Tuesday, August 4, 2020
The Register

They say the tooth will set you free… so Brit dentist trade union tells members: ‘Bad news; we’ve been hacked’

Bank account numbers and sort codes may have been accessed by intruders Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.…
The Register

Uncle Sam blames best pal China as Taidoor crew’s dirty RAT takes aim at Western orgs, but others are less sure

Hello, 2009 called, they said they've got an email for you A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.…
The Register

Doctor, doctor, got some sad news, there’s been a bad case of hacking you: UK govt investigates email fail

Former trade minister Dr. Liam Fox named as source of leaked trade docs Former UK trade minister and current Conservative MP Dr. Liam Fox has been named as the source of hacked trade documents released during last year's British...
The Register

Leaky S3 buckets have gotten so common that they’re being found by the thousands now, with lots of buried secrets

When will this madness end? The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.…
The Register

Days after Trump suggests pausing election over security, US House passes $500m for states to do just that

Chances of it getting enacted in time for the election - slim to almost nil The US House of Representatives has passed a spending bill which includes a $500m election security provision.…
The Register

Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election security

Chances of it getting enacted in time for November – slim to almost nil The US House of Representatives has passed a spending bill which includes a $500m election security provision.…
The Register

UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?

Chinese-owned vid app reportedly moving HQ to London The chairman of UK Parliament's Defence Committee has suggested making popular app TikTok subject to Huawei-style code reviews by GCHQ, if its reported move to a new London HQ comes true.…
The Register

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

OpenSSF to take projects from CII and OSSC under its umbrella The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red...
The Register

‘We stopped ransomware’ boasts Blackbaud CEO. And by ‘stopped’ he means ‘got insurance to pay off crooks’

CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked "We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts – failing...
The Register

Oh cool, more Cisco patches to apply. Happy Monday

Meanwhile, Linux KDE desktops can be pwned by evil archives In Brief  Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.…
The Register

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

Alleged 17-year-old mastermind among trio charged over account mass hijackings Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.…
The Register

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn’t get the memo

$4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty Exclusive  US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion and it is believed the company paid a $4.5m ransom to...
The Register

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines

Inflammatory findings from deadly serious investigation Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make...
The Register

In the market for a second-hand phone? Check it’s still supported by the vendor – almost a third sold are not

That means no security updates, which puts users at risk of compromise An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving...
The Register

EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews

Russian, Chinese, Nork groups named in bank asset freeze The European Union has, for the first time ever, slapped sanctions on hacking crews.…
The Register

Fun fact: If you noticed a while ago Zoom’s web client going AWOL for a week, it’s because someone found a passcode-cracking hole

Story behind the hasty teardown and repairing of a brute-force vulnerability Zoom has confirmed it fixed a vulnerability that could have been exploited by miscreants to crack the passcodes needed to access strangers' private chin-wagging.…
The Register

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Attack came in waves that probed for staff with access to the creds crims craved Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…
The Register

Infosec bod: I’ve found zero-day flaws in Tor’s bridge relay defenses. Tor Project: Only the zero part is right

Warnings either not new or need more study, says open-source dev team Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "zero-day exploits"... which the Tor Project...
The Register

If you own one of these 45 Netgear devices, replace it: Firm won’t patch vulnerable gear despite live proof-of-concept code

That's one way of speeding up the tech refresh cycle Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.…
The Register

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer DXC has recovered from a ransomware attack that hit its independent services-for-insurers operation Xchanging.…

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
SecurityWeek

GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue

GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
SecurityWeek

Tampa Teenager Accused in Twitter Hack Pleads Not Guilty

A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud. read more
SecurityWeek

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. read more

EU launching deep probe into Google’s planned $2.1 billion Fitbit buy

Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images) Regulators in the European Union are launching...