∗∗∗ Six-Year-Old "Loop Bug" Re-Discovered to Affect Almost All Major PDF Viewers ∗∗∗
A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of todays top PDF viewers, according to German software developer Hanno Böck.
https://www.bleepingcomputer.com/news/software/six-year-old-loop-bug-re-discovered-to-affect-almost-all-major-pdf-viewers/
∗∗∗ TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities ∗∗∗
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.
https://www.bleepingcomputer.com/news/security/trustzone-downgrade-attack-opens-android-devices-to-old-vulnerabilities/
∗∗∗ The Mirai Botnet: A Look Back and Ahead At Whats Next, (Tue, Sep 5th) ∗∗∗
It is a bit hard to nail down when the Mirai botnet really started. I usually use scans for port:2323 and the use of the password "xc3511" as an indicator. But of course, that isn't perfect. The very first scan using the password "xc3511" was detected by our sensor on February 26th, 2016, well ahead of Mirai.
https://isc.sans.edu/diary/rss/22786
∗∗∗ Hunting Pastebin with PasteHunter ∗∗∗
>From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone.
https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/
∗∗∗ Finger weg von SHA-1: 320 Millionen Passwörter geknackt ∗∗∗
Wenn Webseitenbetreiber Passwörter von Kunden nicht sicher verwahren, ist der Super-GAU vorprogrammiert. Daran erinnern abermals Sicherheitsforscher, die in überschaubarer Zeit Millionen Passwörter entschlüsselt haben.
https://heise.de/-3822005