• Apr 2, 2020

    TLDR #3: Zero Trust Security

    Zero Trust Security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are within or outside of the network perimeter. “Zero trust”… read more »
  • Apr 1, 2020

    Be careful! A Windows flaw lets Zoom leak network credentials and run code remotely

    Researcher have found a security issue in the Windows client of the popular video conferencing service that can be used for limited remote code execution and, worse, to capture and replay security tokens to access network resources. The app has… read more »
  • Apr 1, 2020

    Weekly Privacy Roundup #1

    Also in my privacy roundup the main topic this week is, again and unfortunately, the COVID-19 pandemic. Bluetooth tracking and COVID-19: A tech primer In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments… read more »
  • Mar 31, 2020

    Some security thoughts about videocalls

    Recently in Norway a school had to stop using the Whereby video conference service because during a video lesson a man broke into the group video conference and ​showed himself naked. This new phenomenon is called, according to Wikipedia, "Zoombombing":… read more »
  • Mar 30, 2020

    Weekly Cybersecurity Roundup #1

    From today, i'll start to split the original "Weekly Roundup" in several small posts spread over the entire week.So, let's start with the "Weekly Cybersecurity Roundup"! Two zero days are Targeting DrayTek Broadband CPE Devices From December 4, 2019, 360Netlab… read more »
  • Mar 27, 2020

    Amethyst: an 8-bit home computer based on ATmega1284

    Amethyst is a great project by Matt Sarnoff.It's like a classic home computer: it has an integrated keyboard and can generate audio and video and has a built-in high-level programming language for users to write their own programs. It uses… read more »
  • Mar 26, 2020

    A brand-new attack hijack routers’ DNS to push malicious COVID-19 apps

    A recently discovered campaign that targets home and small-office routers is redirecting users to fake COVID-19 informational sites that attempt to install password stealing malware. A post published by security firm Bitdefender [1] said the attack is targetting Linksys routers,… read more »
  • Mar 25, 2020

    Windows Service Accounts enumeration using Powershell

    Windows Service Accounts are the elephant in the room in the corporate environment: things that nobody ever talks about or considers to be a problem. Often, these service accounts are in the Domain Admins group, with passwords like "Service123", "Password123",… read more »