News Feed

• It's not your imagination: Work-from-home tech prices have surged in the pandemic
  We use charts and graphs to break the news to you gently: your wallet is crying out in pain. Prices have gone up, and probably will continue to do so.
• Researchers tout quantum algorithm to characterise noise
  The research explains a way around the main obstacle for building large-scale quantum computers, noise.
• Toshiba formally leaves the laptop business
  It’s been 35 years, but now the tech giant’s presence in the laptop industry has come to an end.
• Permanent beta: Why frugal innovation is such a hot concept for entrepreneurs
  A method of creating new products that are better, cheaper and more sustainable - who wouldn't be onboard with that?
• Avaya tops Q3 revenue targets, guidance strong
  For the current quarter, Avaya expects revenue in the range of $720 million to $740 million, above analyst estimates for revenue of $694 million.
• Microsoft releases Minecraft Education Edition for Chromebooks
  Microsoft is updating the education edition of Minecraft across platforms and rolling it out for the first time on Chromebooks in time for back-to-school.
• Google rolls out improvements for Android TV developers
  Along with the updates, Google shared new stats showing Android TV's growth in the smart TV market.
• Apple takes umbrage with small company’s pear logo, legally opposes trademark
  Oranges and pear-related logos appear to be in the firing line.
• Brydge 12.3 Pro Plus keyboard hands-on: Skip the Type Cover and enjoy your Microsoft Surface Pro on your lap
  Microsoft's Surface Pro computers continue to impress me with stunning design elements and daily performance, but the Surface Type Covers let me down in some use cases. Brydge just released its newest keyboard solution and it has replaced my dirty Type Cover.
• All hail, Rob Hale: 10 business lessons from the most philanthropic CEO in Massachusetts
  Rob Hale and his company Granite Telecommunications made nearly $300 million in charitable donations over the past few years. See how Hale and his team exemplify the belief that businesses can be the greatest platform for change.
• Open source observability marches on: New Relic and Grafana Labs partnership brings benefits to developers
  The perfect observability storm with open source leading the way, and a partnership that makes sense
• Salesforce, CVS Health combine return-to-work solutions
  Salesforce is combining its Work.com capabilities with CVS Health's "Return Ready" COVID-19 testing options.
• Improving my iPhone photos with ShiftCam's lens case
  ShiftCam's tracked-lens fittings make adding extra capabilities to an iPhone camera a snap.
• Finalists chosen in global engineering challenge to save humanity
  A hybrid multi-crop greenhouse dryer, portable desalination: See the ideas that could save lives around the world.
• People do strange things in doorways: Density watches the office as employees come back
  Companies are sending some workers back to their cubicles and to the factory floor. San Francisco startup Density is racking up business using sensors and machine learning to map how people occupy those spaces.
• Have I Been Pwned to release code base to the open source community
  Troy Hunt has made the decision following an unsuccessful attempt to have the platform acquired.
• How coronavirus has exposed Middle East's gaping digital divide
  The problems facing the region's tech have-nots were bad enough before the pandemic struck.
• How to get legacy Edge back on Windows 10
  If your PC got upgraded to the Chromium-based Edge browser but you still need (or just want) to use legacy Edge, here's one way to do it.
• Unihertz Titan: Back to the future
  Need a tough, rugged smartphone with a physical keyboard? The Unihertz Titan may be the handset for you.
• Telstra Enterprise set to build Tasmanian Government Radio Network
  Contract negotiations begin on emergency network to replace five other networks.

• Reddit Attack Defaces Dozens of Channels
  The attack has defaced the channels with images and content supporting Donald Trump.
• Researcher Finds New Office Macro Attacks for MacOS
  Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
• IoT Security During COVID-19: What We've Learned & Where We're Going
  Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
• Dark Reading Video News Desk Returns to Black Hat
  UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
• Exploiting Google Cloud Platform With Ease
  Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
• Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
  Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they've detected, and suggest mitigations as businesses rely more heavily on the cloud.
• Information Operations Spotlighted at Black Hat as Election Worries Rise
  From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
• Using IoT Botnets to Manipulate the Energy Market
  Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
• Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
  SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
• The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
  Researchers Peleg Hader and Tomer Bar of SafeBreach share details of the three vulnerabilities they found in Windows Print Spooler that could allow an attacker to sneak into the network through an old printer service mechanism.
• Platform Security: Intel Pushes to Reduce Supply Chain Attacks
  SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
• 2019 Breach Leads to $80 Million Fine for Capital One
  The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
• Four Rules and Three Tools to Protect Against Fake SaaS Apps
  Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
• 3 Tips For Better Security Across the Software Supply Chain
  It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
• Russian Election Interference: What's Next?
  Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
• Attack of the Clone: Next-Gen Social Engineering
  NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
• Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
  Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
• DDoS Attacks Doubled in Q2 Compared with Prior Quarter
  Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
• How Ransomware Threats Are Evolving & How to Spot Them
  A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
• Retooling the SOC for a Post-COVID World
  Residual work-from-home policies will require changes to security policies, procedures, and technologies.

• Vulnerability Prioritization: Are You Getting It Right?
  Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
• Reddit Attack Defaces Dozens of Channels
  The attack has defaced the channels with images and content supporting Donald Trump.
• Researcher Finds New Office Macro Attacks for MacOS
  Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
• Getting to the Root: How Researchers Identify Zero-Days in the Wild
  Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
• Dark Reading Video News Desk Returns to Black Hat
  UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
• On 'Invisible Salamanders' and Insecure Messages
  Cornell researcher Paul Grubbs discusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
• Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
  Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they've detected, and suggest mitigations as businesses rely more heavily on the cloud.
• Remotely Hacking Operations Technology Systems
  Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
• 2019 Breach Leads to $80 Million Fine for Capital One
  The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
• Four Rules and Three Tools to Protect Against Fake SaaS Apps
  Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
• 3 Tips For Better Security Across the Software Supply Chain
  It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
• What a Security Engineer & Software Engineer Learned by Swapping Roles
  A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
• Tales from the Trenches Show Security Issues Endemic to Healthcare
  The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
• Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
  SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
• HealthScare: Prioritizing Medical AppSec Research
  Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
• How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
  Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
• Voatz Delivers Multilayered Security to Protect Electronic Voting
  SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.
• 3 Tips for Securing Open Source Software
  Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
• Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
  The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
• FBI Warns on New E-Commerce Fraud
  A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.

Cyber Security Feed.