Ubuntu-Maker Canonical’s GitHub Account Gets Hacked

An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories.

It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent" sophisticated supply-chain attack that could have been abused to distribute modified malicious versions of the open-source Canonical software.

In a statement, David from Canonical confirmed that attacker(s) used a Canonical owned GitHub account whose credentials were compromised to unauthorizedly access Canonical's Github account.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," David said.

D-Link Agrees to 10 Years of Security Audits to Settle FTC Charges

Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers.

Your wireless router is the first line of defense against potential threats on the Internet.

However, sadly, most widely-used routers fail to offer necessary security features and have often found vulnerable to serious security flaws, eventually enabling remote attackers to unauthorizedly access networks and compromise the security of other devices connected to it.

In recent years, the security of wireless networks has been more of a hot topic due to cyber attacks, as well as has gained headlines after the discovery of critical vulnerabilities—such as authentication bypass, remote code execution, hard-coded login credentials, and information disclosure—in routers manufactured by various brands.

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.

Have you ever noticed they all had at least one thing in common?

That's OpenSSH.

As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on a targeted computer, where an unprivileged attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system.

GPD P2 Max: The world's smallest Ultrabook

GamePad Digital’s marketing department has been offering up some great promotional work for the upcoming P2 Max game console/Ultrabook/mini-laptop. The manufacturer has announced that the device will begin its crowdfunding campaign at the end of June; the P2 Max’s Indiegogo page is already stuffed with some interesting comparisons, though.

Firstly, GPD has pointed out that the P2 Max is the same size as an iPad mini 4, with its game console-Ultrabook hybrid sporting an 8.9-inch display and weighing just 650 g (23 oz; net weight). It’s these particular specifications that put the device “ahead” of the Surface Pro 6 and Dell’s XPS 13, as both of those rivals are larger and heavier. It looks like the “world’s smallest Ultrabook” definitely has that going for it at least.

Android phones can now be security keys for iOS devices

Hey, iOS users. Got a spare Android phone lying around? Now, you can use it as a secure access key for online services.

In April, Google announced that it was making secure access keys available on its Android phones. These software-based keys are based on the FIDO2 standard, which is a community attempt by several industry players to make secure logins easier.

Instead of having to remember a password when logging into a website, you can use a digital key stored on a piece of suitable hardware. Google and other vendors offer small hardware dongles that connect either via a computer’s USB port, or via Bluetooth. Your browser reads the digital key from the device and sends it to the website to prove that you’re legit.

Hackers interrupt Eurovision webcast in Israel with missile attack alert

The targeted broadcaster is blaming hackers from Hamas for the attack.
The official website of Israeli Public Broadcasting Corporation (KAN) telecasting webcast of Eurovision 2019 event in Tel Aviv was briefly hacked and defaced by unknown hackers on Tuesday 14th.

The hackers left a deface page along with a two minutes video message interrupting the ongoing broadcast with content against Israel. One of the messages also displayed fake missile attack alert triggering panic among viewers.

Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed

Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident.

Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a week after they gained unauthorized access to its production version.

Founded by Jeff Atwood and Joel Spolsky in 2008, Stack Overflow is the flagship site of the Stack Exchange Network. With 10 million registered users and over 50 million unique visitors every month, Stack Overflow is very popular among professional and enthusiast programmers.