Google sets new rules for third-party apps to access Gmail data

All Gmail third-party apps with full access to Gmail user data will need to re-submit for a review by February 15, 2019, or be removed.

Google shuts down Google+ after API bug exposed details for over 500,000 users

Search giant says it found no evidence that any user data was misused.

It's 2018, and network middleware still can't handle TLS without breaking encryption

Appliance vendors fail to respond to bug reports. Some devices got worse after disclosure.

US government rolls out 2-step verification for .gov domain owners

DotGov program rolls out support for Google Authenticator app for the management of .gov domains.

MikroTik vulnerability climbs up the severity scale, new attack permits root access

A bug previously deemed medium in severity may actually be as "bad as it gets" due to a new attack technique.

Code execution bug in malicious repositories resolved by Git Project

The critical vulnerability can lead to the execution of code on a vulnerable system.

Dark web admin of Silk Road marketplace 'Libertas' pleads guilty

The underground marketplace was a hotbed of drugs, weapons, and other illegal products.

DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story

US and UK officials stand by Amazon and Apple's statements regarding Bloomberg chip hack story.

Firefox and Edge add support for Google's WebP image format

WebP image format gets new life courtesy of Microsoft and Mozilla. Apple is last browser maker without WebP support.

Amazon fires employee for sharing customers' email addresses

Employee firing likely connected to investigation Amazon started last month after Wall Street Journal report that employees were selling customer data and deleting reviews.

Microsoft pulls Windows 10 October Update (version 1809)

Microsoft cites problems with the latest update package deleting user files.

Web hosting providers take three days, on average, to respond to abuse reports

Some hosting providers take over two weeks to respond, with the worst taking over 19 days.

DOJ explains recent wave of cyber-espionage-related indictments

The DOJ has heard the cyber-security's criticism and has responded.

Cyberstalker thwarted by VPN logs gets 17 years in prison

Access logs from two VPN providers and Chrome forensic data recovered from a formatted PC send cyberstalker to prison.

Mozilla resolves critical code execution flaw in Thunderbird email client

The severe bug has been smoothed over as part of a wider security update.

G Suite admins get ability to remotely lock company-owned Android devices

More new features land in G Suite after Google enabled alerts for government-backed attacks earlier this week.

Russia's elite hacking unit has been silent, but busy

While APT28 was making fun of the DNC through Western media, Turla APT remained active and hacking in the shadows.

Hacker wastes entire day hacking Pigeoncoin cryptocurrency only to make $15,000

Pigeoncoin hack confirms that the CVE-2018-17144 vulnerability fixed in the Bitcoin source code in mid-September was, indeed, as bad as it gets.

Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking

Israeli government authorities warn users about new method of hijacking WhatsApp accounts.

After two decades of PHP, sites still expose sensitive details via debug mode

In 2018, some developers fail to deactivate debug mode for their web apps, leading to potentially catastrophic scenarios.

Russian Fancy Bear APT linked to Earworm hacking group

The hacking rings may be separate but it seems they share a system or two in order to launch their attacks.

Apple, Amazon deny claims Chinese spies implanted backdoor chips in company hardware: report

Updated: An investigation claims that a tiny chip implanted into server hardware facilitated backdoors into the systems of major tech companies and US government entities.

Burgerville customer credit card info stolen in data breach laid at Fin7's feet

Despite the recent arrests of alleged Fin7 members, the threat group is actively targeting US companies.

Phantom Secure CEO pleads guilty to providing drug cartels with encrypted phones

The Phantom Secure network was used to help criminals "go dark" and avoid law enforcement.

Super Evil - Enterprise Security Weekly #109

This week, Paul and John Strand interview Mike Gordover, iSenior Solutions Architect at ObserveIT! They discuss the current perception in the market of DLP, how ObserveIT’s solutions differ from traditional DLP, what challenges he faces when combating insider threats, and much more! In the Enterprise Security News, Mimecast offers free training kit as part of Cybersecurity Awareness Month, Microsoft will finally kill off the old Skype client (for real this time), LogRhythm receives patent for data monitoring tech, Tufin launches first of its kind program for MSSPs, three reasons why BlackBerry stock is potentially about to soar, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109

ObserveIT Landing Page: www.observeit.com/securityweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Google forcibly enables G Suite alerts for government-backed attacks

Google: This feature is good for you, so we'll just enable it. You're welcome!

Alphabet's Intra app encrypts DNS queries to help users bypass online censorship

New Intra app adds DNS-over-HTTPS support for older Android versions.

