This posting is here to collect cyber security news in April 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
402 Comments
Tomi Engdahl says:
Mar-a-Lago Intruder’s Room Had Signal Detector, Cash Hoard
https://www.bloomberg.com/news/articles/2019-04-08/mar-a-lago-trespasser-had-a-stash-of-electronics-judge-told
A Chinese woman who breached security at President Donald Trump’s Mar-a-Lago resort in Palm Beach, Florida, had an even larger cache of electronic devices than originally disclosed, including a signal detector used to locate hidden video or audio recorders.
Tomi Engdahl says:
Cryptominers Still Top Threat In March Despite Coinhive Demise
https://www.bleepingcomputer.com/news/security/cryptominers-still-top-threat-in-march-despite-coinhive-demise/
Tomi Engdahl says:
New Mirai Samples Grow the Number of Processor Targets
https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/
Tomi Engdahl says:
LockerGoga: It’s not all about the ransom
https://www.zdnet.com/article/industrial-malware-lockergoga-forces-victims-to-go-back-to-pen-and-paper/#ftag=RSSbaffb68
Updated: In some cases, LockerGoga makes it very difficult to pay blackmail demands to decrypt systems.
Variants of LockerGoga, a form of ransomware which targets industrial systems, have been discovered in which ransom payments appear to be an afterthought rather than the malware’s true purpose.
Tomi Engdahl says:
Hacker group has been hijacking DNS traffic on D-Link routers for three months
https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/
Other router models have also been targeted, such as ARG, DSLink, Secutech, and TOTOLINK.
Tomi Engdahl says:
Grab-and-go Baldr malware enters the black market
https://www.zdnet.com/article/grab-and-go-info-stealer-baldr-malware-enters-the-black-market/
Baldr has been linked to three prominent hackers in the Russian underground.
Tomi Engdahl says:
Reveton ransomware distributor sentenced to six years in prison in the UK
https://www.zdnet.com/article/reveton-ransomware-distributor-sentenced-to-six-years-in-prison-in-the-uk/
Zain Qaiser made at least $915,000 (£700,000) from Reventon ransom payments.
Tomi Engdahl says:
Tens of thousands of cars were left exposed to thieves due to a hardcoded password
A patch was rolled out in mid-February and the hardcoded credentials revoked.
https://www.zdnet.com/article/tens-of-thousands-of-cars-left-exposed-to-thieves-due-to-a-hardcoded-password/
The maker of a popular vehicle telematics system has left hardcoded credentials inside its mobile apps, leaving tens of thousands of cars vulnerable to hackers.
Security updates that remove the hardcoded credentials have been made available for both the MyCar Android and iOS apps since mid-February, the security researcher who found this issue told ZDNet today.
Similarly, the hardcoded credentials were also removed on the server-side to prevent any abuse against users who failed to update their apps.
The vulnerability, tracked as CVE-2019-9493, impacts the MyCar telematics system sold by Quebec-based Automobility Distribution.
Tomi Engdahl says:
Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released
https://thehackernews.com/2019/04/verizon-wifi-router-security.html
Tomi Engdahl says:
Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
https://thehackernews.com/2019/04/microsoft-patch-updates.html
Tomi Engdahl says:
Credential Dumping Campaign Hits Multinational Corporations
https://securityintelligence.com/credential-dumping-campaign-hits-multinational-corporations/
Server Misconfigurations Result in Ongoing Theft of Corporate Credentials, Cryptojacking Infections on User and Enterprise Assets
Tomi Engdahl says:
GOd vs. Germany: How did an amateur cybercriminal shake a whole country?
https://www.pandasecurity.com/mediacenter/news/god-cybercriminal-scare-germany/
January 4 2019. Germany awoke to a media storm. Personal data, emails, phone numbers, private, financial and even family information of a litany of public figures suddenly appeared online. Among those affected were hundreds of politicians (including Angela Merkel and President Frank-Walter Steinmeier), journalists (Hajo Seppelt), comedians (Jan Bohmermann), and even representatives of NGOs. Only one group was excluded from the leak: the German extreme right.
