Tuesday, September 25, 2018
Internet Storm Center Infocon Status


Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...

PCI compliance slipping for first time in 6 years, but IT remains on top

According to Verizon data, only 52.5% of companies maintained full compliance with payment card industry standards in 2017.
DtSR Podcast

DtSR Episode 315 – Women in Cybersecurity-Mary Cheney

On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell...


Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't...

Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users

Domain registrar bungle takes down the website of one of the world's largest companies.
PC Mag

This Bug Can Crash Firefox by Forcing Repeated Downloads

Security researcher Sabri Haddouche is demonstrating the flaw with a web link that'll freeze the Firefox browser when it attempts to open the page. Mozilla is working on a fix.

Fault-Tolerant Method Use for Security Purposes in New Framework

A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.

SHEIN fashion retailer announces breach affecting 6.42 million users

Hack took place somewhere in June, but the company only discovered the breach in late August.

California Dem Candidate DDoS’d During Failed Primary Bid

The Rolling Stone was among outlets reporting that the website of Congressional candidate for California’s 25th District Democrat Bryan Caforio was taken down by DDoS attacks four times during his unsuccessful campaign, including critical junctures such as during a...
The Register

Microsoft ‘kills’ passwords, throws up threat manager, and APIs Graph Security

Cloud lineup gets security overhaul with 2FA and new monitoring tools Ignite  Microsoft is beefing up the security in its cloud services lineup with a handful of unveilings today at this year's Ignite conference.…

Vote Leave And Cambridge Analytica Linked Data Firm Hit With First Ever GDPR Notice

It was reported that the Information Commissioner’s Office (ICO) has handed the United Kingdom’s first formal General Data Protection Regulation notice to a Canadian firm linked to Cambridge Analytica, the firm behind the Facebook data scandal. AggregateIQ (AIQ) was accused of processing...

Internet Regulator

On news on the upcoming Government whitepaper detailing a future internet regulator, SD-WAN network expert Ian McEwan (Vice President EMEA of Aryaka, leading global SD-WAN provider) commented below. Ian McEwan, Vice President EMEA at Aryaka: “We have to wait and see...
PC Mag

Google Faces Privacy Backlash Over Chrome’s ‘Forced Login’ Policy

If you sign into any Google service on Chrome 69, like Gmail, the browser will automatically log you into Chrome, too. That prompted concern that Google was collecting browser histories via the sync feature, but Google says that's not...

One In Four Tech Professionals Have Confidence In Their AI Deployment

Despite heightened interest in enterprise deployment of artificial intelligence, only 40 percent of respondents to ISACA’s second annual Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning. Dr Anton Grashion, Managing...

In Quiet Change, Google Now Automatically Logging Users Into Chrome

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

What Exactly is Threat Hunting – and Why Does it Matter?

Naturally, we all want to detect every threat to our network as soon as it manifests itself. That’s why we spend a ton of money every year on tools that detect things automatically. But what do we do when...

Apple Releases Security Update for macOS Mojave

Original release date: September 24, 2018Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to...

U.S. General Service Administration Launches Bug Bounty Program

The United States General Service Administration’s (GSA) Technology Transformation Service (TTS) has launched a bug bounty program on HackerOne, the hacker-powered security platform announced on Friday. read more

Microsoft Deletes Passwords for Azure Active Directory Applications

At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.

New Adwind Campaign Targets Linux, Windows, and macOS

Adwind remote access Trojan (RAT) samples detected in a recently campaign were configured to gain persistence on Linux, Windows, and macOS systems, Cisco Talos warns. read more

6 Dark Web Pricing Trends

For cybercriminals, the Dark Web grows more profitable every day.


Brian Krebs

Beware of Hurricane Florence Relief Scams

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on...
Bruce Schneier

New Variants of Cold-Boot Attack

If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought...

Weekly Update 105

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricIt's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and...
Bruce Schneier

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution...
Brian Krebs

Credit Freezes are Free: Let the Ice Age Begin

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If...