Saturday, November 17, 2018

Russian APT comes back to life with new US spear-phishing campaign

Cozy Bear (APT29) makes a comeback after last year's Dutch and Norwegian hacking campaigns.

Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency

The US now has an official federal cybersecurity agency.

Google Play Protect analyzes every Android app that it can find on the internet

Play Protect, a security service included in the Play Store app, lives up to all the hype that Google created last year.

AWS rolls out new security feature to prevent accidental S3 data leaks

New settings will prevent accidental S3 bucket leaks --if customers take the time to apply them.

Most antivirus programs fail to detect this cryptocurrency-stealing malware

Traditional antivirus software has a tough time detecting malware used in the campaign.

Winter Olympic Games hackers are back with an updated arsenal

The group behind Olympic Destroyer are back with an evolved toolkit and malware droppers.

Malicious code hidden in advert images cost ad networks $1.13bn this year

So-called steganography is rapidly becoming a favored tool of fraudsters.

Most ATMs can be hacked in under 20 minutes

Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking.

Google to pay JavaScript frameworks to implement performance-first code

Google to create $200,000 fund to sponsor the addition of "on by default" performance-related updates in popular JavaScript frameworks.

DOD disables file sharing service due to ‘security risks’

AMRDEC SAFE portal had been to handle the transfer of classified and non-classified materials.

Japanese cybersecurity minister finds computers a mystery

The man in charge of cybersecurity not only said he does not use a PC but seemed stumped when asked about risks associated with USB drives.

One in five Magecart-infected stores get reinfected within days

A large number of reinfections take place within a day or week. Average reinfection time is 10.5 days.

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Many free mobile VPN apps are based in China or have Chinese ownership

Chinese affiliation raises a sign of alarm in light of China's recent clampdown of "unauthorized" VPN services.

Guilty of your roots: Why Kaspersky believes tech nationalism is on our doorstep

The answer lies in why Kaspersky has now moved core systems from Russia to Switzerland.

Researchers discover seven new Meltdown and Spectre attacks

Experiments showed that processors from AMD, ARM, and Intel are affected.

Card skimming malware removed from Infowars online store

Infowars online store hit by brief Magecart incident that lasted around 24 hours. Less than 1,600 users may have been affected.

Microsoft patches Windows zero-day used by multiple cyber-espionage groups

Kaspersky: Windows zero-day exploited by multiple cyber-espionage groups.

Facebook patches another bug that could have allowed mass-harvesting of user data

Imperva security researcher publicly discloses bug today, but Facebook patched the issue back in May.

Google traffic hijacked via tiny Nigerian ISP

A large chunk of the hijacked traffic passed through the network of a controversial Chinese state-owned telecom provider that was previously accused of intentionally misdirecting internet traffic.
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.