Author Archives: Zeljka Zorz

4 years after data breach, Slack resets 100,000 users’ passwords

Roughly 100,000 Slack users are getting their password reset and will have to choose a new one. The reason? During the data breach the company suffered in 2015, the attackers have apparently not only accessed a database with user profile information and “irreversibly encrypted” passwords, but have also “inserted code that allowed them to capture plaintext passwords as they were entered by users at the time.” What happened in 2015? Unknown attackers gained access to … More

The post 4 years after data breach, Slack resets 100,000 users’ passwords appeared first on Help Net Security.

Malicious Python packages found on PyPI

Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software repository for Python and a great source of open source libraries and modules for implementing common functionalities. Unfortunately, if a malicious component ends up on it, chances are many developers will download and implement it before it is discovered and removed from the repository. This happened with libpeshnx, libpesh and libari, … More

The post Malicious Python packages found on PyPI appeared first on Help Net Security.

FaceApp privacy panic: Be careful which apps you use

The privacy panic over FaceApp, the selfie-editing mobile app that makes photo subjects younger, older or turns them into members of the opposite sex, has been overblown. The (overblown) issue FaceApp is an iOS and Android app developed by Russian company Wireless Lab and is not without past controversy (e.g., lightening skin color to make users “hot”). In this latest bout of massive popularity, the app makers were “accused” of siphoning pictures from users’ mobile … More

The post FaceApp privacy panic: Be careful which apps you use appeared first on Help Net Security.

Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet

A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via the Internet. About Iomega and LenovoEMC Iomega Corporation was acquired in 2008 by EMC. In 2013, Iomega became LenovoEMC – a joint venture between Lenovo and EMC Corporation – and Iomega’s products were rebranded under the new name. Iomega’s and LenovoEMC’s storage products were aimed at small and medium-sized businesses. … More

The post Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet appeared first on Help Net Security.

Researcher releases PoC code for critical Atlassian Crowd RCE flaw

A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity. Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon. About the vulnerability (CVE-2019-11580) Atlassian Crowd allows enterprise admins to manage users from Active Directory, LDAP, OpenLDAP or Microsoft Azure … More

The post Researcher releases PoC code for critical Atlassian Crowd RCE flaw appeared first on Help Net Security.

Do you have what it takes to be a hardware hacker?

If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must have to embark on a (white hat) hacking career. A love for money, on the other hand, is not. “In my mind, hackers are security researchers who spend a lot of their life in testing, learning and getting better at what they do because … More

The post Do you have what it takes to be a hardware hacker? appeared first on Help Net Security.