For the Federal Criminal Police Office (BKA), one thing was quite clear: not only had the cyberattack been deliberately prepared, but it was also a group effort.
Nevertheless, the BKA’s investigation led them to a somewhat more surprising conclusion: the person arrested for leaking all this data wasn’t the head of some international organization, or a world expert. Nor was he known to police before this incident. The person taken into custody was “GOd”, a 20 year old student who still lives with his parents.
Tomi Engdahl says:
Who is GOSSIPGIRL?
https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0
Tomi Engdahl says:
Triton Hackers Focus on Maintaining Access to Compromised Systems: FireEye
https://www.securityweek.com/triton-hackers-focus-maintaining-access-compromised-systems-fireeye
The existence of Triton, also known as Trisis and HatMan, came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye’s Mandiant was called in to investigate the incident and the company has been tracking the threat ever since.
FireEye revealed on Wednesday that it recently responded to another attack carried out by the Triton group against a critical infrastructure facility.
The cybersecurity firm says it has come across several custom tools used by the threat actor, including ones designed for credential harvesting (SecHack, WebShell), remote command execution (NetExec), and several backdoors based on OpenSSH, Bitvise, PLINK and Cryptcat. The attackers have also relied on widely available tools, such as Mimikatz.
FireEye, which previously linked Triton to a research institute owned by the Russian government, pointed out that disruptive attacks aimed at industrial environments take a lot of preparation.
Tomi Engdahl says:
Get Ready for the First Wave of AI Malware
https://www.securityweek.com/get-ready-first-wave-ai-malware
Tomi Engdahl says:
Shock revelation as massive American presidential election hack confirmed
The student election at Berkeley High School. What did you think we were talking about?
https://www.theregister.co.uk/2019/04/10/berkeley_election_hack/
A student government election in California has taken a bizarre turn after one of the candidates admitted to hacking fellow students in an effort to fix results.
According to local news site Berkeleyside, the unnamed student at Berkeley High School took advantage of weak passwords and default credentials to get into the email accounts of more than 500 fellow students and cast fraudulent votes for themself and another unsuspecting candidate.
The report notes that this year’s student body elections were the first to be held online, with students logging in and casting votes with the Google for Education email address
Least you think millennials are any better at infosec than us old heads, it turns out the students at Berkeley High (located in the shadow of the UC Berkeley campus, no less) had by and large been leaving the default login (a combination of “Berkeley” and the student’s district ID number) on their Google accounts.
While Google for Education does allow for two-factor authentication, the option must be enabled by an administrator, and while most kids these days have smartphones, getting multi-factor set up for an entire school district (Berkeley High School alone has 3,000 students) may not be practical.
Tomi Engdahl says:
New Variants of Mirai Botnet Detected, Targeting More IoT Devices
https://it.slashdot.org/story/19/04/09/2222257/new-variants-of-mirai-botnet-detected-targeting-more-iot-devices?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Mirai, the “botnet” malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016 — including one against the website of security reporter Brian Krebs — has gotten a number of recent updates. Now, developers using the widely distributed “open” source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.
Tomi Engdahl says:
Apple disables iPad for 48 years after toddler runs amok
Three-year-old will have own kid disable it in 2067
https://www.theregister.co.uk/2019/04/09/toddler_ipad_lockdown/
It’s something many of us have had to deal with: you type in the wrong code into your iPhone or iPad and it get disabled for some period of time.
It is a welcome security feature: it makes it difficult for someone who doesn’t have the code to get into your device and makes “brute force” attacks
But as anyone who has a small child will tell you, it can sometimes work against you
And Good Twitter had the solution.
Two days later and he is back with more news: “Update on toddler-iPad-lock-out: Got it into DFU mode (don’t hold down the sleep/power button too long or you end up in recovery). Now restoring. Thanks to those who shared advice!”
