Ax Sharma – Medium

Apr 27, 2021

Codecov hack aftermath: hundreds breached, many more to follow

Attackers who breached Codecov for over 2 months also reportedly hacked into hundreds of networks. The full extent of this incident is yet to unfold in the upcoming weeks. — On April 1st software testing firm, Codecov became aware of a security incident. The company learned, that for over two months, Codecov’s Bash Uploader scripts used by hundreds or thousands of their customers had been altered with a malicious line of code that exfiltrated information in the environment variables present…

Cybersecurity

2 min read

Codecov hack aftermath: hundreds breached, many more to follow

Cybersecurity

2 min read

Sep 18, 2020

A malware alert left hundreds of Bank of America customers panicking

Hundreds of Bank of America customers had trouble accessing their bank accounts yesterday due to Avast and AVG antivirus engines flagging the site as “malware.” — According to reports, hundreds of Bank of America customers had trouble accessing their bank accounts yesterday due to Avast and AVG antivirus engines flagging the site as “malware.” Naturally, seeing a virus alert when visiting their banking website would worry any customer.

Cybersecurity

2 min read

A malware alert left hundreds of Bank of America customers panicking

Cybersecurity

2 min read

Sep 5, 2020

Why is this internet story making everyone sick?

It’s not your usual erotica: it transcends normal. Don’t read it! — Yesterday, spending a regular afternoon on Twitterverse this popped up on my feed:

Culture

29 min read

Why is this internet story making everyone sick?

Culture

29 min read

Jul 14, 2020

Choosing a domain escrow: Beware of the extra fees, hiccups, and risks.

The $9.99 Transpact escrow fee could end up being 10x more, if you use a money transfer service, like TransferWise. — When buying and selling domains online, escrow services help protect the assets and both parties until terms have been mutually agreed to, and money has changed hands. For any kinds of transactions, from real estate to goods and services to domain names, an escrow workflow remains roughly the same. Instead…

Finance

10 min read

Using Transpact for domain escrow? Beware of the extra fees, hiccups, and risks.

Finance

10 min read

Jul 12, 2020

Why do Hulu and Netflix not use 2-factor authentication?

Numerous user complaints ask the same question. And, what to do if your account is compromised? — Streaming service accounts get compromised all the time either due to data breaches, credential stuffing attacks from leaked databases, or simply because of users employing weak passwords. How accessible a streaming service makes it for a rightful account owner to attempt recovery is what counts. However, in the case of…

Technology

8 min read

Why do Hulu and Netflix not use 2-factor authentication?

Technology

8 min read

Jul 7, 2020

PlayStation discloses “severe” Use-After-Free kernel vulnerability

Researcher awarded a $10,000 bounty for reporting the bug — Originally published at securityreport.com on July 7, 2020. PlayStation has disclosed a severe use-after-free vulnerability, after over three months since it was reported. The vulnerability discovered by researcher Andy Nguyen exists in PS4 Firmware versions 7.02 and below. …

Cybersecurity

2 min read

PlayStation discloses “severe” Use-After-Free kernel vulnerability

Cybersecurity

2 min read

Jun 26, 2020

Behind an entire catalogue of malicious Chrome extensions? Allegedly, a domain registrar

Security company has accused an Israeli domain registrar for registering thousands of malicious domains powering Chrome malware — Originally published at https://securityreport.com on June 26, 2020. It is not unusual for malware to use malicious C&C servers and domains. However, what we learn this week is something entirely different, sinister and going at a much larger scale. In a report published by the Awake Security Threat Research Team…

Cybersecurity

4 min read

Behind an entire catalogue of malicious Chrome extensions? Allegedly, a domain registrar

Cybersecurity

4 min read

Jun 26, 2020

Curve Card Services Disrupted Due to Wirecard’s Suspended License

Customers advised carrying alternate cards and payment methods — Originally published at https://securityreport.com on June 26, 2020. In an email sent out today to Curve card customers, it is stated that their card would no longer be working, at least temporarily. Curve is an all-in-one credit card product in UK which lets customers carry a single card, and switch…

Technology

3 min read

Curve Card Services Disrupted Due to Wirecard’s Suspended License

Technology

3 min read

Jun 23, 2020

Hacking the antivirus: BitDefender remote code execution vulnerability

The bug could let an attacker take control of your computer from any malicious website they controlled! — What happens when the very antivirus designed to keep you and your organization safe becomes a threat vector for the attackers to exploit? Yesterday, I broke the news story on Bleeping Computer about a remote code execution vulnerability which was recently discovered and disclosed by security researcher and blogger Wladimir…

Cybersecurity

5 min read

Hacking the antivirus: BitDefender remote code execution vulnerability

Cybersecurity

5 min read

Jun 22, 2020

‘BlueLeaks’: data from over 200 police departments exposed in a massive leak

Timestamps on documents suggest the leak spans 24 years worth of data. — A group that goes by the name Distributed Denial of Secrets (DDoSecrets) has published 269 GB worth of data with hundreds of documents, images and sensitive information from over 200 police departments. The legitimacy of this data has been confirmed by the National Fusion Center Association (NFCA) to KrebsOnSecurity. Originally…

Cybersecurity

3 min read

‘BlueLeaks’: data from over 200 police departments exposed in a massive leak

Cybersecurity

3 min read