Cybersecurity News Roundup, July 29 - August 4
Qrator Newsletter

This blogpost represents a regular Cybersecurity Newsletter issue, available at the dedicated subscribe page.

This time, we're between July 29 and August 3 with the best articles posted.

 

Bruce Schneier's blog and commentaries on the (possible) WhatsApp backdoor: https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html

F5 research on the Kazakhstan MiTM: https://www.f5.com/labs/articles/threat-intelligence/kazakhstan-attempts-to-mitm-itscitizens;

New RIPE address assign policy: https://www.theregister.co.uk/2019/07/31/ripe_ipv4_address_queue/;

"Interactionless" attacks on the iOS, several links: https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf;

Qualcomm also have to patch some newly discovered flaws: https://blog.firosolutions.com/exploits/qualcomm/

Armis discovered 11 vulnerabilities at the VxWorks: https://armis.com/urgent11/;

Cryptographic attacks covered at the Checkpoint blog: https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/;

FastCompany on the hCaptcha, a ReCaptcha alternative: https://www.fastcompany.com/90377406/suspicious-of-googles-recaptcha-heres-a-popular-alternative;

Introduction to Transformers Architecture at the Rubik's Code blog: https://rubikscode.net/2019/07/29/introduction-to-transformers-architecture/;

Capital One breach, Brian Krebs version: https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/;

Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning: https://captmeelo.com/pentest/research/2019/07/29/port-scanning.html;

Linux Heap TCache Poisoning paper by Silvio Cesare: https://drive.google.com/file/d/1XpdruvtC1qW0OKLxO8FaqU9XCl8O_SON/view;

 

Repository of the week: https://github.com/AdrianVollmer/PowerHub/

 

Feel free to write us back at cybersec@qrator.net!