Tomi Engdahl says:
BT Tower broadcasts error message to the nation as Windows displays admin’s shame
A metaphor for Brexit or IT admin’s ineptitude?
https://www.theregister.co.uk/2019/04/08/bt_tower_broadcasts_error_message_to_the_nation_as_windows_crashes/
Generally a system crash is a private affair, but the BT Tower, one of London’s tallest landmarks, spent much of the weekend displaying a Windows error message in a very public fashion.
Tomi Engdahl says:
Protections Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta
https://blog.mozilla.org/futurereleases/2019/04/09/protections-against-fingerprinting-and-cryptocurrency-mining-available-in-firefox-nightly-and-beta/
Tomi Engdahl says:
Wifi cards found and removed from Huawei-backed surveillance system in Pakistan
https://www.newsbook.com.mt/artikli/2019/04/09/wifi-cards-found-and-removed-from-huawei-backed-surveillance-system-in-pakistan/?lang=en
Tomi Engdahl says:
A powerful hacker group behind the Triton malware strikes again
https://techcrunch.com/2019/04/09/triton-malware-strike/?tpcc=ECFB2019
A highly capable hacker group reportedly behind a failed plot to blow up a Saudi petrochemical plant has now been found in a second facility.
Tomi Engdahl says:
Google turns your Android phone into a security key
https://techcrunch.com/2019/04/10/google-turns-your-android-phone-into-a-security-key/?tpcc=ECFB2019
Your Android phone could soon replace your hardware security key to provide two-factor authentication access to your accounts.
a new protocol that uses Bluetooth but doesn’t necessitate the usual Bluetooth connection setup process.
Google says this new feature will work with all Android 7+ devices that have Bluetooth and location services enabled
For now, this also only works in combination with Chrome.
Tomi Engdahl says:
New York City Has a Y2K-Like Problem, and It Doesn’t Want You to Know About It
https://www.nytimes.com/2019/04/10/nyregion/nyc-gps-wireless.html
On April 6, something known as the GPS rollover, a cousin to the dreaded Y2K bug, mostly came and went, as businesses and government agencies around the world heeded warnings and made software or hardware updates in advance.
But in New York, something went wrong — and city officials seem to not want anyone to know.
At 7:59 p.m. E.D.T. on Saturday, the New York City Wireless Network, or NYCWiN, went dark, waylaying numerous city tasks and functions
Tomi Engdahl says:
Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords
https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/
Next-gen standard was supposed to make password cracking a thing of the past. It won’t.
Tomi Engdahl says:
Why the US still won’t require SS7 fixes that could secure your phone
https://arstechnica.com/features/2019/04/fully-compromised-comms-how-industry-influence-at-the-fcc-risks-our-digital-security/
The regulatory back door big telecom uses to weaken security regulation.
Tomi Engdahl says:
App could have let attackers locate and take control of users’ cars
https://nakedsecurity.sophos.com/2019/04/11/mobile-app-gave-attackers-access-to-users-cars/
The MyCar application, from Canada-based AutoMobility Distribution, allowed anyone that knew about the vulnerability to control, monitor, and access vehicles from an unauthorized device, experts said
Tomi Engdahl says:
http://atm.cybercrime-tracker.net
Tomi Engdahl says:
Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html?m=1
Tomi Engdahl says:
Amazon admits that employees review “small sample” of Alexa audio
https://arstechnica.com/tech-policy/2019/04/amazon-admits-that-employees-review-small-sample-of-alexa-audio/
Amazon says it uses human transcriptions to “improve the customer experience.”
Tomi Engdahl says:
Amazon Workers Are Listening to What You Tell Alexa
https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio
A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands.
