Saturday, July 11, 2020
Internet Storm Center Infocon Status

LATEST

Reduce Cyber Risk

RCR 094: CISSP Exam Questions around Data Hiding – CISSP Training and Study!

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need...

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.
ZDNet

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

Sentencing scheduled for September 2020.

Apple’s Advice About MacBook Camera Covers Is Wrong, Here’s Why

Apple often gets things right, but its advice on MacBook cameras is dangerously wrong. Here’s why.
The CyberWire Podcast

Are you running what you think you’re running?

Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack...

How A Tech Entrepreneur Broke Records With A $189M Valuation Pre-Launch On The Road To $1B

Traditional banks aren’t innovating fast enough to improve credit card fraud, endpoint cybersecurity, AI-powered end-to-end identity verification and more intuitive user experiences creating new opportunities for startups
SC Magazine

Trump commutes Roger Stone’s sentence stemming from Mueller probe

President Trump has commuted the sentence of long-time confidante Roger Stone who was to report to prison on July 14 to serve 40 months after being found guilty of seven counts, including obstruction, witness tampering and lying to Congress. During...
SC Magazine

Biden’s new CISO must keep campaign managers engaged while navigating strange Covid-19 world

As the newly appointed CISO of Joe Biden’s presidential campaign, Chris DeRusha, former chief security officer with the State of Michigan, has fewer than four months to implement his cybersecurity vision before Election Day arrives — all in the...
The Register

An email banning our staff from using TikTok? Haha, funny story about that, we didn’t mean it – Amazon

Shock TikTok block clocked, unblocked as poppycock amid media aftershock Amazon today said an internal email banning its staff from using TikTok on smartphones connected to their corporate inboxes was sent in "error." The admission – or climb down,...
ZDNet

Researchers create magstripe versions from EMV and contactless cards

Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.
SC Magazine

Flaws in SETracker watch app posed danger to dementia patients

Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted...
SC Magazine

Citrix, Juniper and VMware patch array of vulnerabilities

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance....
7 minute security

7MS #422: Eating the Security Dog Food – Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today's episode continues the work...
Security Weekly

Don’t Touch My XP Dongle – PSW #657

This week, we welcome our very own Joff Thyer, Security Analyst at Black Hills Information Security, to deliver a Technical Segment on IPv6 Tunneling! In our second segment, we welcome Terry Dunlap, Co-Founder at ReFirm Labs, to talk about...

Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers

RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps.
Bruce Schneier

China Closing Its Squid Spawning Grounds

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high...
Security Weekly

Zoom 0-Day, F5-BIGIP RCE, & Apache Guacamole RCE – Wrap Up – SWN #48

Look, this week, it's all about the RCE. Seriously, there were so many RCE stories, wow. Oh and a creepy guy story. All this and more on the Security Weekly News Wrap Up!   Show Notes: https://wiki.securityweekly.com/SWNEpisode48 Visit https://www.securityweekly.com/swn...

Amazon bans Tiktok on employee phones as US gov’t scrutinizes Chinese app

Enlarge / A person using the video-sharing application TikTok on a smartphone in Faridabad in India on June 30, 2020. (credit: AFP) Amazon ordered employees to delete TikTok from their phones today, citing "security risks." Amazon's email to employees...

Biden Campaign Hires 2 Top Cybersecurity Executives

The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
The CyberWire Podcast

The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.

Unpatched and beyond-end-of-life systems are (again) at risk. Conti ransomware appears to be steadily displacing its ancestor Ryuk in criminal markets. Are privacy laws as consumer friendly as they’re often taken to be? There may be some grounds for...
SecurityWeek

Facebook Offering Big Rewards for Vulnerabilities in Hermes, Spark AR

Facebook announced on Friday that it’s offering significant rewards through its bug bounty program for vulnerabilities found in Hermes and Spark AR. read more

Google says trademarks should be open source, too—IBM disagrees

Enlarge / Nobody from IBM is proposing any lawsuits over Google's addition of Istio to its new Open Usage Commons foundation. But they're not happy about it. (credit: Nick Youngson) This Wednesday, Google announced a new open source...
624FollowersFollow

LEADERS

Bruce Schneier

China Closing Its Squid Spawning Grounds

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high...
Bruce Schneier

EFF’s 30th Anniversary Livestream

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to...
Graham Cluley

Google’s ad ban won’t stop stalkerware apps from promoting themselves

Google has announced that from August 2020 it will be prohibiting ads for stalkerware products and services. But a loophole means that the companies behind creepy stalkerware apps will still be able to advertise themselves.
Bruce Schneier

Business Email Compromise (BEC) Criminal Ring

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior...

Weekly Update 199

I’m Now in 4K; Amazing Suport on Stress; IoT Progress; I Got a Legal Notice; A Decade of Microsoft MVP; Duo Security Sponsoring https://www.troyhunt.com/weekly-update-199/