From Security Weekly WikiJump to navigationJump to search
, 21:37, 12 November 2020
#[https://www.helpnetsecurity.com/2020/11/12/sms-voice-mfa/ Microsoft advises users to stop using SMS- and voice-based MFA - Help Net Security] - Still better than no MFA: ''Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it “significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population.”''
#[https://securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html The alleged decompiled source code of Cobalt Strike toolkit leaked online] - Crap: ''The repository has been already forked more than hundreds of times and is rapidly spreading online.''
#[https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE How to get root on Ubuntu 20.04 by pretending nobodys /home - GitHub Security Lab]
#[https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ Decrypting OpenSSH sessions for fun and profit]
#[https://www.zdnet.com/article/this-new-malware-wants-to-add-your-linux-servers-and-iot-devices-to-its-botnet/ This new malware wants to add your Linux servers and IoT devices to its botnet | ZDNet]
#[https://www.vice.com/en/article/xgzxmk/google-project-zero-bugs-used-to-hack-iphones-and-android-phones Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It]
#[https://www.quantamagazine.org/computer-scientists-achieve-crown-jewel-of-cryptography-20201110/ Computer Scientists Achieve Crown Jewel of Cryptography]