Friday, June 5, 2020

Ars Technica

Iran- and China-backed phishers try to hook the Trump and Biden campaigns

Enlarge (credit: Marco Verch Professional Photographer and Speaker) State-backed hackers from Iran and China recently targeted the presidential campaigns of Republican President Donald Trump and Democrat Joe Biden, a Google threat analyst said on Thursday. The revelation is the latest evidence of foreign governments attempting to gain intelligence on...

Small ISP cancels data caps permanently after reviewing pandemic usage

Enlarge (credit: Getty Images | RichLegg) The coronavirus pandemic caused big ISPs to put data caps on hold for a few months, but one small ISP is going a big step further and canceling the arbitrary monthly limits permanently. Antietam Broadband, which serves Washington County in Maryland, announced Friday...

Zoom defenders say there are legit reasons to not encrypt free calls

Enlarge (credit: Zoom) If you’ve waded into Twitter timelines for security and privacy advocates over the past five days, you’ve no doubt seen Zoom excoriated for its plans to enable end-to-end encrypted video conferencing solely for paying customers. Zoom’s millions of non-paying users won’t receive the protection so...

Computerworld

The ultimate guide to privacy on Android

On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it's how the company makes the lion's share of its money — and it can be tough to square the notion of data collection...

Get your May 2020 Windows and Office patches installed

Headlines scream that you should avoid the May patches. Pshaw. From what I’ve seen they’re largely overblown. Not to say that all is well in patchland – it isn’t. But the situation has stabilized, and I don’t see any reason to hold back on May’s patches.Of course, I’m assuming...

Microsoft Patch Alert: May 2020

With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it’s time for those of us who rely on stable PCs to consider installing the May patches.While the general outlook now is good, we’ve been through some rough...

CSO

Why abandoned domain names are so dangerous

Email holds the keys to the kingdom. All your password resets go through email, and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.The problem is especially grave for law firms where partnerships form, dissolve, and merge often, security...

Q&A: Box CEO Aaron Levie looks at the future of remote work

Once a company focused on cloud-based file-sharing, Box now offers features to support remote productivity and teamwork. CEO Aaron Levie talks about his company's evolution – and how the workplace continues to change. (Insider Story)

What is pretexting? Definition, examples and prevention

Pretexting definition Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story — or pretext...

Dark Reading

Name That Toon: Sign of the Tides

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Local, State Governments Face Cybersecurity Crisis

Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.

The Privacy & Security Outlook for Businesses Post-COVID-19

Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.

New ‘Tycoon’ Ransomware Strain Targets Windows, Linux

Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.

Errata Security

What is Boolean?

My mother asks the following question, so I'm writing up a blogpost in response.I am watching a George Boole bio on Prime but still don’t get it.I started watching the first few minutes of the "Genius of George Boole" on Amazon Prime, and it was garbage. It's the typical...

Securing work-at-home apps

In today's post, I answer the following question:Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?The tl;dr answer is this: don't add gimmicky features, but instead, take...

CISSP is at most equivalent to a 2-year associates degree

There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided a "CISSP was equivalent to a masters degree". I think...

F-Secure

Mitigations Against Adversarial Attacks

This is the fourth and final article in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”....

Adversarial Attacks Against AI

This article is the third in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more...

Malicious Use Of AI

This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more...

FireEye

Using Real-Time Events in Investigations

To understand what a threat actor did on a Windows system, analysts often turn to the tried and true sources of historical endpoint artifacts such as the Master File Table (MFT), registry hives, and Application Compatibility Cache (AppCompat). However, these evidence sources were not designed...

Analyzing Dark Crystal RAT, a C# backdoor

The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal ...

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications ...

Forbes

Forget Google—Huawei Surprises Millions Of Users With Radical New Update

It may not have Google, but Huawei has just surprised the world with the ultimate phone for its times.

Second Stimulus Payment: 35 Could Matter More Than $1,200 Or $2,000

There are smaller numbers to worry about than 1,200 or 2,000 when it comes to a second stimulus check. Numbers like 35.

