News Feed

• Facebook demands NYU Ad Observatory stop collecting data on site’s political ads, says WSJ
  Facebook said an effort by NYU to track who is shown what political ads violates Facebook's rules against bulk data collection.
• RIAA blitz takes down 18 GitHub projects used for downloading YouTube videos
  Main target of the takedown was the youtube-dl project, a Python library that had amassed more than 72k stars on GitHub and was used in many YouTube video ripping tools and services.
• Microsoft announces tech training partnership with Brazilian government
  The expectation is to train 5,5 million people in areas such as data science, cloud and artificial intelligence until 2023.
• US Treasury sanctions Russian research institute behind Triton malware
  US imposes sanctions against Russia's Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM).
• Hands on with Zenfox T3 dash cam: Perfect for Lyft, Uber, taxis, and ride-sharing
  The Zenfox T3-3CH triple channel dash cam has front, interior, and rear cameras for peace of mind.
• DARPA awards Xerox's PARC another Oceans of Things contract
  PARC's contract calls for up to 10,000 more compact drifters to compile data about oceans and environmental and human impacts.
• Apple notarizes six malicious apps posing as Flash installers
  Apple notarization process bypassed for the second time in six weeks.
• The best iPad: Which iPad model should you buy?
  Apple recently updated some of its iPad models. Follow along as we break Apple's tablet lineup down.
• Military takes over Brazil's National Data Protection Authority
  Members of the Armed Forces form the majority of the board of the body responsible for enforcing the data protection rules.
• AI security: This project aims to spot attacks against critical systems before they happen
  Microsoft has unveiled a new open-source "matrix" that hopes to identify all the existing attacks that threaten the security of machine learning applications.
• Phishing groups are collecting user data, email and banking passwords via fake voter registration forms
  With the election window closing, phishing groups are striking the iron while it's hot.
• Tibco to buy Information Builders' tech for analytics, integration. But will it blend?
  Two veterans of the analytics and integration space are coming together. But can Tibco truly integrate IBI, and finally do so with its numerous other acquisitions from the last 10 years?
• ZDNet poll: Is Google guilty of antitrust violations?
  The United States Department of Justice is taking Google to court, alleging that the search giant is violating antitrust law. Do you think they’re right?
• Ubuntu clouds on the Raspberry Pi
  Ubuntu 20.10 on Raspberry Pi now comes with the full Linux desktop and, believe it or not, support for clouds.
• Predictions 2021: Winning CIOs get future fit
  In 2021, future fit technology is the CIO's ticket to success. Seize the day and drive a future filled with promise, not peril, in the face of unprecedented change.
• Windows 10: Microsoft details workaround for 'Reset This PC' failures in 2004 update
  Microsoft confirms Windows 10 'Reset This PC' feature problems on some hardware running Windows 10 version 2004.
• Nvidia tackles code execution flaws, data leaks in GeForce Experience
  The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences.
• Criminal cyberattack is 'morally repugnant' says angry mayor, as council battles to restore services
  East London council tries to restore services after 'serious and complex' attack creates disruption.
• An autonomous construction site is in the works
  Retrofitting existing equipment may be a viable path to short-term autonomy on the job site.
• Microsoft Teams Salesforce tie-up: Now you can share customer data in Teams chat
  Microsoft Teams gains a Salesforce integration just like the Salesforce CRM app for Microsoft's enterprise chat rival Slack.

• US Treasury Sanctions Russian Institution Linked to Triton Malware
  Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
• Flurry of Warnings Highlight Cyber Threats to US Elections
  FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
• Botnet Infects Hundreds of Thousands of Websites
  KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
• Credential-Stuffing Attacks Plague Loyalty Programs
  But that's not the only type of web attack cybercriminals have been profiting from.
• To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
  The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
• Implementing Proactive Cyber Controls in OT: Myths vs. Reality
  Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
• Dealing With Insider Threats in the Age of COVID
  Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
• Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
  Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
• Are You One COVID-19 Test Away From a Cybersecurity Disaster?
  One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
• Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
  Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
• Ransomware Attacks Show Little Sign of Slowing in 2021
  With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
• NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
  Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
• Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
  Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
• GravityRAT Spyware Targets Android & MacOS in India
  The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
• Microsoft Tops Q3 List of Most-Impersonated Brands
  The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
• Trickbot, Phishing, Ransomware & Elections
  The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
• 7 Tips for Choosing Security Metrics That Matter
  Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
• A New Risk Vector: The Enterprise of Things
  Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
• Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
  At least three campaigns are now underway.
• US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
  The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

• A Pause to Address 'Ethical Debt' of Facial Recognition
  Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
• Botnet Infects Hundreds of Thousands of Websites
  KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
• WordPress Plug-in Updated in Rare Forced Action
  The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
• Oracle Releases Another Mammoth Security Patch Update
  October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
• Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
  A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
• As Smartphones Become a Hot Target, Can Mobile EDR Help?
  Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
• Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
  Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
• Farsight Labs Launched as Security Collaboration Platform
  Farsight Security's platform will offer no-cost access to certain tools and services.
• Microsoft Tops Q3 List of Most-Impersonated Brands
  The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
• Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
  At least three campaigns are now underway.
• Barnes & Noble Warns Customers About Data Breach
  Famed bookseller says non-financial data was exposed in a new attack.
• Zoom Announces Rollout of End-to-End Encryption
  Phase 1 removes Zoom servers from the key generation and distribution processes.
• Coalition Pokes Five Eyes on Call for Backdoors
  The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.
• Software AG Continues Efforts Against $20M Ransomware Attack
  The attack, which now includes extortion components, has moved into its second week.
• 3 Ways Companies are Working on Security by Design
  Execs from top financial organizations and other companies share insights on building a security culture.
• Google Brings Password Protection to iOS, Android in Chrome 86
  Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates.
• 6 Best Practices for Using Open Source Software Safely
  Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.
• Android Camera Bug Under the Microscope
  Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.
• 3 Ways Data Breaches Accelerate the Fraud Supply Chain
  The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks.
• 'Father of Identity Theft' Sentenced to 207 Months
  James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year.

Cyber Security Feed.