Welcome to StrRAT.

Ransomware, a type of attack where hackers encrypt data and then charge a ransom to decrypt and return it, has already caused all kinds of problems in 2021.

The most famous recent incident is probably the Colonial Pipeline hack, which led the company to close for several days a pipeline that carries almost half the fuel for the east coast of the United States. Although security experts generally frown upon paying the ransom demands in these situations because it encourages more attacks, the company ultimately paid close to $5 million for the return of their data.

And last week, Microsoft…

It’s a doozy.

Wi-Fi has been around in some form for more than two decades, and over the years, researchers have discovered all kinds of vulnerabilities that can be used to hack into networks and steal data as it passes through.

Well, there’s a new one to add to the list.

Last week, researchers from NYU Abu Dhabi announced a new set of bugs. They go back decades and affect virtually every Wi-Fi network out there.

It’s called FragAttack, short for “fragmentation and aggregation attacks.”

The good news is, it’s very difficult to exploit, and there’s no reason to think anyone has taken…

It was only a matter of time.

As of this writing, the pipeline that carries 45% of the fuel for the East Coast of the US is shut down. And the reason why?

Hackers, of course.

This week, in what security experts are calling the biggest attack on the energy sector since 2019, hackers targeted the Colonial Pipeline company with a ransomware attack.

For obvious reasons, the company hasn’t released much information about the details of the hack. Whatever the vulnerability was, and however it was exploited, they don’t want other bad actors taking advantage until everything is fixed.

But we do know that at least 100…

Almost everyone is vulnerable.

It was huge news back in 2018. Researchers had discovered a vulnerability that affected nearly all processors manufactured in the previous few years. They called it Spectre, and appropriately so — the, ahem, specter of this exploit loomed over the computer manufacturing world.

You can install all the antivirus software you want, but if the problem is way down deep in the hardware of the computer itself, it’s not really going to help you.

Luckily, CPU manufacturers eventually released fixes that mitigated that problem. And for a while, all was well.

At least, until this week, when a group of…

It could have been much worse.

You hear about companies getting hacked all the time. Equifax, MyFitnessPal, Marriott — the list goes on. Usually, it’s user data that’s stolen, and some of these hacks have compromised literally hundreds of millions of accounts.

In a hack publicized this week, Apple was the target. But unusually, it wasn’t user data that was stolen this time. It was blueprints: designs for new Apple products. And the hackers want $50 million to make them stop publishing the stolen information on the internet.

The perpetrators, a group that calls themselves REvil, didn’t actually hack Apple itself. …

It’s for their own good.

It almost sounds like a conspiracy theory. This week, the FBI announced that it hacked hundreds of servers around the US, remotely executing code on the machines.

But it’s very real. In fact, the Justice Department itself made the announcement, and received court authorization to do this.

The whole thing sounds very strange. But it turns out the hack had a very specific purpose: to protect these computers from the very same exploit the FBI was using to hack into them.

The FBI headquarters in Washington, DC. Credit: Aude

See, back in January, a security testing firm told Microsoft there was a major vulnerability in Microsoft Exchange Server…

When hacking shows its good side.

It’s what you never want to hear: An important service, used by millions, has a critical vulnerability.

In a story that broke this week, the service in question was Zoom. The vulnerability, had it been exploited, would have allowed bad actors to run whatever code they wanted on a user’s machine.

In this case, though, the story has a happy ending.

Often when you hear about vulnerabilities in software, it’s because they’ve already been exploited by hackers — specifically, black hat hackers, the term for hackers who act maliciously.

But there’s a whole other side to hacking. It’s called white…

The hack could have been devastating, but it was handled near-perfectly.

Every so often, you hear about one of these huge, internet-breaking hacks that reveals just how fragile our networking infrastructure is.

This week it almost happened again.

Close to 80% of websites use the programming language PHP in some form. Like many languages, it’s open source, meaning the code behind the language is publicly available — and editable.

Of course, there are protections in place to make sure not just anyone can go in and change the source code for the language. But this week, those protections failed.

Hackers were able to change the code behind PHP to allow anyone…

If you’re an avid programmer or even just familiar with your computer’s Bash terminal, odds are it’s come up before: the cURL command.

cURL stands for Client URL Request Library, and it allows you to use your terminal to send and request information from websites or APIs.

It’s useful for all kinds of different things, from downloads to installs to web scraping to data analysis. But one of it’s most common uses in programming is API requests.

There are other tools for this, of course, like Postman, but if you just need to do a quick check to see what…

AKA the best utility for working with data in JavaScript.

If you’re trying to do anything fancy with data in JavaScript, you might be tempted to build the methods yourself. And that’s completely understandable — for a lot of new programmers, that’s the first strategy that comes to mind.

But before you get into brute forcing that new function, you might want to check out Lodash. Because odds are, it already has you covered.

Lodash is amazing for all kinds of things — iterating over arrays, objects, and strings, manipulating values, you name it.

To get started, all you have to do is run npm install lodash. Then, in the…

Alyssa Lerner First

Software developer and science/tech writer. Python, Ruby on Rails, JavaScript, React/Redux, Java. Fascinated by the amazing stories behind today’s tech.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store