Signal: How 1 Magnificent Upgrade Made This WhatsApp Alternative Irresistible

The latest feature to be added to signal app has meant this alternate to WhatsApp is suddenly among the most downloaded apps.

Google Security

Making the Advanced Protection Program and Titan Security Keys easier to use on Apple iOS devices

Posted by Christiaan Brand, Product Manager, Google Cloud Starting today, we’re rolling out a change that enables native support for the W3C WebAuthn implementation for Google Accounts on Apple devices running iOS 13.3 and above. This capability, available for both personal and work Google Accounts, simplifies your security key experience...

The Advanced Protection Program comes to Google Nest

Posted by Shuvo Chatterjee, Product Manager, Advanced Protection ProgramThe Advanced Protection Program is our strongest level of Google Account security for people at high risk of targeted online attacks, such as journalists, activists, business leaders, and people working on elections. Anyone can sign up to automatically receive extra safeguards...

Expanding our work with the open source security community

Posted by Eduardo Vela, Vulnerability Collector, Google At Google, we’ve always believed in the benefits and importance of using open source technologies to innovate. We enjoy being a part of the community and we want to give back in new ways. As part of this effort, we are excited to...

Graham Cluley

Goodbye Naked Security?

The Naked Security blog is part of my history. Now, as Sophos makes cut-backs, it might be history for all of us.

The scammer who tried to launder over $500,000 through Business Email Compromise

A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies, including Electrolux, out of hundreds of thousands of dollars. Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #181: Anti-cybercrime ads, tricky tracing, and a 5G Bioshield

Police are hoping to stop kids becoming cybercriminals by bombarding them with Google Ads, phishers rub their hands in glee at the NHS track and trace service, and just how does a nano-layer of quantum holographic catalyzer technology make a USB stick cost hundreds of pounds? All this and much...

IBM Security

Shift Your Cybersecurity Mindset to Maintain Cyber Resilience

As the business world navigates the ups and downs of today’s economy, a mindset shift is required to maintain cyber resilience. Cybersecurity, often an afterthought in a strong economy, must not be neglected in responding to shifts in the business landscape. As more companies expand their remote workforce, the number...

How Zero Trust Will Change Your Security Design Approach

As a security architect within IBM Security Services, I often get asked the question, “What exactly is a Zero Trust architecture?” Well, there is no single or unique answer to that question for two reasons. First, Zero Trust is not an architectural model but rather a set of guiding principles...

How Cybersecurity Leaders Can Chart the Seas of Business Communication

As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Taking time to refine business communication can help those in security and technical leadership roles heighten the effectiveness of their...

Info Security Buzz

This Time It’s Personal

We’ve all received emails from our “banks” or “family members” asking us to transfer money or click on a ‘funny’ video. Hackers are truly outsmarting a lot of individuals by not only knowing their name, but also being able to impersonate email mannerisms, nicknames, and other private details. So...

Managing A New Kind Of Complexity In Software-defined Networking

Software-defined networking (SDN) has moved up the enterprise IT agenda in recent years. And it’s easy to see why – in theory, SDNs are far quicker and easier to control and alter than traditional networks. By using open protocols to apply controls from the network edge, SDNs enable network...

How To Control Costs And Risks As Data Subject Access Requests Increase

More organizations now store and process personal data, which automatically makes them subject to GDPR and CCPA. Gartner estimates that “by 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% today.”*  Moreover, individuals are becoming more aware of their rights. Therefore, we...

Infosec Island

Threat Horizon 2022: Cyber Attacks Businesses Need to Prepare for Now

The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure. Over the coming years organizations will experience...

Why the Latest Marriott Breach Should Make Us “Stop and Think” About Security Behaviors

Marriott International has experienced their second data breach after two franchise employee logins were used to access more than five million guest records beginning in January. Contact details, airline loyalty program account numbers, birth dates and more were collected -- but likely not Bonvoy loyalty account numbers, PINs or...

Google Skips Chrome 82, Resumes Stable Releases

Google is on track to resume the roll-out of stable Chrome releases next week, but says it will skip one version of the browser. Last week, the Internet search giant said it was pausing upcoming releases of the browser, following an adjusted work schedule due to the COVID-19 (coronavirus) pandemic,...

