Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files (blog.malwarebytes.com)
We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores. This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot.
Attackers Cryptojacking Docker Images to Mine for Monero (unit42.paloaltonetworks.com)
The images hosted on this account have been collectively pulled more than two million times. One of the wallet IDs identified has been used to earn more than 525.38 XMR1, which roughly translates to $36,000 USD. Additionally, when we last checked minexmr.com for this wallet ID, we saw recent activity indicating that it’s still being used.
Perhaps the malware is using ransomware’s2 hallmark file encryption as a destructive tool in an attempt to permanently lock users out of their computers. Or maybe ThiefQuest is just looking to get as much money out of victims as possible. The real question with Mac ransomware, as always, is what will come next?
Let’s be clear: this software is specifically designed to help employers read workers’ private messages without their knowledge or consent. By any measure, this is unnecessary and unethical.
“What seems to be possible only in police thrillers and movies has happened before our own eyes,” Andy Kraag, head of National Criminal Investigations Department in the Netherlands said in a press conference. “We’ve captured messages that give us a view of daily life in the criminal world.”
If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number
Google Data Center Security: 6 Layers Deep [Video] (youtube.com)
Security is one of the most critical elements of our data centers’ DNA. With dozens of data centers globally, security operations means managing a massively complex network.
Software Entropy (camhashemi.com)
In software, we work in a world where chaos is measurable and cleanliness is achievable. We just need the right set of signals and responses to make it happen.
How to finish your side project (hugozap.com)
It’s good to have an open mind and be ok with finding dead-ends, they are powerful teachers. However, shipping projects is awesome and by reducing scope and anticipating interruptions you will be able to complete your project and release it to the world.
How does SQLite work? (jvns.ca)
Modifying open source programs to print out debug information to understand their internals better: SO FUN.