News Feed

• ASIO discloses LinkedIn foreign intelligence threat
  It also warned that the telecommunications sector is an 'attractive target' for foreign interference.
• Restructuring and probe resolution costs send Ericsson into hole for third quarter
  Revenue is up 6% for the Swedish telco equipment manufacturer but 10 billion Swedish krona in costs sends the company's operating income into the red.
• CommBank issues apology to customers for network issues
  Services including PayID and cardless cash are unavailable, the bank said.
• UK ends quest to create online porn block
  While ending its plans for overt age verification, the UK government said it remains committed to "protecting children online".
• Pixel 4 skips India, Japan waiting on Motion Sense
  Country by country decisions throughout the Asia-Pacific region means a Pixel 4 in some places is not the same Pixel 4 in others, even if it is the same phone.
• OAIC seeks feedback on draft CDR privacy safeguard guidelines
  Submissions from industry and the public are being accepted until November 20.
• Samsung to launch smartphone with under-the-display front camera: Report
  The new technology is expected to either be applied onto the upcoming Galaxy S11 or the next generation of the Galaxy Fold.
• Tor Snowflake turns your browser into a proxy for users in censored countries
  Chrome and Firefox extensions released over the summer. Windows support added this month.
• University of Newcastle to shift all workloads to AWS Cloud by 2020
  The university will exit from its on-premise datacentre.
• NBN rejects speed test reality for one of its own
  If everyone in the world held still for a handful of years, and someone measured the potential of technology, Australia could rank third in the world, an NBN report reckons. Please clap.
• Canva valuation hits $3.2b as it launches Canva for Enterprise
  Its latest rounding fund achieved $85 million thanks to backers including Blackbird and Sequoia China.
• Bharti Airtel goes with Ericsson for 5G core
  Move comes after telco announced it was using Huawei for microwave links last month.
• Yahoo announces all content on Yahoo Groups will be permanently removed
  All public groups will be made private or restricted.
• Cyberbit discovers international airport riddled with Bitcoin-mining malware
  Here's how known malware exploits can be tweaked to get past current security systems but can't hide from behavior analysis
• TikTok hires legal experts for content moderation amid censorship concerns
  The popular social media platform has hired global law firm K&L Gates LLP, including two former US Congressmen, in an effort to ramp up its moderation policies after Senator Marco Rubio questioned the legitimacy of TikTok’s Chinese owner's acquisition of the now-defunct Musical.ly.
• Huawei revenue up by almost one quarter for third quarter
  Bans are yet to hit the Chinese giant's bottom line.
• Security researcher publishes proof-of-concept code for recent Android zero-day
  Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day.
• IBM's third quarter a mixed bag as sales fall short, but earnings better than expected.
  Red Hat delivered revenue growth of 29% and the cloud and cognitive software unit saw sales grow 6%.
• FCC approves merger of T-Mobile and Sprint
  Both democrats on the commission voted against the deal, which shrinks the number of major wireless carriers in the US from four to three.
• US, South Korea officials trace bitcoin transactions to take down massive child porn site
  Officials have seized approximately eight terabytes of child sexual exploitation videos and arrested more than 300 people worldwide associated with the site, the US Justice Department said.

• Federal CIOs Zero In on Zero Trust
  Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
• Sodinokibi Ransomware: Where Attackers' Money Goes
  Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
• Targeted Ransomware Attacks Show No Signs of Abating
  Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
• IoT Attacks Up Significantly in First Half of 2019
  New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
• More Breaches, Less Certainty Cause Dark Web Prices to Plateau
  New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
• Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
  Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
• Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
  Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
• Pitney Bowes Hit by Ransomware
  The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
• The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
  A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
• Click2Mail Suffers Data Breach
  Mail provider discovered customer data being used in spam messages.
• FBI: Phishing Can Defeat Two-Factor Authentication
  A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
• Close the Gap Between Cyber-Risk and Business Risk
  Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
• iTunes Zero-Day Exploited to Deliver BitPaymer
  The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
• Imperva Details Response to Customer Database Exposure
  The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
• Attackers Hide Behind Trusted Domains, HTTPS
  One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
• Magecart Attack on Volusion Highlights Supply Chain Dangers
  Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
• How the Software-Defined Perimeter Is Redefining Access Control
  In a world where traditional network boundaries no longer exist, VPNs are showing their age.
• Utilities' Operational Networks Continue to Be Vulnerable
  More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
• NSA Issues Advisory on VPN Vulnerability Trio
  Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.
• For Cybersecurity to Be Proactive, Terrains Must Be Mapped
  As in any battle, understanding and exploiting the terrain often dictates the outcome.

• SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
  The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
• Pitney Bowes Hit by Ransomware
  The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
• When Using Cloud, Paranoia Can Pay Off
  Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
• FBI: Phishing Can Defeat Two-Factor Authentication
  A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
• AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
  At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
• Imperva Details Response to Customer Database Exposure
  The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
• Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
  Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
• How the Software-Defined Perimeter Is Redefining Access Control
  In a world where traditional network boundaries no longer exist, VPNs are showing their age.
• Drupalgeddon2 Vulnerability Still Endangering CMSes
  A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.
• FBI Investigates Mobile Voting Intrusion
  A group tried to access West Virginia's mobile voting app in 2018; now, the FBI is looking into what actually happened.
• Complex Environments Cause Schools to Struggle for Passing Security Grade
  As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
• 8 Ways Businesses Unknowingly Help Hackers
  From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
• American Express Insider Breaches Cardholder Information
  The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
• Common Pitfalls of Security Monitoring
  We need technology, but we can't forget the importance of humans working methodically to make it effective.
• 20M Russians' Personal Tax Records Exposed in Data Leak
  An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
• Stalkerware on the Rise Globally
  Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
• Controlling Data Leakage in Cloud Test-Dev Environments
  The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
• Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
  The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
• Microsoft Announces Ability to Force TLS Version Compliance
  Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
• 'Harvesting Attacks' & the Quantum Revolution
  Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.

Cyber Security Feed.