Security Leftovers
-
Scoop News Group ☛ Google to wind down app store bug bounty
The tech giant says it is receiving fewer vulnerabilities and that security improvements have resulted in a more secure Android ecosystem.
-
SANS ☛ Mapping Threats with DNSTwist and the Internet Storm Center (Tue, Aug 20th)
-
Google ☛ Seamlessly use your passwords and addresses in Chrome across all devices [Ed: Google sucking up all the users' passwords is a catastrophe]
Last October, we introduced a new identity model on iOS (Chrome 118) and are excited to bring it to Android devices and Desktop soon. This model aligns closely with how you already use other Surveillance Giant Google apps and services. When we first launched Chrome sync back in 2009, powered by the Surveillance Giant Google Account, our goal then, as it is today, was simple: help users access their bookmarks, passwords, tabs and more, across devices. At the time, this was best achieved by a sync model: synchronizing device data with your account and therefore requiring both sign-in and enabling sync.
-
Silicon Angle ☛ Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability
A new report out today from Symantec, a division of Broadcom Inc., is warning of a new sophisticated backdoor threat that has been spotted in the wild targeting a university in Taiwan. Dubbed Backdoor.Msupedge, the backdoor uses an infrequently seen technique that involves communicating with a command-and-control service via DNS traffic.
-
Silicon Angle ☛ Toyota alleges stolen customer data published on hacking site came from outside supplier [Ed: The go-to excuse of outsourcing as accountability dodge]
Data relating to customers of Toyota Motor Co. has been shared online in yet another case involving the Japanese car maker and a data breach, but Toyota is claiming that the data came from a third-party supplier and that it was not directly breached.
-
RFERL ☛ U.S. Intelligence Officials Say Iran Is To Blame For Hacks Targeting Trump, Harris Campaigns
U.S. intelligence officials said August 19 they were confident that Iran was responsible for the hack of Donald Trump's presidential campaign, casting the cyber intrusion as part of a brazen and broader effort by Tehran to interfere in American politics.
-
How to Optimize Security in Cloud-Native Applications
How to optimize the security of cloud-native applications and ensure the resilience and reliability of critical cloud-based services.
-
Security Week ☛ F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus
F5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus.
-
Security Week ☛ CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding
Clark Construction has been tasked with building the 630,000 square foot sustainable state-of-the-art facility for CISA.
-
Security Week ☛ Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover
A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion.
-
Federal News Network ☛ IRS working to improve data security after major tax return leak
The IRS' inspector general says protecting taxpayer data continues to be a major challenge for the agency, as it struggle with several key cybersecurity areas.
-
Security Week ☛ Major Backdoor in Millions of RFID Cards Allows Instant Cloning
Backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
-
Bruce Schneier ☛ Hacking Wireless Bicycle Shifters
This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack.