News Feed

• Fortnite on Google Play: Is a 30% cut worth the security benefits?
  Opinion: Google says there are no exceptions. Should Epic Games bite the bullet?
• How the cloud, an army of drones, and 3D mesh is saving the world's vital infrastructure
  Bridges in major cities are crumbling and in desperate need of inspection. Technology convergence offers a light at the end of a rickety tunnel.
• Verizon kills email accounts of archivists trying to save Yahoo Groups history
  Verizon says the archivists it has blocked breached its terms of service.
• LG G8X ThinQ Dual Screen, long-term test: Two screens good, but beware bulk and battery life
  The LG G8X ThinQ Dual Screen is an interesting and affordable alternative to a folding-screen handset, but it does have some significant drawbacks.
• Smart airports: This tech controls aircraft landings from hundreds of miles away
  An airport and its air-traffic control tower can be huge distances apart in Norway's remote-control project.
• Quick tip: How to run Wi-Fi diagnostics on your Mac
  There's nothing more frustrating than trying to connect to an Wi-Fi network and something isn't working right. However, macOS comes with tools you can use to diagnose and test your network connection, helping you to get back on the internet.
• How Panasonic is using internet honeypots to improve IoT device security
  Researchers at the electronics and home-appliance manufacturer leave connected devices open to the internet in a controlled environment - and watch how hackers attempt to attack them.
• ADHA to find new CEO as Tim Kelsey steps down
  During his tenure, millions have opted out of the ADHA's My Heath Record, however ten times that number have opted in.
• Ten cool and useful gadgets that make great last-minute gifts, and all are under $50
  The holidays can be an expensive time of year, which is why I have compiled a list of my favorite gadgets that cost less than $50.
• FTC rules Facebook users deceived by Cambridge Analytica
  The ruling comes 18 months after the scandal first broke.
• NSW government pledges increased transparency in its AI agenda
  The state government said it will launch its artificial intelligence strategy early March next year.
• Chinese government to replace foreign hardware and software within three years
  New Beijing "5-3-2" policy to give local tech scene a boost to the detriment of foreign companies.
• Bypass discovered to allow Windows 7 Extended Security Updates on all systems
  Windows hobbyists discover a way to enable (paid) Windows 7 Extended Security Updates on all systems.
• Canberra to put social media fake news under microscope
  It comes as Labor is fed up with Facebook's lack of action to filter out fake news.
• Ericsson hit with over $1 billion in fines for bribing government officials
  The company bribed Chinese government officials for at least 17 years.
• 2020 is when cybersecurity gets even weirder, so get ready
  AI-powered deepfakes, ransomware, IoT, and 5G all mean that protecting your data is about to get a lot harder.
• How much RAM does your Windows PC really need? (December 2019 edition)
  The bottom line is that you probably need more RAM than you think you can get away with!
• How much does 1.5TB of RAM cost?
  While most of us get away with having a few gigabytes of RAM, there are modern motherboards designed for workstations that can take enormous amounts of RAM. But lots of RAM is expensive. Very expensive.
• T-Mobile 5G, Qualcomm Snapdragons, Microsoft's Fluid app design (MobileTechRoundup show #488)
  Matt and Kevin both made purchases since the last podcast, Google/Alphabet made a leadership change, Microsoft focuses on consistent design ahead of its Android device release, and more are covered in the latest MobileTechRoundup podcast.
• The next generation of user experience is artificially intelligent
  The CEO of enterprise integration provider Dell Boomi has seen the emphasis shift to the front end.

• How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
  Money meant to fund an Israeli startup wound up directly deposited to the scammers.
• Data Center Provider CyrusOne Confirms Ransomware Attack
  The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
• VPN Flaw Allows Criminal Access to Everything on Victims' Computers
  Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
• US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
  Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
• What's in a Botnet? Researchers Spy on Geost Operators
  The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
• Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
  'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
• Navigating Security in the Cloud
  Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
• Attackers Continue to Exploit Outlook Home Page Flaw
  FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
• Application & Infrastructure Risk Management: You've Been Doing It Backward
  Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
• TrickBot Expands in Japan Ahead of the Holidays
  Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
• Smith & Wesson Is Magecart's Latest Target
  Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
• Leveraging the Cloud for Cyber Intelligence
  How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
• Data from 21M Mixcloud Users Compromised in Breach
  The music streaming service received reports indicating attackers gained unauthorized access to its systems.
• 3 Modern Myths of Threat Intelligence
  More intelligence does not lead to more security. Here's why.
• Google Details Its Responses to Cyber Attacks, Disinformation
  Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
• On the Border Warns of Data Breach
  Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
• DDoS: An Underestimated Threat
  Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
• NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
  An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
• T-Mobile Prepaid Hit by Significant Data Breach
  The breach, estimated to have affected more than a million customers, came from malicious external actors.
• They See You When You're Shopping: Holiday Cybercrime Starts Early
  Researchers notice year-end phishing attacks starting in July and ramping up in September.

• VPN Flaw Allows Criminal Access to Everything on Victims' Computers
  Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
• Password-Cracking Teams Up in CrackQ Release
  The open source platform aims to make password-cracking more manageable and efficient for red teams.
• (Literally) Put a Ring on It: Protecting Biometric Fingerprints
  Kaspersky creates a prototype ring you can wear on your finger for authentication.
• Microsoft Issues Advisory for Windows Hello for Business
  An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
• Application & Infrastructure Risk Management: You've Been Doing It Backward
  Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
• DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
  The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
• StrandHogg Vulnerability Affects All Versions of Android
  The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
• Data from 21M Mixcloud Users Compromised in Breach
  The music streaming service received reports indicating attackers gained unauthorized access to its systems.
• Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
  More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
• Google Details Its Responses to Cyber Attacks, Disinformation
  Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
• New Free Emulator Challenges Apple's Control of iOS
  An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system - and gives Apple a new headache.
• Practical Principles for Security Metrics
  A proactive approach to cybersecurity requires the right tools, not more tools.
• 7 Ways to Hang Up on Voice Fraud
  Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
• The Implications of Last Week's Exposure of 1.2B Records
  Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
• An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
  The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
• On the Border Warns of Data Breach
  Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
• Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
  Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
• T-Mobile Prepaid Hit by Significant Data Breach
  The breach, estimated to have affected more than a million customers, came from malicious external actors.
• They See You When You're Shopping: Holiday Cybercrime Starts Early
  Researchers notice year-end phishing attacks starting in July and ramping up in September.
• 1.2B Records Exposed in Massive Server Leak
  A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.

Cyber Security Feed.