Wednesday, July 18, 2018

LATEST

PayPal’s pal Venmo spaffs your pals’ payments – and yours

200 million transactions visible to all, inc. the inside dope on a cannabis seller's annual sales PayPal-owned digital wallet Venmo shares way too much data via its public API, according to Berlin-based researcher Hang Do Thi Duc.…

Microsoft to pay new bounties for identity services holes

If ye can board Microsoft accounts, Azure AD or even OpenID without the skipper knowing, loot be your reward Microsoft’s launched a new bug bounty program, this time for identity services.…

ISC StormCast for Wednesday, July 18th 2018

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/GitHub

Risky Biz Soap Box: Cylance: Driving machine learning model development with threat research

There’s no weekly show this week, I’m on a beach somewhere tropical right now and I prepared this one so we’d have something to run while I’m away. The Soap Box is one of our wholly sponsored podcasts here...

Blood test biz LabCorp pulls plug on systems over hacker fears

US medical testing giant says no evidence of data theft after alarms triggered Medical biz LabCorp shut down some of its systems last week after it detected "suspicious activity" on its network.…

White House Cybersecurity Strategy at a Crossroads

Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.

Episode 104: Mueller’s Cyber Eye on the Russian Guys also Reaper Drone Docs Stolen

In this week’s episode of the podcast (#104): the Mueller indictment of 12 Russian GRU operatives for hacking the 2016 presidential election was a bombshell. It was also 30 pages long. We read it so you don’t have to...

Microsoft launches Identity Bounty program

Modern security depends today on collaborative communication of identities and identity data within and across domains.  A customer’s digital identity is often the key to accessing services and interacting across the internet.  Microsoft has invested heavily in the security...

Facebook defends itself against report it allowed hate speech for financial gain

Facebook has denied allegations by a by a U.K. news outlet that it gave preferential treatment to some pages that promote hate speech because of financial interest, saying that creating a safe environment for its users remains a top priority....

LuminosityLink creepware developer cops plea in Kentucky

Man admits to selling remote access malware for spying A US software developer has admitted to selling and supporting malware, after originally claiming the remote access tool was legitimate admin software.…

Scumbag confesses in court: LuminosityLink creepware was my baby

Man admits to selling remote access malware used by morons for spying A US software developer has admitted to selling and supporting spyware after originally claiming his remote access tool was legitimate admin software.…

Oracle Releases July 2018 Security Bulletin

Original release date: July 17, 2018Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages...

NHS At 70 And The Role Of Cybersecurity

The UK’s National Health Service is celebrating its 70th anniversary this year. To coincide with this, the UK government has made a big financial commitment to the service’s future. The NHS annual budget of £114 billion will rise by...

What is single sign-on? How SSO improves security and the user experience

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated...

Checklist 97: Privacy Nightmare at 30,000 Feet

In the past, we’ve spent a substantial amount of time talking about the business of security flaws. Usually, it centers around things such as selling personal data on the Dark Web after stealing it using exploits and attacks. Credit...

One-Third of Businesses Lack a Cybersecurity Expert

Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

ES&S admits a handful of systems were shipped with PCAnywhere tool A US voting machine manufacturer has admitted some of its systems sold in the early 2000s had a remote access tool installed.…
The CyberWire Podcast

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found...

Siemens Informs Customers of New Meltdown, Spectre Variants

Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. read more

Cloud Security: Lessons Learned from Intrusion Prevention Systems

The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.

Tech giants, civil liberties coalition urges Congress to pass email privacy law

Right now, the government can read your six-month-old emails without a warrant.

Look, what’s that over there? Sophos nips Windows DNS DLL false positive in the bud

Temporary file temporarily shuffled off to quarantine A recently updated Windows library created a false positive problem for some Sophos users on Tuesday after the software wrongly identified it as potentially malign.…

RATs Bite Ukraine in Ongoing Espionage Campaign

An ongoing espionage campaign aimed at Ukraine is leveraging three different remote access Trojans (RATs), ESET security researchers warn. read more

Back in Washington, Trump Under Pressure to Reverse Course on Russia

President Donald Trump found himself isolated and under pressure to reverse course Tuesday after publicly challenging the US intelligence conclusion that Russia meddled in the 2016 election during his face-to-face with Vladimir Putin. read more
529FollowersFollow

LEADERS

Installing a Credit Card Skimmer on a POS Terminal

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station.

New Pluralsight Course: The State of GDPR – Common Questions and Misperceptions

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.I love so many of the underlying principles of GDPR as it relates to protecting our personal...

21-year-old woman charged with hacking Selena Gomez

Popstar Selena Gomez’s alleged hacker has been charged. Are your secret password reset questions easy to answer with public information?

‘LuminosityLink RAT’ Author Pleads Guilty

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers...

IoT search engine exposes passwords of over 30,000 vulnerable DVRs

A researcher has discovered that it’s easier than ever before to hack at least one brand of internet-enabled DVR, as an IoT search engine has cached their passwords within search results. Read more in my article on the Bitdefender BOX...