documentary on PBS titled Putin’s Revenge examines the rise to power of an obscure ex-KGB agent named Vladimir Putin and the tactics he used to influence the last U.S. Presidential Election. Evidence would indicate that Putin prefers Republics to Democrats. Worth a look. Live stream them here.
Since we first published our blog post about the incredibly aggressive new brute force attack campaign earlier this week, we have been doing quite a bit of research into what the attacker is up to. We have just published a new post with our findings, including in-depth technical details and insight into how much money the attack has earned so far. We also provide an update on attack volumes for the last two days, along with some recommendations for keeping your site safe from these attacks.
The Captcha plugin was recently removed from the WordPress.org repository over what initially appeared to be a trademark issue. We dug deeper and discovered that the author had added a backdoor after having purchased the plugin from the original developer two months ago.
In today’s post we provide all of the details on the backdoor code that the author added along with a deep dive on the new author and their potential ties to similar attacks we’ve seen recently.
Fox-IT Security – Lessons Learned from a Man in the Middle Attack
Security firm Fox-IT was recently breached. Read the story, it is both instructive and an interesting example about transparency and responsibility after an intrusion.
Even if developers go above and beyond to avoid flaws that can be exploited by hackers, attackers can often still take advantage of bugs in the design of the underlying programming language.
This next major update, Quantum, is expected to include an option to turn on Tracking Protection during normal browsing
What’s wrong with this picture? A CISO is a Chief Information SECURITY Officer, and should be in favor of more security, not against it, as the headline suggests. This article actually goes in the direction of safe and sane (headline designed to grab eyeballs) There are some interesting ideas at the end. Worth a look.
12/13/2017 10:46 AM EST Original release date: December 13, 2017
CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.
The TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU #144389.