securityXspace: a blog about cyber-philosophy.

NBCNews.com WikiLeaks Releases Alleged CIA Hacking Secrets NBCNews.com WikiLeaks posted thousands of documents Tuesday that it said revealed important CIA hacking secrets, including the spy agency’s ability to penetrate encrypted communications apps such as Signal or WhatsApp. Source: WikiLeaks Releases Alleged CIA Hacking Secrets

Palo Alto Networks is happy to announce the addition of the Palo Alto Networks (Known Signatures) scanner to VirusTotal, continuing our long-standing relationship with the organization, and furthering our commitment to threat intelligence sharing. Source: VirusTotal Adds Palo Alto Networks to Intelligence Feeds

A new remote access tool (RAT) targeting macOS machines currently advertised on underground markets is believed to be using an unpatched 0-day vulnerability to gain root access on target machines. read more Source: macOS RAT Uses 0-Day for Root Access

Security Intelligence (blog) DblTek GoIP GSM Gateways Have a Backdoor Password Security Intelligence (blog) A recent report raised concerns about the security of certain devices manufactured by a company called DblTek. Trustwave SpiderLabs issued a report on a backdoor password scheme it found rampant in DblTek GoIP GSM gateways and other products that … and…

Kaspersky Lab released details about new wiper malware called StoneDrill that bears similarities to Shamoon2 and an APT outfit known as NewsBeef. Source: Destructive StoneDrill Wiper Malware On The Loose

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata. Source: WordPress 4.7.3 Security and Maintenance Release

mongoaudit is a CLI tool for MongoDB auditing of servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. Source: mongoaudit – MongoDB Auditing & Pen-testing Tool

A company run by a couple of known spammers has unknowingly leaked a series of files containing sensitive information about its operations, including nearly 1.4 billion user records. read more Source: Spammers Leak 1.4 Billion User Records

Googles’ rise is permanent, Microsoft wants you to give Office 365 a beating Google and Microsoft have both increased the cash on offer under their bug bounty programs.… Source: Google, Microsoft bump bug bounties

The popular security researcher Chris Vickery announced that he will shortly reveal the source of a massive data leak. Which is the source? The popular cyber security expert Chris Vickery from security firm MacKeeper announced that he will shortly reveal the source of a huge data breach impacting individuals. 1.4 billion identity leak story incoming…