Tomi Engdahl says:
HAS THE WORLD’S FIRST UNHACKABLE CHIP ARRIVED?
https://www.ozy.com/rising-stars/has-the-worlds-first-unhackable-chip-arrived/93028?utm_source=SM&utm_medium=Facebook&utm_name=Organic&utm_source=SM&utm_medium=Twitter&utm_name=Organic
Tomi Engdahl says:
Chinese ‘spies’ stole Dutch chip machinery giant’s secrets, newspaper says
https://www.scmp.com/news/china/diplomacy/article/3005738/chinese-spies-stole-dutch-chip-machinery-giants-secrets?utm_medium=Social&utm_source=Facebook#Echobox=1554976890
Tomi Engdahl says:
Hackers publish personal data on thousands of US police officers and federal agents
https://techcrunch.com/2019/04/12/police-data-hack/
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
Thousands of FBI agents just had their personal information stolen and published
https://www.rawstory.com/2019/04/thousands-fbi-agents-just-personal-information-stolen-published-hackers-report/
The hackers reportedly penetrated the sites through security flaws, downloaded each of their web servers, and posted the data to their own website. Some 4,000 agents’ personal information was exposed
Tomi Engdahl says:
Amazon admits that employees review “small sample” of Alexa audio
https://arstechnica.com/tech-policy/2019/04/amazon-admits-that-employees-review-small-sample-of-alexa-audio/
Amazon says it uses human transcriptions to “improve the customer experience.”
Most of the time, when you talk to an Amazon Echo device, only Amazon’s voice-recognition software is listening. But sometimes, Bloomberg reports, a copy of the audio is sent to a human reviewer at one of several Amazon offices around the world. The human listens to the audio clip, transcribes it, and adds annotations to help Amazon’s algorithms get better.
Amazon Workers Are Listening to What You Tell Alexa
https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
DHS warns about a bug in VPN apps from Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks, which can give attackers remote access to enterprise networks — Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break …
Homeland Security warns of security flaws in enterprise VPN apps
https://techcrunch.com/2019/04/12/enterprise-security-flaws/
Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’s internal network, according to a warning issued by Homeland Security’s cybersecurity division.
The VPN apps built by four vendors — Cisco, Palo Alto Networks, Pulse Secure and F5 Networks — improperly store authentication tokens and session cookies on a user’s computer.
The apps generate tokens from a user’s password and are stored on their computer to keep the user logged in without having to reenter their password every time. But if stolen, these tokens can allow access to that user’s account without needing their password.
But with access to a user’s computer — such as through malware — an attacker could steal those tokens
Tomi Engdahl says:
TechCrunch:
Microsoft says a “limited” number of its web email service accounts were breached between Jan. 1 and March 28 using a customer support agent’s credentials
https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/
Tomi Engdahl says:
Jennifer Valentino-DeVries / New York Times:
A detailed look at how police forces use “geofence” warrants and Google’s Sensorvault location history database to find witnesses and suspects near crime scenes
Tracking Phones, Google Is a Dragnet for the Police
https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html
The tech giant records people’s locations worldwide. Now, investigators are using it to find suspects and witnesses near crimes, running the risk of snaring the innocent.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Hackers claim they stole ~4K unique personnel records from sites related to the FBI National Academy Association, claim to have data from 1K+ more hacked sites — A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web
https://techcrunch.com/2019/04/12/police-data-hack/
Tomi Engdahl says:
Brian J. Barth / The Walrus:
Interview with RIM cofounder Jim Balsillie about his advocacy against the rise of surveillance capitalism in Canada and the Sidewalk Toronto smart city project
Are You Afraid of Google? BlackBerry Cofounder Jim Balsillie Says You Should Be
https://thewalrus.ca/are-you-afraid-of-google-blackberry-cofounder-jim-balsillie-says-you-should-be/
The entrepreneur who made billions putting BlackBerrys into pockets is now sounding the alarm about Big Tech’s creep toward surveillance capitalism
Tomi Engdahl says:
Katie Notopoulos / BuzzFeed News:
Facebook’s transparency tool that shows users which advertisers have used a contact list with their information is a nightmare for a normal person to use —
Facebook Showed Me My Data Is Everywhere And I Have Absolutely No Control Over It
https://www.buzzfeednews.com/article/katienotopoulos/facebook-advertisers-data-brokers-car-dealerships
A transparency tool on Facebook inadvertently provides a window into the confusing maze of companies you’ve never heard of who appear to have your data.
