BonziBuddy (or “Bonzi Buddy”) was a piece of internet spyware masquerading as a virtual assistant. It was created by Bonzi Software, a company that was once one of the most visited sites on the web but, through subsequent events, ended up meeting its massive downfall.
Security
Why was #Facebook down for five hours?
Facebook was down for five hours last week. What happened and what do DNS and BGP have to do with it?
Thingiverse Data Leak Affects 228,000 Subscribers
Thingiverse, a website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information, confirms Troy Hunt, creator of the Have I Been Pwned data breach notification service, citing the circulation of this data set on a popular hacking forum.
All of #Twitch has just leaked, including its source code and user payouts
What just happened? A hacker appears to have leaked the entirety of livestreaming service Twitch, from the source code and user payouts to encrypted passwords. It’s recommended that all users change their passwords, enable two-factor authentication, and reset their stream key.
A 4Chan user posted the 125GB torrent link on the forum earlier today, saying it was to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool.”
Hackers found a new way to store viruses in GPU memory
According to Bleeping Computer, cybercriminals have found a new way to hide malware in graphics cards memory. This method of utilizing graphics card memory instead of system memory is undetectable by the antivirus software, the original advertisement on hacking forums claims.
The malware uses graphics memory allocation space, from where the code is executed. The technology uses OpenCL 2.0 API on Windows operating system, no other systems are affected by the malicious code.
The hacker confirmed that the code has been tested on Intel UHD 620/630 graphics as well as Radeon RX 5700 GPU and GeForce GTX 740M and GTX 1650 discrete cards. It is unclear if other graphics cards are affected, but assuming that this method uses OpenCL 2.0, it is very likely to be compatible with other modern GPUs.
IoT Security: Backdooring a smart camera by creating a malicious firmware upgrade
In this video we look at reverse engineering a basic firmware format of a commonly found IoT camera – and then creating a backdoored firmware that calls back to our command & control server and allows us to remotely control it!
How a USB key defeated security on the Sony PlayStation 3 | MVG
The Story of how a simple USB device defeated Security on the Sony PlayStation 3 and how it works
Ashcon Mohseninia’s Rust-Based Open Vehicle Diagnostics Aim to Break the Manufacturer Stranglehold
Written in Rust, Open Vehicle Diagnostics aims to reach feature-parity with expensive manufacturer-specific ECU management solutions.
Undergraduate student Ashcon Mohseninia has released a Rust-based open source tool, created for a final year project at the University of Reading, designed to offer engine control unit (ECU) diagnostics: Open Vehicle Diagnostics (OVD).
“I know there are some open source diagnostic software suites out there that work on Linux,” Mohseninia writes of the project. “However they are focused on the ELM327 adapter and OBD2, whereas this is focused more on the more advanced diagnostics, essentially building a utility which could have feature parity to OEM diagnostics software such as Daimler’s Veidmao/Xentry/Das or VW VAG software.”
How a Cereal Box Toy Hacked AT&T’s Phone Lines
How a simple toy, found in a cereal box, hacked AT&T’s phone lines.
PasswordPump v2.0 Can Manage Credentials for Up to 250 Accounts
The USB device is outfitted with a pair of removable EEPROM chips that store credentials using AES-256 encryption.
It’s not uncommon for most PC users to have multiple accounts and passwords for a host of different sites and applications. Trying to remember all of those credentials can be a pain or a downright disaster if passwords are forgotten, not to mention hackers could steal any sensitive information. To that end, the safest and easiest way to manage website passwords and other credentials are to store that information offsite, rather than locally or in the cloud.