Saturday, October 19, 2019
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Microsoft Tackles Election Security with Bug Bounties

Researchers can earn up to $15,000, depending on the severity of the bug found.
Bruce Schneier

Why Technologists Need to Get Involved in Public Policy

Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy." In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has...
TechRepublic

Why compliance concerns are pushing more big companies to the cloud

Cloud migration is accelerating as companies face compliance, security, and control concerns.

Tor Weaponized to Steal Bitcoin

A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
SC Magazine

Phishing scam targets users of Stripe payment processing service

Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data. The attackers employ two...

In A Crowded Endpoint Security Market, Consolidation Is Underway

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
TechRepublic

What is a Zero Day Vulnerability?

Find out what a Zero Day Vulnerability is and if there's anything you can do to protect yourself against them.

Execs Could Face Jail Time For Privacy Violations

The bill is a direct shot at big tech companies like Facebook as senators try to reel in data-collection policies.
SecureMac

Checklist 159: What That and Tencent Will Get You

This week on the Checklist, we’ll look at a troubling connection between Apple and the Chinese government. We’ll revisit the issue of IoT security (spoiler: It’s not getting any safer out there). And we’ll round out the list with...

US Girl Scouts Launch First National Cybersecurity Challenge

US Girl Scouts Launch First National Cybersecurity ChallengeGirls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow.  Over 3,000 girls have signed up to practice their cybersecurity skills by solving a...
SC Magazine

2.8 million CyberLink customer records exposed by unprotected database

A third-party MongoDB database containing 2.8 million CyberLink customer records and information was left unprotected exposing the data of several hundred thousand of the tech company’s customers. The database was found by the security firm Comparitech working with security researcher Bob Diachenko. The initial finding...
IBM Security

Identity Analytics and the ‘2019 Gartner Magic Quadrant for Identity Governance and Administration’

Identity governance and administration (IGA) is a strategic component of identity and access management (IAM). It is designed to help manage digital identities and entitlements across multiple systems and applications. IGA tools are paramount to achieving compliance, as they...

Italians Rocked by Ransomware

Italians Rocked by RansomwareItaly is experiencing a rash of ransomware attacks that play dark German rock music while encrypting victims' files.  The musical ransomware, called FTCode, was detected by security analysts at AppRiver in malicious email campaigns directed at Italian Office 365...

Major Airport Malware Attack Shines a Light on OT Security

A cryptomining infection spread to half of the workstations at a major international airport.

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

A patch is currently under revision but has not yet been incorporated into the Linux kernel.
Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a...
Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due...
Cisco

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed...
F5 Networks

Linux kernel vulnerability CVE-2019-16089

Linux kernel vulnerability CVE-2019-16089 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does ...
MSRC

Introducing the ElectionGuard Bounty program

Announcing the new ElectionGuard Bounty program The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center.