Tomi Engdahl says:
Andrea Peterson / Ars Technica:
SS7, a mobile protocol that can be hacked to track users or intercept calls, remains flawed after decades due to the FCC’s reliance on telecom industry advice
Why the US still won’t require SS7 fixes that could secure your phone
The regulatory back door big telecom uses to weaken security regulation.
https://arstechnica.com/features/2019/04/fully-compromised-comms-how-industry-influence-at-the-fcc-risks-our-digital-security/
Tomi Engdahl says:
Joseph Cox / Motherboard:
Source: Outlook, MSN, and Hotmail were affected in breach; Microsoft now says email content was also exposed for ~6% of users whose email accounts were hacked — Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.
Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support
Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.
Tomi Engdahl says:
Olivia Carville / Bloomberg:
Facebook suffers third major outage in 2019, with all of its services down for ~2 hours on Sunday, after a ~24-hour outage in March, and a smaller crash in Jan. — – Facebook, Instagram, WhatsApp and Messenger down for hours — Frustrated users took to Twitter to vent from across the world
Facebook Suffers Third Major Global Outage This Year
https://www.bloomberg.com/news/articles/2019-04-14/facebook-suffers-third-major-global-outage-this-year
Facebook Inc. suffered its third major outage this year, with users across the world unable to access the social network or its suite of services such as Facebook Messenger, Instagram and WhatsApp.
Facebook and Instagram were inaccessible on Sunday morning for several hours
The outages add to the woes of Facebook, already embattled by revelations it has failed to safeguard user data or stanch the spread of hate speech, fake news and other forms of disinformation.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
A security researcher publicly disclosed 0-day flaws in WordPress plugins before patches were available to protest support-forum moderators’ alleged behavior — Exploits published over the past three weeks exposed 160,000 websites to potent attacks.
A security researcher with a grudge is dropping Web 0days on innocent users
Exploits published over the past three weeks exposed 160,000 websites to potent attacks.
https://arstechnica.com/information-technology/2019/04/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users/
Over the past week, zeroday vulnerabilities in both the Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins—used by 60,000 and 30,000 websites respectively—have come under attack. Both plugins were removed from the WordPress plugin repository around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil issued a patch. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.
All three waves of exploits caused sites that used the vulnerable plugins to surreptitiously redirect visitors to sites pushing tech-support scams and other forms of online graft. I
All three of Plugin Vulnerabilities’ zeroday posts came with boilerplate language that said the unnamed author was publishing them to protest “the moderators of the WordPress Support Forum’s continued inappropriate behavior.” The author told Ars that s/he only tried to notify developers after the zerodays were already published.
“Our current disclosure policy is to full disclose vulnerabilities and then to try to notify the developer through the WordPress Support Forum, though the moderators there… too often just delete those messages and not inform anyone about that,” the author wrote in an email.
No remorse
The author said s/he scoured both Yuzo Related Posts and Yellow Pencil for security after noticing they had been removed without explanation from the WordPress plugin repository and becoming suspicious. “So while our posts could have led to exploitation, it also [sic] possible that a parallel process is happening,” the author wrote.
The author also pointed out that 11 days passed between the disclosure of the Yuzo Related Posts zeroday and the first known reports it was being exploited. Those exploits wouldn’t have been possible had the developer patched the vulnerability during that interval, the author said.
Whois Plugin Vulnerabilities?
The crux of the author’s beef with WordPress support-forum moderators, according to threads such as this one, is that they remove his posts and delete his accounts when he discloses unfixed vulnerabilities in public forums. A recent post on Medium said he was “banned for life” but had vowed to continue the practice indefinitely using made-up accounts. Posts such as this one show Plugin Vulnerabilities’ public outrage over WordPress support forums has been brewing since at least 2016.
To be sure, there’s plenty of blame to spread around recent exploits. Volunteer-submitted WordPress plugins have long represented the biggest security risk for sites running WordPress, and so far, developers of the open source CMS haven’t figured out a way to sufficiently improve the quality. What’s more, it often takes far too long for plugin developers to fix critical vulnerabilities and for site administrators to install them. Warfare Plugins’ blog post offers one of the best apologies ever for its role in not discovering the critical flaw before it was exploited.
