Tuesday, March 31, 2020
The Register

Epic Games floats $1m bounty to ID source of ‘commercial smear’ claiming Houseparty chat app has been hacked

Lots of non-savvy users may be recycling previously hacked creds Group video chat app Houseparty has offered a $1m bounty to identify what it claims is an organised campaign to falsely depict it as a hackers' backdoor.…
The Register

Marriot Hotels breached AGAIN: Two compromised logins abused to exfil guests’ personal deets

How many customers' deets? It's not saying just yet Marriot Hotels has suffered its second data spillage in as many years after an "unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has...
The Register

Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info

How many customers' deets? It's not saying just yet Marriott Hotels has suffered its second data spillage in as many years after an "unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has...
The Register

Poured your info out on a call to 118 118 Money? Bad luck. Credit provider ‘fesses up that hacker nabbed customer service phone recordings

Don't worry, though. Any 'systematic' data extraction would be 'time-consuming' The digital burglary at 118 118 Money exposed recordings of customer service calls that included a raft of personal information although thankfully not payment data.…
The Register

You know all those stories of leaky cloud buckets taken offline? Well, some may still be there, just badly hidden

Plus, Google warns of fake journo phishing attacks Roundup  It's once again time for the El Reg security roundup.…
The Register

First-ever SANS Women in Cybersecurity survey reveals significant mentorship gaps

'The future of cybersecurity is the responsibility of everyone' Promo  As women take more senior positions in the field of cybersecurity, there's a shortage of women available to mentor others.…
The Register

Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’

Doc Frown: Searls decries video-conferencing software's 'creepy' closeness with ad tracking As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over the app's "creepily chummy" relationship...
The Register

AMD dials 911, emits DMCA takedowns after miscreant steals a load of GPU hardware blueprints, leaks on GitHub

'We believe the stolen graphics IP is not core to the competitiveness or security of our graphics products' On Wednesday, AMD confirmed intellectual property related to its graphics processors was stolen last year, though insisted the leaked files will...
The Register

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion

Citrix, Cisco and Zoho-pwning APT41 attack wave seems in awfully bad taste Proving that no good crisis ever goes to waste, Chinese government hacking crew APT41 launched a campaign that abuses vulns in Citrix Netscaler and Zoho ManageEngine, according...
The Register

SANS is offering fully certified cybersecurity training – without leaving your bunker

Isolation is the perfect time to learn new skills Promo  Amid this planet's ongoing pandemic, if you’re keen to repurpose all that time previously spent commuting, attending conferences, and so on, why not take a look at the SANS...
The Register

If there’s something strange in Symantec’s neighbourhood, who you gonna call, not Broadcom it seems

Datacenters fall over around the globe Symantec customers, or rather Broadcom these days, were taken offline for a while on Wednesday when the security services datacenters around the planet went down.…
The Register

Tupperware-dot-com has a live credit card skimmer on its payment page, warns Malwarebytes

Branded lunchbox biz didn't answer for 5 days, alleges infosec firm Tupperware, maker of the plastic food containers beloved of the Western middle classes, has an active and ongoing malware infection on its website that steals credit card data...
The Register

Brit housing association blabs 3,500 folks’ sexual orientation, ethnicity in email blunder

Please update your contact details in this handy spreadsheet ... oh A UK housing association blurted 3,500 people's sensitive personal data as part of a bungled "please update your contact details" email exercise, The Register has been told.…
The Register

Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters… and something weird called iTunes for Windows

Dozens of bugs swatted in latest Cupertino updates Apple has emitted a bundle of security fixes ranging across its product lines.…

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...