Infosecurity Magazine

North Dakota Contact Tracing App Ends Data Share with Foursquare

North Dakota Contact Tracing App Ends Data Share with Foursquare The operators of a North Dakota contact tracing app have had a rethink when it comes to sharing users' data with third-party services.  Care19 was created by ProudCrowd LLC to track the spread of COVID-19 in the Peace Garden State. Following the...

Florida Student Discovers Flaws in Leading Doorbell Security Cameras

Florida Student Discovers Flaws in Leading Doorbell Security Cameras "Systematic design flaws" have been discovered in leading internet-connected doorbell and security cameras by a Florida Institute of Technology student. Blake Janes unearthed vulnerabilities in devices manufactured by Ring, Nest, SimpliSafe, and eight other companies relating to the removal of active...

Maine Community College Becomes First in State to Offer Cybersecurity Program

Maine Community College Becomes First in State to Offer Cybersecurity Program Maine residents hoping to pursue a career in cybersecurity will finally be able to study the subject at community college. Starting in fall 2020, Northern Maine Community College (NMCC) will be the first community college in the state to offer a cybersecurity...

Krebs on Security

Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top...

REvil Ransomware Gang Starts Auctioning Victim Data

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware...

Career Choice Tip: Cybercrime is Mostly Boring

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises...

Naked Security

Botnet blasts WordPress sites with configuration download attacks

A million sites attacked by 20,000 different computers.

You DID change your password after that data breach, didn’t you?

Apparently, some people consider their passwords "invincible", even after a data breach. Don't be those people.

Nuclear missile contractor hacked in Maze ransomware attack

Attackers hacked and encrypted the computers of a contractor whose clients include the US military, government agencies and major military contractors.

PC Mag

The Best Free Antivirus Protection for 2020

Windows Defender is improving, but you still shouldn't rely on Windows 10's security tools as your sole means of protection. Many free third-party security apps are more effective at keeping you safe. We've tested 17 no-cost services to help you find the best free antivirus for protecting your PC.

Qustodio

Parental control app Qustodio is a highly configurable, easy-to-manage tool for keeping track of your child's activity on Windows, Mac, iOS, and Android devices, though it comes at a premium price.

Malware Steals Data By Adjusting Screen Brightness

Malware on an air-gapped computer can transmit data like Morse code by changing screen brightness in a way that's invisible to the naked eye but easily recorded with a camera.

SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a privilege escalation vulnerability in the authorization controls of the IOx application...

Achieving an audacious goal by treating cybersecurity like a science

When humans discovered and learned to ‘obey’ the laws of physics and chemistry, we began to thrive in our world.  It enabled us to make fire, build machines much stronger than ourselves, to cure diseases, to fly. What will it take for us to thrive in the world of cyberspace? ...

UCSF, Conduent are latest to suffer the slings and arrows of ransomware

Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks. UCSF was targeted by the NetWalker (aka MailTo) ransomware group, as evidenced by a post on the cyber gang’s data leak website,...

Schneier on Security

New Research: "Privacy Threats in Intimate Relationships"

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended...

Zoom’s Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure we don't want...

Wallpaper that Crashes Android Phones

This is interesting: The image, a seemingly innocuous sunset (or dawn) sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter thread, the problem lies...

SecureMac

Dacls

also known as DaclsRAT Type: Trojan Horse Platform: Mac OS X Last updated: 06/01/20 9:59 pm Threat Level: High Description Dacls is a trojan horse. Dacls Threat Removal MacScan can detect and remove Dacls Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this...

Checklist 187: Talking Encryption with Patrick Wardle

This week, we sit down with a special guest to discuss the ins and outs of encryption — touching on everything from iPhone passcodes and brute-force attacks to political posturing and quantum computing! The post Checklist 187: Talking Encryption with Patrick Wardle appeared first on SecureMac.

New unc0ver jailbreak works on all modern iOS devices

Just as Apple released iOS 13.5 to the world, hackers at unc0ver announced that they had developed a jailbreak that would work on devices running iOS 11 all the way up to the brand new iOS 13.5. In what follows, we’ll try to answer some common questions about the unc0ver...

