Saturday, January 16, 2021

Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine

Enlarge (credit: Getty Images) Last month, the makers of one of the most promising coronavirus vaccines reported that hackers stole confidential documents they had submitted to a European Union regulatory body. On Friday, word emerged that the hackers...

How law enforcement gets around your smartphone’s encryption

Enlarge / Uberwachung, Symbolbild, Datensicherheit, Datenhoheit (credit: Westend61 | Getty Images) Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing...

The NSA warns enterprises to beware of third-party DNS resolvers

Enlarge (credit: Getty Images) DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has...

Hackers used 4 zero-days to infect Windows and Android devices

Enlarge (credit: Getty Images) Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zerodays, meaning they targeted vulnerabilities that at...

AT&T kills off the failed TV service formerly known as DirecTV Now

Enlarge / AT&T corporate offices on November 10, 2020, in El Segundo, California. (credit: Getty Images | AaronP/Bauer-Griffin) AT&T is killing off the online-video service formerly known as DirecTV Now and introducing a no-contract option for the...

Mimecast says hackers stole a certificate and used it to target its customers

Enlarge (credit: Getty Images) Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s...

Parler’s amateur coding could come back to haunt Capitol Hill rioters

Enlarge / Parler? (credit: Getty Images) By now, you may have heard of the hacker who says she scraped 99 percent of posts from Parler, the Twitter-wannabe site used by Trump supporters to help organize last Wednesday’s violent...

SolarWinds malware has “curious” ties to Russian-speaking hackers

Enlarge (credit: Getty Images) The malware used to hack Microsoft, security company FireEye, and at least a half-dozen federal agencies has “interesting similarities” to malicious software that has been circulating since at least 2015, researchers said on Monday. Sunburst...

New York City proposes regulating algorithms used in hiring

Enlarge (credit: John Lamb | Getty Images) In 1964, the Civil Rights Act barred the humans who made hiring decisions from discriminating on the basis of sex or race. Now, software often contributes to those hiring decisions, helping...

Reddit’s largest remaining Trump community banned for “inciting violence”

Enlarge / The image currently at the top of r/donaldtrump. (credit: Reddit) On Friday, Reddit joined this week's response to violent online rhetoric as spearheaded by President Donald Trump and removed its "r/donaldtrump" community, the site's largest existing...

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

Enlarge (credit: Google) There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession...

DoJ says SolarWinds hackers breached its Office 365 system and read email

Enlarge (credit: Gregory Varnum) The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a...

Feds say that Russia was “likely” behind months-long hack of US agencies

Enlarge / Side view of colorful St. Basil's Cathedral in Moscow on Red Square in front of the Kremlin, Russia. (credit: Getty Images) Hackers working for the Russian government were “likely” behind the software supply chain attack that...

Telegram feature exposes your precise address to hackers

Enlarge (credit: Getty Images) If you’re using an Android device—or in some cases an iPhone—the Telegram messenger makes it easy for hackers to find your precise location when you enable a feature that allows users who are geographically...
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...