Hack Naked News #191 - October 2, 2018

This week, Robocallers get huge fines for spoofing phone numbers, 100,000 home routers used for Brazilian hacking scam, 85 reasons to update your Adobe PDF software, 9 NAS bugs open LenovoEMC, 5 major Security updates for Chrome extensions, and Twitter bans distribution of hacked materials ahead of the US midterm elections! Sven Morgenroth of Netsparker joins us for expert commentary this week on the most recent Facebook hack!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode191

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

DHS aware of ongoing APT attacks on cloud service providers

Attacks most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass.

North Korea's APT38 hacking group behind bank heists of over $100 million

New FireEye report provides insight into North Korea's financially-motivated hacking operations.

Gwinnett Medical Center investigates possible data breach

Updated: Patient records may have been leaked online due to the alleged security incident.

Hacker faces jail time after defacing US military academy, NYC sites

Over 11,000 websites of political or business value to the US were targeted.

Zoho domains central to keylogger, data theft campaigns worldwide

Updated: The Indian online office suite is reportedly being abused on a massive scale to exfiltrate data from compromised machines.

Bring Yoga Pants - Application Security Weekly #34

This week, Keith and Paul talk about landing a job in Application Security! They discuss attending local meetups and conferences, practicing your coding skills, getting educated by World Class security researchers, doing your homework, and much more! In the Application Security News, Facebook discloses the loss of at least 50 millions access tokens, Google admits to allowing hundreds of companies to read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Canadian restaurant chain suffers country-wide outage after malware outbreak

Some restaurant locations were temporarily shut down due to the IT outage, others continued to serve customers.

Some Apple laptops shipped with Intel chips in "manufacturing mode"

Apple fixed issue with an update released in June but other OEMs may also be affected.

New study finds 5 of every 6 routers are inadequately updated for security flaws

Consumer group blames open source libraries and the lack of auto-update mechanisms.

Twitter bans distribution of hacked materials ahead of US midterm elections

Twitter announces three new major rule changes to its site rules and policies.

Breaking bank security: Record theft rises to new heights

Recorded data breaches impacting the financial sector have close to tripled since 2016, new research suggests.

Facebook could face $1.63bn fine under GDPR over latest data breach

Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time.

Smash The Van - Paul's Security Weekly #577

This week, Paul interviews Mike Nichols of Endgame, Keith McCammon of Red Canary, & Shawn Smith of Panhandle Educators Federal Credit Union! Carlos Perez deliver the Technical Segment on How to Operate Offensively Against SysMon, and the crew will wrap the show with the Security News!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes!

Google to no longer allow Chrome extensions that use obfuscated code

Google publishes new rules for extensions and the Chrome Web Store.

Code execution vulnerabilities uncovered in Atlantis Word Processor

The software is used for creating Word documents and converting documents in a variety of formats.

Facebook sued hours after announcing security breach

Plaintiffs claim Facebook failed to protect their personal data. Want relief and punitive damages against Facebook.

FBI forces Apple iPhone X owner to unlock device through Face ID

Reports claim that law enforcement used a search warrant to force an iPhone owner to unlock their device through their face.

ATM wiretapping is on the rise, Secret Service warns

Drills are the weapon of choice for criminals who spy on your activities at the cash point.

Phishing campaign targets developers of Chrome extensions

If the campaign was successful, we should expect new cases of hacked extensions used to infect users.

Microsoft's efforts for a Digital Geneva Convention get underway

Microsoft launches online petition for cyber-peace at New York festival.

Two SIM swappers arrested for CMCT hack

Suspects stand accused of stealing cryptocurrency worth $14 million from a California startup.

Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks

Botnet redirects hijacked traffic to over 50 active phishing sites.

Telegram fixes IP address leak in desktop client

Telegram team forgot to add privacy-enhancing option for voice calls in desktop clients.

UK Conservative Party conference app leaks MPs' personal details

MP members received prank calls, had their phone numbers and email addresses shared online.

Facebook says it detected security breach after traffic spike

Facebook says the vulnerability hackers exploited was actually a combination of three bugs.

Python is a hit with hackers, report finds

Imperva: Up to 77 percent of the sites we monitor were attacked by a Python-based tool.

FBI solves mystery surrounding 15-year-old Fruitfly Mac malware

Fruitfly malware author used port scanning with weak or no passwords to identify potential victims.

Meet Torii, a new IoT botnet far more sophisticated than Mirai variants

The evolving IoT botnet is able to compromise an impressive array of architectures.

Teenage Apple hacker avoids jail for 'hacky hack hack' attack

The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker.

US sentences to prison its first ATM jackpotter

Argenys Rodriguez got 12 months and a day in prison for making ATMs spit out cash.

FBI warns companies about hackers increasingly abusing RDP connections

Millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks.

Port of San Diego suffers cyber-attack, second port in a week after Barcelona

Cyber-attacks have now been reported at three ports in the last two months