Security Affairs

Cyber Defense Magazine – July 2020 has arrived. Enjoy it!

Cyber Defense Magazine June 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 165 pages of excellent content. Cyber Defense Magazine June 2020 Edition has arrived. Tips, tricks, ideas, secrets and insider information on the best practices in cybersecurity.  Please read it and share it with your...

IP-in-IP flaw affects devices from Cisco and other vendors

A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service...

Apple fixes CVE-2020-9859 zero-day used in recent Unc0ver jailbreak

This week Apple released security patches to address the CVE-2020-9859 zero-day vulnerability that had been used to jailbreak iPhones devices. Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones. The flaw was discovered by a team of cyber-security researchers...

SecurityWeek

IBM Releases Open Source Toolkits for Processing Data While Encrypted

IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted. read more

RiskIQ Raises $15 Million to Help Focus on Critical Industries

San Francisco, CA-based attack surface management firm RiskIQ has raised $15 million in a Series D funding round led by National Grid Partners (NGP). NGP is the venture and innovation arm of the British multinational utility company National Grid plc. read more

Russia Angrily Denies German Allegations on 2015 Cyberattack

The Russian Foreign Ministry on Thursday angrily rejected Germany’s allegations over Russian intelligence involvement in a cyberattack against the German parliament. read more

TechRepublic

Unauthorized drone detection is getting easier with software from Blackberry

A new partnership with Dedrone has led to a platform that can instantly detect and notify security personnel of drones in sensitive airspace.

New Java-based ransomware targets Windows and Linux servers

Aimed at SMBs, educational facilities, and software companies, the ransomware leverages Java to encrypt server-based files, according to BlackBerry and KPMG.

How to encrypt an external drive or card in macOS

Looking to encrypt removable storage on macOS, but can't figure out how? Jack Wallen shows you the way to make this work.

The Guardian

EasyJet hacking attack: are you affected and what should you do?

The airline has said the personal information of 9 million customers has been compromised• EasyJet reveals cyber-attack exposed 9m customers’ detailsEasyJet revealed on Tuesday it had suffered a “highly sophisticated” cyber-attack. It comes at a time of heightened concern about a surge in online and phone scams linked to...

EasyJet reveals cyber-attack exposed 9m customers’ details

Airline apologises after credit card details of about 2,200 passengers were stolenEasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.The company on Tuesday disclosed that email addresses and travel details were accessed and said it will contact...

Early access to superannuation paused as police freeze $120,000 in allegedly stolen funds

‘Sophisticated’ identity theft attack leads to Australian Tax Office stopping early super withdrawals until MondaySign up for Guardian Australia’s daily coronavirus emailDownload the free Guardian app to get the most important news notificationsAllegations of identity theft involving 150 Australians have forced the government to pause the early release of...

The Hacker News

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in...

Two Critical Flaws in Zoom Could’ve Let Attackers Hack Systems via Chat

If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers. Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical...

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database...

The Register

Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…

UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data

Questions linger over involvement of biz linked to Dominic Cummings and Vote Leave campaign UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency.…

Signal goes Gaussian to take privacy to the next level: All your faces don’t belong to us

Blur tool brings privacy protection to images, in these troubled times Amid nationwide protests over the death of George Floyd, secure comms biz Signal has deployed a blur tool in its messaging and calling app to allow users to obscure faces in app-captured snapshots.…

The Security Ledger

Spotlight Podcast: Securing the Enterprise’s New Normal

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about COVID 19 and the security risks that go along with the "new normal" that has emerged out of the pandemic. While organizations face challenges securing remote workers, Steve also sees...

New LastPass report finds consumer behavior affects the workplace

More than 90% of employees know re-using passwords between accounts is a dangerous business, but two thirds of them do it anyway. Rachael Stockton of LastPass digs into the "why" of password insecurity in the latest LastPass Psychology of Passwords report. The post New LastPass report finds consumer behavior...

