Tuesday, January 28, 2020

Rui Pinto: Hacker Who Targeted Football and Angola’s ‘Princess’

Prosecutors in Portugal have denounced him as a criminal hacker, but his supporters describe the man behind the "Luanda Leaks" revelations as a public interest whistleblower. read more

Attacks on ADC Ramp Up as Citrix Releases Remaining Patches

Citrix has released the full set of patches for the recently disclosed security flaw tracked as CVE-2019-19781, but attacks on vulnerable systems are ramping up. read more

German Privacy Watchdog Investigates Clothing Retailer H&M

A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed “massive data protection breaches” by spying on its customer service representatives in Germany. read more

Three Magecart Hackers Arrested in Indonesia

Three individuals suspected of being involved in Magecart online skimming attacks were arrested late last year in Indonesia. read more

Lessons Learned From 2016, but U.S. Faces New Election Threats

It’s been more than three years since Russia’s sweeping and systematic effort to interfere in U.S. elections through disinformation on social media, stolen campaign emails and attacks on voting systems. U.S. officials have made advances in trying to prevent...

World Economic Forum on Securing the Aviation Industry in the Age of Convergence

World Economic Forum Calls for Global Collaboration to Enhance Cyber Resilience in the Aviation Industry read more

NSA Shares Guidance on Mitigating Cloud Vulnerabilities

The U.S. National Security Agency (NSA) has published advice on mitigating cloud vulnerabilities. While the advice is primarily designed for government agencies and departments, it nevertheless contains good advice for any commercial organization considering or embarking on -- or...

Huawei and Supply Chain Security – The Great Geopolitical Debate

With No Proof That China's Huawei is Malicious, The Potential for Abuse Remains read more

Trend Micro OfficeScan Flaw Apparently Exploited in Mitsubishi Electric Hack

A cyberattack disclosed recently by Mitsubishi Electric, which resulted in hackers gaining access to the company’s network and stealing corporate data, likely involved exploitation of a vulnerability in Trend Micro’s OfficeScan product. read more

PoC Exploits Created for Recently Patched ‘BlueGate’ Windows Server Flaws

Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. read more

Trump, Johnson Talk Security Ahead of Huawei Decision

Prime Minister Boris Johnson discussed telecoms security with US President Donald Trump as he prepares to announce if Britain will use China's Huawei in its 5G networks, officials said Saturday. read more

Cisco Webex Vulnerability Exploited to Join Meetings Without a Password

Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. Cisco said the flaw had been exploited. read more

Questions Linger Over Investigation Into Jeff Bezos’ Hacking

Cybersecurity experts said Thursday there were still many unanswered questions from an investigation commissioned by Jeff Bezos that concluded the billionaire’s cellphone was hacked, apparently after receiving a video file with malicious spyware from the WhatsApp account of Saudi...

Greece: Government Websites Hit by Cyberattack

The Greek government said Friday that the official state websites of the prime minister, the national police and fire service and several important ministries were briefly disabled by a cyberattack but have been restored. read more

2020 Rings in a New Era of Cyber Attacks – and it’s Getting Personal

Recently, I finished a great audiobook by the famed hacker Kevin Mitnick, called “Ghost in the Wires”, where he details his exploits in using social engineering techniques to hack phone systems. For the most part, he used old school...

Microsoft Releases Azure Security Benchmark

Microsoft this week announced the availability of Azure Security Benchmark v1 (ASB), a collection of more than 90 security best practices recommendations for Azure customers. read more

Bipartisan Bill Aims to Reform NSA Surveillance of Americans

U.S. lawmakers on Thursday introduced a bill that aims to reform the National Security Agency’s surveillance programs in an effort to protect citizens’ rights. read more

Privacy Firm Finds Unsecured Cannabis Patient Information

An internet privacy firm says it was able to access private personal information of more than 30,000 medical marijuana patients, recreational pot customers or dispensary employees in several states. The privacy firm was searching for unsecured data online and says...

The More Authentication Methods, the Merrier

An Increasingly Diverse, Dynamic Workforce Is Driving Dramatic Change in How Users Authenticate read more

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.