Cybersecurity Newsletter, first in 2021
Qrator Newsletter

Welcome back to the regular cybersecurity newsletter brought to you by Qrator Labs! With this letter, we want to look back at the previous two weeks that started the year 2021 and pick only the most relevant stories. 

If you somehow missed the fact that on Tuesday, January 19, Qrator Labs will have an online anniversary event marking the start of a second decade for the company - please read our blog post, and follow the YouTube stream at 12 CET.

AS9304 leaking 8764 prefixes through AS15412

"Starting at 4:21 UTC, AS9304 - a Hong Kong-based ISP HGC Global Communications Limited, leaked a tremendous, compared to average leak, amount of prefixes - 8764. Those contained IP-addresses of 907 ASNs from 66 countries, creating 9140 conflicts overall."

Ubiquity urges its users to change the passwords and enable 2FA as a precaution due to exposure of some data hosted by a third-party


Linus Torvalds blames Intel for killing ECC

"ECC absolutely matters."

Researcher triangulates users location via Telegram feature

"A few days ago, I installed Telegram, and I noticed that they have the same feature. I tried to see if I can unmask other users' locations, and I found they have the same issue I discovered in the Line app a few years ago. I reported the problem to Telegram security, and they said it's not an issue. If you enable the feature of making yourself visible on the map, you're publishing your home address online. Lot of users don't know this when they enable that feature."

Jared Mauch didn’t have good broadband—so he built his own fiber ISP

"The old saying "if you want something done right, do it yourself" usually isn't helpful when your problem is not having good Internet service. But for one man in rural Michigan named Jared Mauch, who happens to be a network architect, the solution to not having good broadband at home was in fact building his own fiber-Internet service provider."

Microsoft informed Mimecast that one of their certificates was compromised by a sophisticated threat actor, endangering 10% of customers connections to Microsoft 365


Google Project Zero "In The Wild" Series containing 5 articles on Chrome, Android and Windows exploits

"We discovered two exploit servers delivering different exploit chains via watering hole attacks. One server targeted Windows users, the other targeted Android. Both the Windows and the Android servers used Chrome exploits for the initial remote code execution. The exploits for Chrome and Windows included 0-days. For Android, the exploit chains used publicly known n-day exploits. Based on the actor's sophistication, we think it's likely that they had access to Android 0-days, but we didn't discover any in our analysis."

Limiting Private API availability in Chromium

"During a recent audit, we discovered that some third-party Chromium based browsers were able to integrate Google features, such as Chrome sync and Click to Call, that are only intended for Google’s use. This meant that a small fraction of users could sign into their Google Account and store their personal Chrome sync data, such as bookmarks, not just with Google Chrome, but also with some third-party Chromium based browsers. We are limiting access to our private Chrome APIs starting on March 15, 2021."

Cracking a Chinese proxy tunnel: real world CTF personal proxy writeup

"This competition is not for the faint of heart! The lack of hints and exploration of previously unpublished vulnerabilities means that even the challenges marked “easy” can crush your soul as you get stuck for hours, with even confident players starting to display symptoms of Impostor Syndrome. On the other hand, the feeling of finally understanding and solving a challenge is highly rewarding. Jack and I played with our team cr0wn."

A Side Journey to Titan - Side-Channel Attack on the Google Titan Security Key

With best wishes for 2021!
For feedback, please write to us at