News Feed

• Best office chairs for 2020: Herman Miller, Secretlab, La-Z-Boy, Steelcase, and others
  The very best office chairs for under $200 and $100, as well as the top office chairs for back pain, posture, gaming, and so on. Most of them are available to buy right now from Amazon.
• Microsoft warns about Internet Explorer zero-day, but no patch yet
  IE zero-day connected to last week's Firefox zero-day.
• Will Google’s more-efficient ‘Reformer’ mitigate or accelerate the arms race in AI?
  Google’s latest refinement to the popular “Transformer” language model promises to make state of the art available to those with a smaller computer budget. But the advances could just as well be used with those commanding vast compute resources to squeeze even more performance out of the biggest machines.
• Visa's plan against Magecart attacks: Devalue and disrupt
  Visa is actively going after Magecart groups, but also deploying new technologies to safeguard payment card data.
• This Linux smartphone is now shipping for $150
  Pine64's open source PinePhone runs Linux and is designed for developers and early-adopters.
• Singapore public sector called out for recurring IT lapses
  Country's government agencies must resolve repeated lapses and plug weaknesses in IT controls, especially given the speed at which new IT systems are implemented, says government committee responsible for assessing how public funds are used.
• Microsoft to add new Chief Strategy and Digital Officers to its executive roster
  It's the start of 2020, so let the Microsoft executive shuffles and reorgs officially begin.
• Apple's latest iOS update is truly getting on my nerves
  Software updates are supposed to make things better. Not always, it seems. Not this one, certainly. And it's affecting something very basic.
• 12 products announced at CES that you can actually buy right now. But should you?
  Jason Cipriani and Jason Perlow spent a week scouring the internet -- even asking for advice on Twitter -- to find 12 devices announced at CES 2020 that are available to buy right now.
• Kubuntu Focus: A new top-of-the-line Linux laptop arrives
  The KDE-empowered version of Ubuntu, Kubuntu, now has a high-powered laptop to call its own: The Kubuntu Focus.
• JhoneRAT exploits cloud services to attack Middle Eastern countries
  Google Drive, Twitter, ImgBB and Google Forms are being abused in the name of data theft.
• Microsoft: Application Inspector is now open source, so use it to test code security
  Microsoft offers up the security tool it uses to probe untrusted third-party software components in its applications.
• WordPress plugin vulnerability can be exploited for total website takeover
  The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters.
• Travelex says some in-store systems are back up and running after ransomware attack
  Currency exchange company is gradually bringing systems back online, and said no customer data has been stolen in the attack.
• Microsoft opens up Rust-inspired Project Verona programming language on GitHub
  Microsoft is developing a new programming language but it's not giving up its work on Rust.
• Are screens harmful? This project wants to record everything you do on your phone, to find out
  Precisely mapping the doings of our digital selves is the only way to understand online behavior.
• A hacker is patching Citrix servers to maintain exclusive access
  FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations.
• Google reveals new Python programming language course: Scholarships for 2,500
  Google creates a new Python training certificate to boost your chances of getting a job.
• Huawei and 5G: Why the UK's decision is getting tougher every day
  The prime minister's decision about Huawei will say much about the UK's place in the world after Brexit.
• Home device listens for fire alarms, then shuts all doors
  A novel "zero power" microphone is behind the "always on" fire safety device.

• Mobile Banking Malware Up 50% in First Half of 2019
  A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
• FBI Seizes Domain That Sold Info Stolen in Data Breaches
  The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
• ADP Users Hit with Phishing Scam Ahead of Tax Season
  Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
• With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses
  Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.
• New Attack Campaigns Suggest Emotet Threat Is Far From Over
  Malware described by the DHS as among the worst ever continues to evolve and grow, researchers from Cisco Talos, Cofense, and Check Point Software say.
• NY Fed Reveals Implications of Cyberattack on US Financial System
  A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
• 2017 Data Breach Will Cost Equifax at Least $1.38 Billion
  Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.
• How to Comprehend the Buzz About Honeypots
  Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.
• Microsoft Patches Windows Vuln Discovered by the NSA
  The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
• Cloud Adoption & Technology Change Create Gaps in Enterprise Security
  Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows.
• 'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
  The oil & gas company is at the heart of the ongoing US presidential impeachment case.
• Attackers Increasingly Focus on Business Disruption
  Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business.
• Global Predictions for Energy Cyber Resilience in 2020
  How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
• Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
  A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
• Dustman Attack Underscores Iran's Cyber Capabilities
  For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
• Processor Vulnerabilities Put Virtual Workloads at Risk
  Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
• Website Collecting Australian Fire Donations Hit by Magecart
  The attack may have compromised donors' payment information.
• Texas School District Loses $2.3M to Phishing Attack
  The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.
• Will This Be the Year of the Branded Cybercriminal?
  Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
• Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam
  The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.

• Mobile Banking Malware Up 50% in First Half of 2019
  A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
• FBI Seizes Domain That Sold Info Stolen in Data Breaches
  The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
• Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
  Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
• Google Lets iPhone Users Turn Device into Security Key
  The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
• Why Firewalls Aren't Going Anywhere
  Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
• ISACs Join Forces to Secure the Travel Industry
  Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
• Microsoft Patches Windows Vuln Discovered by the NSA
  The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
• 'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
  The oil & gas company is at the heart of the ongoing US presidential impeachment case.
• Processor Vulnerabilities Put Virtual Workloads at Risk
  Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
• How to Keep Security on Life Support After Software End-of-Life
  It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
• Microsoft to Officially End Support for Windows 7, Server 2008
  Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
• Website Collecting Australian Fire Donations Hit by Magecart
  The attack may have compromised donors' payment information.
• Synopsys Buys Tinfoil
  Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
• Chinese Malware Found Preinstalled on US Government-Funded Phones
  Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
• AWS Issues 'Urgent' Warning for Database Users to Update Certs
  Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
• Developers Still Don't Properly Handle Sensitive Data
  The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
• Google's Project Zero Policy Change Mandates 90-Day Disclosure
  The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
• TikTok Bugs Put Users' Videos, Personal Data At Risk
  Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
• In App Development, Does No-Code Mean No Security?
  No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.
• The Discovery and Implications of 'MDB Leaker'
  The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.

Cyber Security Feed.