This is a weekly series to highlight the best articles and stories happening all over the web.
What was your favorite story? What topics would you like to see? Sound off in the comments!
The Market for Stolen Account Credentials
With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.
Read Krebs' thorough report on this shady underground market.
Unsecured Amazon S3 Bucket Exposes Details on 123 Million American Households
US data analytics provider Alteryx has left an Amazon S3 storage bucket exposed online, leaking the sensitive details of over 123 million US households in the process.
While the Alteryx database contained all sorts of data, the two most important files were two database archives belonging to Alteryx business partners, US consumer credit reporting agency Experian and the US Census Bureau.
Get the full story.
Exploits and fileless malware drive record new malware surge
As we prepare to enter 2018 we've seen malware reach an all-time high of 57.6 million new samples – four new samples per second – featuring developments such as new fileless malware using malicious macros, a new version of Locky ransomware dubbed Lukitus, and new variations of the banking Trojans Trickbot and Emotet. Threats attempting to exploit Microsoft technology vulnerabilities were very prominent despite the fact that the platform vendor addressed these issues with patches as early as the first quarter of 2017.
Check out the full threat report.
TP-Link repeater firmware squanders 715 MB/month
You should probably avoid TP-Link products if you’re on a tight bandwidth budget. By design, TP-Link firmware sends six DNS requests and one NTP query every 5 seconds, for a total of 715,4 MB per month.
The firmware of some TP-Link repeaters — but not routers — including all 2017 models are very talkative on NTP, to a total of 715,4 MB per month. NTP is the network time protocol used to synchronize clocks across the web. To put this number in context: an always-on Windows device will use around 1,6 KB per month on NTP.
TP-Link’s firmware doesn’t have any sort of DNS caching, and they query DNS about 6 NTP server pool addresses every 5 seconds followed by an NTP request to one of them. An always-on Windows client sends 1 DNS and 1 NTP request once a week. (If you power cycle or suspend your device, it will send one additional request.)
Make sure you're not going over your data cap.
A New Type of Computer Could Render Many Software Hacks Obsolete
On Tuesday the Defense Advanced Research Projects Agency (DARPA) announced it will be spending $3.6 million to develop a computer with hardware that is billed by its creators as an “unsolvable puzzle.” The project is called MORPHEUS, a homage to the ancient Greek god of dreams, and is intended to be a more robust alternative to today's so-called “patch and pray” approach to cybersecurity.
According to DARPA, 40 percent of software exploits available to hackers could be eliminated if a handful of different types of hardware weaknesses could be eliminated, such as errors with cryptography, code injection, and information leakage.
Learn more about the "computer circuit Rubik's cube."
What story from the last week the most important for you? We love hearing your feedback!