But the bulk of the blame by far goes to a self-described security provider who readily admits to dropping zerodays as a form of protest or, alternatively, as a way to keep customers safe (as if exploit code was necessary to do that).
Tomi Engdahl says:
Thomas Brewster / Forbes:
When DEA got a warrant for LogMeIn to divulge a user’s passwords, LastPass’ encryption scheme meant it couldn’t produce them, but other customer info was given
What Happened When The DEA Demanded Passwords From LastPass
https://www.forbes.com/sites/thomasbrewster/2019/04/10/what-happened-when-the-dea-demanded-passwords-from-lastpass/#547d24e87ebe
The government makes very few demands for data from password managers, but when it does it expects a lot, including login information, Forbes has learned.
the Drug Enforcement Administration (DEA) demanded logins and physical and IP addresses, as well as communications between a user and LogMeIn, the owner of massively popular tool LastPass. It’s an encrypted vault for storing passwords. The DEA was seeking information related to a LastPass customer
Passwords were not handed over, but LastPass did return IP addresses used by the suspect, alongside information about when Caamano’s LastPass account was created and when it was last used. According to the government’s application for the search warrant, filed at the end of January 2019: “Such information allows investigators to understand the geographic and chronological context of LastPass access, use, and events relating to the crime under investigation.”
With enough evidence in hand, police arrested Caamano on May 29, when they seized a mobile device on which LastPass was installed. Police were also able to bypass encryption on the suspect’s CyberPowerPC, where they discovered an extension app for LastPass. But as they didn’t have the master password, the police couldn’t get access to the account and the logins within.
No passwords available
Despite its demand, the government could never have expected passwords from LastPass. A LogMeIn spokesperson explained: “User passwords stored on LogMeIn’s servers are only done so in an encrypted format. The only way they get decrypted is on the user’s side, and the way that happens—the decryption key—is the user’s master password (used to log into LastPass), which is never received by or available to LogMeIn/LastPass. In other words, we have no means of decrypting user password information on our side, and thus, we are unable to provide these passwords.”
The spokesperson said it receives fewer than ten such requests a year, startlingly low for a product that has 13.5 million users.
LogMeIn was also keen to stress its opposition to government calls for backdoors in tech that might allow police a way past encryption. “It is the policy and position of LogMeIn that the company does not create such backdoors or decryption techniques to provide access to customer data.”
Other password managers have gone to similar lengths to prevent the government from getting easy access to customer logins. Jessy Irwin, a cybersecurity practitioner who was previously “security empress” at LastPass rival 1Password, said her former employer tried to make accessing customers’ private data incredibly difficult for anyone. “One of the biggest things we very deliberately focused on,” she said, “ was not being able to collect browser history, something that would be well within the realm of possibility for other password managers that don’t make conscious privacy choices. … Asking us for data was useless.”
Tomi Engdahl says:
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
https://www.networkworld.com/article/3388646/govt-warns-on-vpn-security-bug-in-cisco-palo-alto-f5-pulse-software.html?nsdr=true
VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system.
multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.
Jerry Kevin says:
Nice
Tomi Engdahl says:
Kaspersky: 70 percent of attacks now target Office vulnerabilities
https://www.zdnet.com/article/kaspersky-70-percent-of-attacks-now-target-office-vulnerabilities/
That’s more than four times the percentage the company was seeing two years before, in Q4 2016.
Microsoft Office products are today’s top target for hackers, according to attack and exploitation data gathered by Kaspersky Lab.
Tomi Engdahl says:
Joi Ito / Wired:
Locking kids out of big internet platforms is not the solution to commercial bad actors, we should optimize algorithms instead to make them safer for kids
Optimize Algorithms to Support Kids Online, Not Exploit Them
https://www.wired.com/story/optimize-algorithms-support-kids-online-not-exploit-them/
BBC:
UK data watchdog proposes a 16-rule code of practice for online services to protect children’s privacy that includes ending “nudge techniques” and more
Under-18s face ‘like’ and ‘streaks’ limits on social media
https://www.bbc.com/news/technology-47933521