Saturday, July 11, 2020

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.
ZDNet

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

Sentencing scheduled for September 2020.

Apple’s Advice About MacBook Camera Covers Is Wrong, Here’s Why

Apple often gets things right, but its advice on MacBook cameras is dangerously wrong. Here’s why.

How A Tech Entrepreneur Broke Records With A $189M Valuation Pre-Launch On The Road To $1B

Traditional banks aren’t innovating fast enough to improve credit card fraud, endpoint cybersecurity, AI-powered end-to-end identity verification and more intuitive user experiences creating new opportunities for startups
SC Magazine

Trump commutes Roger Stone’s sentence stemming from Mueller probe

President Trump has commuted the sentence of long-time confidante Roger Stone who was to report to prison on July 14 to serve 40 months after being found guilty of seven counts, including obstruction, witness tampering and lying to Congress. During...
SC Magazine

Biden’s new CISO must keep campaign managers engaged while navigating strange Covid-19 world

As the newly appointed CISO of Joe Biden’s presidential campaign, Chris DeRusha, former chief security officer with the State of Michigan, has fewer than four months to implement his cybersecurity vision before Election Day arrives — all in the...
The Register

An email banning our staff from using TikTok? Haha, funny story about that, we didn’t mean it – Amazon

Shock TikTok block clocked, unblocked as poppycock amid media aftershock Amazon today said an internal email banning its staff from using TikTok on smartphones connected to their corporate inboxes was sent in "error." The admission – or climb down,...
ZDNet

Researchers create magstripe versions from EMV and contactless cards

Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.
SC Magazine

Flaws in SETracker watch app posed danger to dementia patients

Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted...
SC Magazine

Citrix, Juniper and VMware patch array of vulnerabilities

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance....

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.

Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers

RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps.
Bruce Schneier

China Closing Its Squid Spawning Grounds

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high...

The ‘Super Smash Bros.’ Community Reckons With Sexual Misconduct Allegations

Dozens of people have come forward over the past week, many pointing to a culture that they say enabled rampant predatory behavior.

Amazon bans Tiktok on employee phones as US gov’t scrutinizes Chinese app

Enlarge / A person using the video-sharing application TikTok on a smartphone in Faridabad in India on June 30, 2020. (credit: AFP) Amazon ordered employees to delete TikTok from their phones today, citing "security risks." Amazon's email to employees...

Biden Campaign Hires 2 Top Cybersecurity Executives

The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
Cisco

Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the...
F5 Networks

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it Security Advisory Security Advisory Description This issue occurs when all of the following ...
Cisco

Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020

A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS),...

VMware Releases Security Updates for Multiple Products

Original release date: July 10, 2020VMware has released security updates to address a vulnerability in VMware Fusion, Remote Console, and Horizon Client. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security...

Juniper Networks Releases Security Updates for Multiple Products

Original release date: July 9, 2020Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...