Monday, September 23, 2019

Google Assistant Audio Privacy Controls Updated After Outcry

Google is tightening its privacy controls over its Google Assistant voice assistant after a report earlier this year found that it was eavesdropping on user conversations.

200K Sign Petition Against Equifax Data Breach Settlement

A Change.org petition is demanding stronger accountability for Equifax in the 2017 leak that affected 150 million customers.

Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica

Facebook said it has suspended and banned tens of thousands of apps on its platform after its investigation, launched after Cambridge Analytica, into how they collect and use data.

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks

Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.

News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested

Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.

Mattress Company Leaks Data Records of 387K Customers

A database lacking password protection exposed sensitive data of customers of Milwaukee-based mattress company Verlo Mattress.

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

Eight cities have been hit by a data breach targeting payment cards.

Microsoft Silent Update Torpedoes Windows Defender

Microsoft broke its built-in antivirus utility, thanks to a patch for a different issue.

These Hacks Require Literally Sneaking in the Backdoor

An on premise hacker can cripple even the best cybersecurity defenses.

Smart TVs, Subscription Services Leak Data to Facebook, Google

Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.

IRS Emails Promise a Refund But Deliver Botnet Recruitment

The fake emails direct victims to log into a bogus IRS site.

Rethinking Responsibilities and Remedies in Social-Engineering Attacks

The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic

The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion.

Edward Snowden Sued by U.S. Over New Memoir

The U.S. is attempting to seize any assets related to Edward Snowden's new memoir, Permanent Record.

New! RFP Template for Selecting EDR/EPP and APT Security

Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors.

Massive Gaming DDoS Exploits Widespread Technology

The attack -- the 4th-largest the company has ever encountered -- leveraged WS-Discovery, the same exploit used in the 2016 Dyn incident.

Malware Moves: The Rise of LookBack – And Return of Emotet

The malware landscape is constantly changing; including a rise in a new malware called LookBack, as well as anticipation over the return of the Emotet and Retefe malware families.

Panda Threat Group Mines for Monero With Updated Payload, Targets

Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.

AMD Radeon Graphics Cards Open VMware Workstations to Attack

Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM.
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...