Saturday, July 20, 2019

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.

The App Creeping on Your IG Location, Jakarta’s Insurance Crisis, and More News

Catch up on the most important news from today in two minutes or less.
The Register

In the cooler for the next three years: Hacker of iCloud accounts used by athletes and rappers

Phishing led to shopping spree with victims' credit cards A man from the US state of Georgia who pleaded guilty in March to breaking into the Apple iCloud accounts of sports and entertainment figures was sentenced on Thursday to...
SC Magazine

Flaw allows attackers to alter media files sent via WhatsApp, Telegram, say researchers

Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps. This “media file-jacking” flaw could allow attackers to alter photographs, modify invoices (to aid...

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
Bruce Schneier

Friday Squid Blogging: Squid Mural

Large squid mural in the Bushwick neighborhood of Brooklyn. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Hackers breach 62 US colleges by exploiting ERP vulnerability

Hackers are breaching college networks and creating fake accounts that are used "almost immediately for criminal activity."
The Register

When Harry met celly: NSA hoarder thrown in the clink for 9 years – after taking classified work home for decades

Contractor Martin sentenced for squirreling away 50TB of hush-hush files, exploits An ex-NSA contractor who admitted stashing some 50TB of secret US government documents and exploit code at his home was today sentenced to nine years behind bars.…

Adult Sites Lack Privacy, Open the Door for Harassment and Tracking

Third-party tracking is rampant on sites like Pornhub, with users' sexual preferences on full view.
Security Affairs

Israel surveillance firm NSO group can mine data from major social media

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is...
The Register

All very MoD-ern: RAF test pilot headed into space with Virgin, £30m small sat demo project

Defence ministry gets with the Apollo vibes Roundup  As the world celebrates the 50th anniversary of the Apollo 11 Moon mission, the UK's Ministry of Defence has gone a bit wacky – not only does it have fresh space...
PC Mag

Browser Extensions Siphon Private Data From 4M Users, Then Leak It

Eight browser extensions for Chrome and Firefox were recently shut down after a security researcher uncovered how they were sending users' private data, including links to sensitive online documents, to a marketing intelligence firm.
SC Magazine

Securing Energy Infrastructure Act passes House

The House Thursday passed the bipartisan Securing Energy Infrastructure Act, which aims to remove vulnerabilities that could allow hackers to access the energy grid. The bill was sponsored by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) and mirrors the...

Bug in NVIDIA’s Tegra Chipset Opens Door to Malicious Code Execution

Researcher creates 'Selfblow' proof-of-concept attack for exploiting a vulnerability that exists in "every single Tegra device released so far".

Contractor who stole 50TB of NSA data gets nine years in prison

Prosecutors never proved former NSA contractor was the origin for the Shadow Brokers leak.
Have I Been Pwned

Armor Games – 10,604,307 breached accounts

In January 2019, the game portal website website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored...
F5 Networks

TMM vulnerability CVE-2019-6629

TMM vulnerability CVE-2019-6629 Security Advisory Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart.
F5 Networks

iControl REST vulnerability CVE-2019-6638

iControl REST vulnerability CVE-2019-6638 Security Advisory Security Advisory Description Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the ...
F5 Networks

iControl REST vulnerability CVE-2019-6641

iControl REST vulnerability CVE-2019-6641 Security Advisory Security Advisory Description Undisclosed requests can cause iControl REST processes to crash. The attack can only come from an ...
F5 Networks

BIG-IP HTTP profile vulnerability CVE-2019-6631

BIG-IP HTTP profile vulnerability CVE-2019-6631 Security Advisory Security Advisory Description iRules performing HTTP header manipulation may cause an interruption to service when processing ...