Tuesday, March 19, 2019

Severe security bug found in popular PHP library for creating PDF files

Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.

EU government websites infested with third-party adtech scripts

Ironic as it may be, EU websites might not be compliant with the EU's own data protection rules.

Aluminum producer switches to manual operations after ‘extensive cyber-attack’

Norway's Norsk Hydro said a cyber-attack on late Monday night crippled its IT systems.

Facebook blocked over 1.2 million New Zealand shooting videos at upload

Facebook has released new figures relating to the live-streamed attacks.

Google open-sources project for sandboxing C/C++ libraries on Linux

Support for other programming languages to be added in future releases.

Hacked tornado sirens taken offline in two Texas cities ahead of major storm

City officials took hacked tornado sirens offline ahead of major storm. Luckily, they weren't needed.

New Mirai malware variant targets signage TVs and presentation systems

Security researchers spot new Mirai botnet with an enhanced arsenal of IoT exploits.

Is it still a good idea to publish proof-of-concept code for zero-days?

Time and time again, the publication of PoC code for zero-days and recently patched security bugs often helps hackers more than end-users.

UK code breakers release Enigma war machine simulator

You can also try out Bombe and Typex code-cracking for yourself.

Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web

Gnosticplayers returns with new user records, most of which he obtained by hacking companies last month.

Microsoft releases Application Guard extension for Chrome and Firefox

Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live.

Dutch hacker who DDoSed the BBC and Yahoo News gets no jail time

Hacker used a Mirai botnet to DDoS companies and ask for ransoms to stop attacks.

Android Q to get a ton of new privacy features

Coming to Android Q: MAC address randomization, new location data permission popup, no more clipboard sniffing.

Fujitsu wireless keyboard model vulnerable to keystroke injection attacks

There are slim chances that Fujitsu will release a patch.

Database leaks 250K legal documents, some marked ‘not designated for publication’

Database taken down two weeks later. Owner never identified.

Microsoft to fix ‘novel bug class’ discovered by Google engineer

Fixes to be included with Windows 10 19H1, scheduled for release in a few weeks.

‘100 unique exploits and counting’ for latest WinRAR security bug

As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors.

Facebook debuts AI tool to tackle revenge porn

A new support service has also been launched to tackle the spread of intimate images without consent.

Former Mt. Gox CEO found guilty of record tampering, but likely to avoid prison

Mark Karpeles has been found guilty of fiddling accounts but not embezzlement in the Mt. Gox case.

Two-thirds of all Android antivirus apps are frauds

Only 23 Android antivirus apps had a 100 percent detection rate with no false positives.

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.

The Case of the Missing Data

The latest twist in the Equifax breach has serious implications for organizations.

Industrial Cybersecurity Firm Nozomi Launches Research Department

Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs. read more