Table of Contents
- Problematic monetization in security products, Avira edition
- Attackers Terrify Homeowners After Hacking Ring Devices
- Offering software for snooping to governments is a booming business
- EFF Report Shows FBI Is Failing to Address First Amendment Harms Caused By National Security Letters
- Researchers Fooled Chinese Facial Recognition Terminals With Just a Mask
- German govt proposes law to force WhatsApp Gmail etc to hand over user passwords
- Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
- Digital rights
- Password reuse
German hospital computer systems infected
Klinkum in Fürth has been impacted by a "cyber attack", and doesn't take new patients anymore.
New Orleans City Government Shuts Off Computers After Cyberattack
New Orleans city hall was struck by an attack, workers were
told to turn off and unplug their computers, and the city
websites are also down. They activated the emergency
operations center and are working with law enforcement to
solve the issue. All emergency services (911 and 311 calls)
were not impacted. The mayor said this was a ransomware
attack, but they have not received or found a ransom demand
Attackers Steal Credit Cards in Rooster Teeth Data Breach
The Rooster Teeth production company, suffered an attack that redirected shoppers to a fake payment form, which allowed attackers to steal names, email addresses, telephone number, physical address, and payment information.
A small Wisconsin company stored thousands of people’s CDs, then vanished
Customers have lost thousands of dollars after a Wisconsin company that digitized people's audio CDs, vinyl and cassettes has stopped operating. Even the CEO didn't know who was responsible.
Problematic monetization in security products, Avira edition
Technical analysis of the Avira Browser Safety add-on reveals concerning practices, allowing the vendor to reconstruct the whole browsing history of its users and more.
Attackers Terrify Homeowners After Hacking Ring Devices
More Ring camera devices getting spied on, with attackers having creepy conversations with unsuspecting children. NulledCast streams live podcasts on random targets such as Ring and Nest trolling. Ring claims that no unauthorized access to its systems were made, and the attacks originate from credential stuffing, where username:password combinations were obtained by attackers from previous public breaches.
Offering software for snooping to governments is a booming business
Jamal Khashoggi, a Saudi journalist and critic of the kindgdom's government, was killed while visiting the consulate in Istanbul. After denying responsability, the Saudi government admitted that he was killed in a rogue operation. Two months later, another Saudi resident filled a lawsuit against NSO Group, claiming they have licensed Pegasus, a spyware used by the Saudi government to spy and execute Mr. Khashoggi. WhatsApp has also sued the firm, saying its software has been used to hack roughly 1400 users.
EFF Report Shows FBI Is Failing to Address First Amendment Harms Caused By National Security Letters
EFF released a report based on in-depth analysis of records obtained via a Freedom of Information Act request, criticizing FBI approach and claiming they violate the first amendment rights of the NSL recipients.
Researchers Fooled Chinese Facial Recognition Terminals With Just a Mask
An AI company, Kneron, ran a series of tests at facial recognition terminals in China, and found out that a 3D mask of the face is enough to fool the terminals and allow the purchase at AliPay and WeChat terminals at shops in China.
German govt proposes law to force WhatsApp Gmail etc to hand over user passwords
Now the German goverment is going bananas over the terrorists/pedophiles/nazis threat in order to force tech companies to turn over user data, including usernames, passwords (who stores them unencrypted anyways?), IP addresses and port number (wtf???). Should we all abandon multi-factor authentication now and store passwords in cleartext?
Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
EFF released a detailed technical report analyzing third party trackers in the corporate world.
India Shuts Down Internet Once Again, This Time In Assam and Meghalaya
In response to protests, India has shut down internet in the states of Assam and Meghalaya, in what seems to be a new global trend for governments trying to silence its own citizens.
Apple to Fix Bug That Bypasses Communication Controls for Kids
Communication limts feature in Apple used for parental control could be bypassed when the contacts are not stored in iCloud, but on other services
Cracking LUKS/dm-crypt passphrases
Nice article about how to crack luks/dm-crypt passphrases using john/hashcat and custom scripts.
ChinaZ introduces new undetected malware
A new malware strain used to build a DDoS botnet was discovered and analyzed by Intezer.
49% of workers, when forced to update their password, reuse the same one with just a minor change
A survey of 200 people revealed that not only 72% of users reuse the same password in their personal life, but also 49% reused the same password with a minor change when forced to update their password. Also writing passwords in a text file or on a physical paper is still a thing people do.
Thief Stole Payroll Data for Thousands of Facebook Employees
Personal banking information from tens of thousands of Facebook employees was compromised when a thief stole corporate hard drives from an employee's car. The unencrypted hard drives contained names, bank account numbers, last 4 digits of social security numbers, compensation information, bonuses and some equity details. In total about 29k US employees who worked at Facebook in 2018 were impacted.
Windows 10 mobile is dead
If it wasn't already known, the Windows 10 Mobile has been dead, now already oficial.