Tuesday, May 21, 2019

Some Elasticsearch security features are now free for everyone

Company makes TLS support and fine-grained user/role management free for everyone.

Root account misconfigurations found in 20% of top 1,000 Docker containers

Issue similar to Alpine Linux's CVE-2019-5021 impacts 201 other Docker images.

Google research: Most hacker-for-hire services are frauds

Survey of 27 hacker-for-hire services found that only five launched attacks against victims.

Google changes how the Escape key is handled in Chrome to fight popup ads

Google Chrome v76 is getting a new security feature to fight popup spam.

Security researchers discover Linux version of Winnti malware

Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company.

Company behind LeakedSource pleads guilty in Canada

LeakedSource sold data on over 3.1 billion accounts, made CAN$247,000 (US$183,000).

Faulty database script brings Salesforce to its knees

Faulty production script gave users access to all their company's Salesforce data.

Stack Overflow hacker went undetected for a week

Stack Overflow now says hacker might have also accessed user data.

Chinese cyberspies breached TeamViewer in 2016

TeamViewer said it detected and stopped the attack before hackers could do any damage.

Facebook bans Israel’s Archimedes Group over fake political activity, election disruption

The corporation has been accused of using fake accounts to influence political campaigns.

A large chunk of Ethereum clients remain unpatched

Unpatched clients leave Ethereum network vulnerable to 51% attacks.

Hacktivist attacks dropped by 95% since 2015

Hacktivist scene collapses as Anonymous hacker collective dies a slow death.

Stack Overflow says hackers breached production systems

Stack Overflow said it detected a security breach over the weekend.

US telcos say they stopped selling user location data, with a few exceptions

AT&T, Sprint, T-Mobile, and Verizon tell the FCC they've terminated most user data sharing arrangements.

Privacy concerns raised about upcoming Client-Hints web standard

Brave devs warn about new alternative user fingerprinting method being rolled out with Chromium-based browsers.

Microsoft releases new version of Attack Surface Analyzer utility

New Attack Surface Analyzer 2.0 works on Windows, but also Mac and Linux.

Trump signs executive order banning US telcos from buying or using foreign gear

Executive order doesn't mention Huawei, but it's a Huawei ban for all intents and purposes.

Russian government sites leak passport and personal data for 2.25 million users

Passport data for high-ranking Russian politicians among the leaked information.

Google to replace faulty Titan security keys

Vulnerability in Bluetooth pairing protocol forces Google to replace Titan keys sold in the US.

UK hacking powers can be challenged in court, judge rules

UK spies are no longer allowed to skip court if their choices are considered unlawful.

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...