You are here
Home > Author: Peter Glock

Access to over 3,000 backdoored sites sold on Russian hacking forum

Are you on the list?... [...] The forum is named MagBO and is a relative newcomer on the hacking scene, where other services HackForum,, xDedic, Nulled, or Mal4All have already made a name for themselves. But according to Flashpoint, this forum has its own niche, and that niche is in selling web shells to already-hacked websites. "Essentially, the breached websites host some sort of backdoor that would enable buyers to log in to them," Vitali Kremez, Directo

Australian encryption Bill raises bar for outrageous legislation: Comms Alliance

I always appreciate the robust language used in Australia. The problem with drafting legislation about technical issues using language to be interpreted by the courts is that a judge and I may have very different interpretations of what a 'systemic weakness' is...: [...] A little over a week since the window closed for public submissions on the government's draft Assistance and Access Bill, Minister for Home Affairs Peter Dutton on Thursday introduced the Bill into the House

As Tech Drives the Business, So Do CISOs

Many CISOs I talk to still spend a lot of time fighting operational fires. This survey may be more about aspiration than reality...: Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals. The tasks topping the CISO's to-do list are slowly shifting, as their core priorities transition from primarily technical expertise to securing business applications and processes. It's the key takeaway from a new

Zaif cryptocurrency exchange loses $60 million in recent hack

A reminder, only keep funds in a 'hot-wallet' that you need for immediate training. Everything else keep offline...: Japanese cryptocurrency exchange Zaif announced today that it lost $60 million worth of company and user funds during a security incident that took place last week. The company said it discovered the hack on Monday, September 17, and confirmed it a day later, when it reached out to authorities and reported the incident. The Zaif team suspended user depos

The Security Costs of Cloud-Native Applications

Running applications natively on a/the cloud brings a different set of security risks. This article on Dark Reading examines some of them, but not the lack of expertise in building secure cloud-native applications...: Businesses are increasingly reliant on cloud-native applications despite the strong, broad perception that use of the cloud will drive security risks. So, where are the security gaps and which issues are top of mind? The data comes from "The State of Cloud N...

Lawmakers pressure Google to share how YouTube collects, uses kids’ data

I have some sympathy with the content providers here. If an 8 year old pretends to be over 13 to gain access to YouTube, then that's a parenting issue...: [...] Rep. David Cicilline, a Democrat from Rhode Island, and Jeff Fortenberry, a Republican from Nebraska, said in their letter that YouTube's data collection practices "may not be in compliance with the Children's Online Privacy Protection Act of 1998," or COPPA, a federal law regulating user data collection from site

Publication of PoC in popular WordPress plugin leads to scans for vulnerable sites

I have used Duplicator on a few sites but, in line with best practise, I remove the plugin when not needed. Also, setup a cron task to update all themes and plugins and core files...: The vulnerability affects "Duplicator," a WordPress plugin that's installed on over one million sites, according to statistics listed on the official WordPress Plugins directory. The plugin is popular because it allows site admins migrate sites to new servers within minutes. Duplicator works

British Airways breach caused by the same group that hit Ticketmaster

Feeling safe online?... A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group's regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered into store checkout pages, information such a