The latest branded vulnerability, "httpoxy," comes complete with a website and Twitter feed -- but this time, experts say, researchers performed the disclosure responsibly.
The researchers discovered that the httpoxy vulnerabilities have been described many times since as early as 2001 and found in apps written with PHP, Python and Go, and could potentially be common in other programming languages. The httpoxy vulnerabilities don't allow remote code execution, but they do enable man-in-the-middle (MiTM) attacks against vulnerable web services.
Saturday, at around 2 PM, Pokemon GO servers experienced a prolonged downtime that affected all game infrastructure, thanks to a DDoS attack carried out by the relatively new PoodleCorp hacking crew.
As most DDoS attacks against gaming targets, the hackers weren't really focused on crashing the servers or extorting the company, but more about getting a reaction from the annoyed gamers, which didn't fail to arrive, on Reddit and Twitter, and with a lot of vitriol.
Hackers claiming to be Chinese, have defaced official government portals for two local government units (LGUs) from the Philippines.
Authorities noticed the incidents on Saturday, July 16. The two affected LGUs are for the cities of Loon and Panglao, in the Philippines' Bohol region, on the Island of Bohol. At the time of writing, the Panglao website has been taken down for maintenance, while the Loon portal still shows the defacement message, which reads:
Belgian security researcher Arne Swinnen found an inventive way to steal money from companies like Facebook (through the Instagram service), Google, and Microsoft, using their 2FA voice-based token distribution systems.
Most companies that deploy 2FA (Two-Factor Authentication) send short codes via SMS to their users. Optionally, if the user chooses to, he can also receive a voice call from the company as well, during which a robot operator speaks the code out loud.