Friday, June 5, 2020
Security Now

SN 769: Zoom’s E2EE Design

Zoom gets end-to-end encryption. ACLU takes Clearview to court, but maybe they should worry about their own website firstThe state of drive-by malvertising downloadsGoogle will be bad listing notification abusing sitesWho else is doing the eBay-like ThreatMetrix port scanning?Facebook...
Security Now

SN 768: Contact Tracing Apps R.I.P.

Contact tracing apps are not going to work.Why contact tracing apps are never going to workUnc0ver: There's a new iOS jailbreak in town, and as jailbreaks go, it looks VERY nice!Firefox 77 picks up a nifty new security trickNew...
Security Now

SN 767: WiFi 6

WiFI 6, Apple vs. FBI, face masks.Last Tuesday's Windows patch Tuesday was the not the biggest ever, but it was the 3rd largest in Microsoft's history, weighing in with a whopping 111 CVE-tracked bug fixes, 16 of which were...
Security Now

SN 766: ThunderSpy

Thunderbolt security flaw, Zoom buys Keybase. Why the ThunderSpy Thunderbolt security flaw is such a big dealZoom purchases Keybase to fix encryptionFirefox 76 released with new featuresBut Firefox 76 broke Amazon's Assistant!Hallelujah!! Edge moves to silence those annoying notification...
Security Now

SN 765: An Authoritarian Internet?

China wants to rebuild the Internet.China's proposal to rebuild the internet is an authoritarian nightmareBruce Schneier on COVID-19 Contact Tracing AppsPolitical Correctness hits cybersecurityDHS's CISA says no to 3rd-party DoH"POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies...
Security Now

SN 764: RPKI

Apple/Google Contact Tracing, Best VPNs to protect you.Apple/Google Contact Tracing UpdateiOS 0-Day Alert! Update Apple MailBest VPNs to protect you from the Five EyesTypoSquatting attacksVitamin D linked to COVID-19 mortalityResource Public Key InfrastructureHow BGP can break the InternetWe invite...
Security Now

SN 763: The COVID Effect

Zoom Fixes Security, EARN IT is Evil, Tor in TroubleZoom gets big-name help with security fixesGoogle updates Chrome to v81.0.4044.113 to squash a critical flawFTP in Chrome lives another day! Google "undepreciates" FTP.Windows Patch Tuesday for April 2020 fixes...
Security Now

SN 762: Virus Contact Tracking

Apple+Google Covid Tracker is Secure and RIP John Conway, Creator of The Game of LifeApple & Google Virus Contact Tracing: secure and effectiveZoom gets another Zoom-bombing mitigation... and a Class-Action LawsuitMeanwhile, Zoom has enlisted the aid of Alex StamosZoom...
Security Now

SN 761: Zoom Go Boom

Zoom is a security nightmare - from zoombombing to encryption issues, Steve Gibson runs down Zoom's security concerns. Plus, Jitsi is a great alternative!Mozilla just patched a pair of CRITICAL 0-daysEight security bugs eliminated from Chrome last weekSafari gets...
Security Now

SN 760: Folding Proteins

iOS VPN bug, Coronavirus Folding@HomeVPN bug in iOS 13.4Folding@Home - how to donate your unused CPU cycles to help provide answers to COVID-19.RDP and VPN use skyrocketingTo 'www' or not to 'www'Firefox 76 to finally stop assuming "HTTP"Google again...
Security Now

SN 759: TRRespass

This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted...
Security Now

SN 758: The SMBGhost Fiasco

This Week's Stories: Does Steve have coronavirus? Maybe? He got very sick over the weekend and is still coughing, but he couldn't get tested. Mayhem ensues after last week's Patch Tuesday List of free technology services during coronavirus, from...
Security Now

SN 757: The Fuzzy Bench

This Week's Stories Microsoft, Google, LogMeIn & Cisco offer limited-time free use of telecommuting Tools Hack the Pentagon! The Android security dilemma AMD processors get some unwelcome but necessary side-channel attack scrutiny Intel also has some serious new trouble...
Security Now

SN 756: Kr00k

This Week's Stories Lets Encrypt hits 1 BILLION certs Pakistan passes Internet censorship law Clearview AI breach: clients and searches stolen Swiss government submits criminal complaint over CIA Crypto spying scandal Ghostcat - (Apache) Tomcat Users: Update NOW! Revisiting...
Security Now

SN 755: Apple’s Cert Surprise

This Week's Security News: More Windows 10 lost profile pain A micropatch for the jscript.dll problem Coming in the next Feature Release (Win10 2004): optional device driver updates A new attack on 4G LTE and 5G Starting today: DoH...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.
The Register

Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…