Password Psychology: users know reuse is bad, do it anyway

More than 90% of employees know re-using passwords between accounts is a dangerous business, but two thirds of them do it anyway. Rachael Stockton of LastPass digs into the "why" of password insecurity in the latest LastPass Psychology of Passwords report. The post Password Psychology: users know reuse is...

Threatpost

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.

News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate

Threatpost editors discuss debunked reports of a Minneapolis police department breach and Zoom announcing only paying users would get end-to-end encryption.

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?

A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.

Tycoon Ransomware Banks on Unusual Image File Tactic

To fly under the radar, the newly discovered ransomware is compiled into a Java image file format that's rarely used by developers.

Tripwire

HyperBeard Fined $150K for Allegedly Collecting Children’s Data Illegally

The U.S. Federal Trade Commission (FTC) fined app developer HyperBeard $150,000 for allegedly collecting children’s data in an unlawful way. On June 4, the FTC announced that HyperBeard had agreed to pay a fine of $150,000 and to delete any information it had collected from children under the age...

Phishers Use Fake VPN Config Notification to Target Office 365 Details

Security researchers observed phishers leveraging a fake VPN configuration notification to target employees’ Office 365 credentials. Abnormal Security found that the campaign attempted to capitalize on the trend of organizations implementing VPNs for the purpose of securing their remote employees during COVID-19. As quoted by the security platform: The...

Passenger Railroad Service Says Data Breach Might Have Affected PII

A passenger railroad service announced that a data breach might have affected some passengers’ personally identifiable information (PII). In a “Notice of Data Breach” letter sent to the Attorney General’s Office of Vermont, Amtrak revealed that it had discovered the data breach on April 16 2020. Amtrak looked into...

Troy Hunt

Weekly Update 194

Cybersecurity Blogger Awards; HIBP Wiped a Ticketing System with a SQLi Email; The MPD “Hack” (that wasn’t); The “Lead Hunter” Breach; Sponsored by NordVPN https://www.troyhunt.com/weekly-update-194/

Weekly Update 193

The Privacy Impact of Returning to Restaurants Post COVID-19; HIBP “Fan Mail”; 6 New Data Breaches in HIBP; Sponsored by NordVPN https://www.troyhunt.com/weekly-update-193/

Weekly Update 192

I Got a Hair Cut; COVID-19 Stats in Australia; The “db8151dd” (Covve) Data Breach; How I Feel About Online Conferences; Sponsored by NordVPN https://www.troyhunt.com/weekly-update-192/

We Live Security

Mozilla fixes high‑risk Firefox flaws, bug in DoH feature

The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers The post Mozilla fixes high‑risk Firefox flaws, bug in DoH feature appeared first on WeLiveSecurity

Facebook now lets you delete old posts in bulk

Dealing with skeletons lurking in your Facebook closet has never been easier The post Facebook now lets you delete old posts in bulk appeared first on WeLiveSecurity

Google adds Nest devices to Advanced Protection Program

You can now shore up your smart home security by leveraging Google's top security offering The post Google adds Nest devices to Advanced Protection Program appeared first on WeLiveSecurity

Wired

The Police’s Military Tactics Turn Peaceful Protests Violent

Research shows that calm and negotiation, not excessive force, reduces damage. So why are officers still turning to tear gas?

Weed Sales on the Dark Web Sales Surged Early in the Pandemic

Research shows that as Covid-19 lockdowns spread people turned to internet dealers for their pot fix.

Games Aren’t Doing Enough to Combat Toxicity at Launch

Riot Games has cutting-edge moderation tools at its disposal. Few of them are present in Valorant, which launched this week.

Zoom’s End-to-End Encryption Will Be for Paying Customers Only

The video conferencing company says it wants to be able to work with law enforcement to catch bad actors on its platform.

ZDNet

QNAP NAS devices targeted in another wave of ransomware attacks

eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices.

China, Iran, and Russia worked together to call out US hypocrisy on BLM protests

Report from social media research group shows foreign diplomats and state-controlled media pounced on the US' abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals.

Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers

Google's TAG team said phishing attacks against Biden and Trump campaign staffers were unsuccessful.