Tuesday, August 4, 2020
Internet Storm Center Infocon Status

LATEST

The Register

As the world descends into madness, it’s good to see some things never change: Monthly Android patches

Qualcomm bugs among the worst – including a critical hole in wireless networking Google has emitted the August edition of its Android software security updates.…
TechRepublic

Why multi-factor authentication should be set up for all your services and devices

More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.

New Spin on a Longtime DNS Intel Tool

Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
The CyberWire Podcast

US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.

The US attributes the Taidoor remote access Trojan to the Chinese government. Sources tell Reuters that documents used in an attempt to influence the last British general election were taken from the compromised email account of the trade minister....
SecurityWeek

GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue

GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
SecurityWeek

Tampa Teenager Accused in Twitter Hack Pleads Not Guilty

A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud. read more
SecurityWeek

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. read more

EU launching deep probe into Google’s planned $2.1 billion Fitbit buy

Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images) Regulators in the European Union are launching...
ZDNet

Firefox adds protections against redirect tracking

New protection already active in Firefox 79; will roll out to all Firefox users in the next few weeks.

Retooling the SOC for a Post-COVID World

Residual work-from-home policies will require changes to security policies, procedures, and technologies.

Michigan’s Largest Healthcare Provider Phished Again

Michigan's Largest Healthcare Provider Phished AgainMichigan's largest healthcare provider has warned around 6,000 patients that their data may have been exposed following a cyber-attack. The cybersecurity incident is the second phishing-related data breach to befall Beaumont Health in recent months.  In April, the organization started...
The Register

They say the tooth will set you free… so Brit dentist trade union tells members: ‘Bad news; we’ve been hacked’

Bank account numbers and sort codes may have been accessed by intruders Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.…
TechRepublic

Google and Amazon most impersonated brands in phishing attacks

WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.
ZDNet

Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)

Kaspersky says Oilrig (APT34) group has been using DoH to silently exfiltrate data from hacked networks.

FBI Issues Online Shopping Scam Alert

FBI Issues Online Shopping Scam Alert The Federal Bureau of Investigation has issued a warning to online shoppers after a rise in the number of Americans not receiving items purchased on the internet.  In a statement published yesterday, the FBI said that...
SecurityWeek

Microsoft Paid Out Nearly $14 Million via Bug Bounty Programs in Past Year

Microsoft reported on Tuesday that it paid out roughly $13.7 million through its bug bounty programs between July 1, 2019, and June 30, 2020. read more
MSRC

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective...
FireEye

Announcing the Seventh Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering (FLARE) team is honored to announce that the popular Flare-On challenge will return for a triumphant seventh year. Ongoing global events proved no match against our passion for creating ...

Google & Amazon Replace Apple as Phishers’ Favorite Brands

Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.

Facebook Seen as Riskiest Online Platform

Facebook Seen as Riskiest Online Platform Internet users have named Facebook as the online platform that poses the biggest security risk to their personal data.   A survey conducted by Australia's Edith Cowan University found that 68% of respondents believed their data to...
SecurityWeek

Reviving Cybersecurity Innovation with Experience at the Forefront

Take another look at the title of this article. Do you find it to be a surprising statement? Cybersecurity innovation is not quite at the stage where it needs resuscitation, still, the last few months have demonstrated the need...
SecurityWeek

U.S. Attributes Taidoor Malware to Chinese Government Hackers

A malware analysis report published on Monday by the U.S. Department of Defense, the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI officially attributes a piece of malware named Taidoor to threat actors sponsored by the Chinese government. read...
624FollowersFollow

LEADERS

Bruce Schneier

Cybercrime in the Age of COVID-19

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic.
Brian Krebs

Robocall Legal Advocate Leaks Customer Data

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone...
Bruce Schneier

BlackBerry Phone Cracked

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one...
Brian Krebs

Three Charged in July 15 Twitter Compromise

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising...
Bruce Schneier

Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments.