This posting is here to collect cyber security news in December 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
197 Comments
Tomi Engdahl says:
Now Any Government Can Buy China’s Tools for Censoring the Internet
Beijing’s ‘autocracy as a service’ is becoming the top choice for governments that want to control the internet
https://onezero.medium.com/now-any-government-can-buy-chinas-tools-for-censoring-the-internet-18ed862b9138
Tomi Engdahl says:
Labour’s Ben Bradshaw claims he was target of Russian cyber-attack
Frequent critic of Kremlin interference in the UK was sent suspicious email from Moscow
https://www.theguardian.com/world/2019/dec/03/labours-ben-bradshaw-claims-he-was-targeted-in-russian-cyber-attack?CMP=share_btn_fb
Tomi Engdahl says:
IBM sounds alarm about more data-wiping malware from Iran
https://www.cyberscoop.com/iran-destructive-malware-ibm/
IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East.
The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post.
https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/
Tomi Engdahl says:
An Update on Android TLS Adoption
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
Android 7 (API level 24) introduced the Network Security Configuration in 2016, allowing app developers to configure the network security policy for their app through a declarative configuration file. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain.
Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Report: BMW discovered and monitored Vietnam-backed hackers who stayed active on its network since at least the spring of 2019; Hyundai was also targeted
BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/
The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019.
BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.
Tomi Engdahl says:
Atlassian scrambles to fix zero-day security hole accidentally
disclosed on Twitter
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
Twitter security celeb SwiftOnSecurity on Tuesday inadvertently
disclosed a zero-day vulnerability affecting enterprise software biz
Atlassian, a flaw that may be echoed in IBM’s Aspera software.
Tomi Engdahl says:
How Internet resources worth R800 million were stolen and sold on the
black market
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
The theft and sale of large swaths of valuable African Internet
resources was an inside job, Internet investigator Ron Guilmette has
concluded after five months of detective work.
Tomi Engdahl says:
The hilarious real reason why the F-22 can’t be hacked
https://www.wearethemighty.com/gear-tech/f-22-cant-be-hacked
The F-22 is the fastest combat aircraft in the U.S. Air Force, even after the development of the F-35.
“No one in China knows how to program the ’83 vintage IBM software that runs them,” he said.
Tomi Engdahl says:
In cyber, the US can’t ‘enforce standards that don’t exist’
https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social
Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as needed to protect data and systems, the chief of naval operations said during a service chiefs panel at the Reagan National Defense Forum.
All four chiefs pledged support to Gen. Paul Nakasone, commander of U.S. Cyber Command. But they also acknowledged the challenge that comes with the lack of international doctrine.
“We have international norms in the maritime; we don’t have those in cyber,”
“It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. It’s a challenge.”
“Those types of agreements take time,” he added. “Unfortunately, they sometimes follow a catastrophic event.”
NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Tomi Engdahl says:
I asked a hacker to spy on me via my Amazon account. It took him 5 minutes to break in
https://kuow.org/stories/primed-season-3-episode-8
Tomi Engdahl says:
When Chris Long received a bone marrow transplant, he became a chimera of sorts. He had two sets of DNA.
https://www.iflscience.com/health-and-medicine/crime-scene-dna-reliability-called-into-question-after-man-s-bone-marrow-transplant/
Tomi Engdahl says:
https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/?utm_campaign=site_visitor.unpaid.engagement&utm_source=facebook&utm_medium=social_share&utm_content=2019-12-10
Apple and Facebook sent representatives today to Washington, DC, where senators pushed them to create lawful back doors to encrypted data.
A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone.
But the heat is on: “My advice to you is to get on with it,” Senator Lindsey Graham told the Silicon Valley giants at today’s Senate Judiciary Committee hearing. “Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.” Apple and Facebook representatives at the hearing came under fire from senators in both parties, while Manhattan district attorney Cy Vance, one of the biggest advocates of back doors, was treated as a star witness.
The risks: Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas.
Tomi Engdahl says:
Congress warns tech companies: Take action on encryption, or we will
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/?UniqueID=37140E92-1B8A-11EA-9F40-39C3923C408C&ftag=COS-05-10aaa0a&TheTime=2019-12-10T20%3A18%3A23&ServiceType=facebook_page&PostType=link&fbclid=IwAR2O_EQxpEZ17TTcN5dwyiPSvoAAjQntEgOcC81BKKw5OMTYicSkUfqGYCU
US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Congress sent a warning to tech giants on Tuesday, telling companies including Apple and Facebook that it intends to pass legislation to regulate encryption if Silicon Valley can’t reach an acceptable compromise with law enforcement agencies.
Tomi Engdahl says:
20 years prison for Romanian hackers who infected 400,000 computers
https://www.hackread.com/20-years-prison-romanian-hackers-infected-computers/
Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users.
Tomi Engdahl says:
Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.
https://www.forbes.com/sites/thomasbrewster/2019/12/09/are-you-one-of-avasts-400-million-users-this-is-why-it-collects-and-sells-your-web-habits/
Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.
That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it’s working with Mozilla to get its products back online.
But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.
Here’s how it works, according to Vlcek: Avast users have their Web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.
Avast’s user data sales have attracted concern as recently as last week, though. Adblock Plus founder Wladimir Palant has been tracking Avast’s Web browsing over 2019, and he reported the data slurping to Mozilla and Opera before they removed the add-ons from their stores just last week.
Tomi Engdahl says:
Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit:
Macronin toimisto sumutti vakoojia vitseillä
https://www.hs.fi/ulkomaat/art-2000006337940.html
Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton
kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia
jakamalla heille väärää tietoa.
Tomi Engdahl says:
Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked
the decryptor
https://www.theregister.co.uk/2019/12/10/ryuk_decryptor_broken_latest_strain/
Oracle DBs particularly vulnerable to fake decryptions, say
researchers. If you’re an Oracle database user and are tempted to pay
off a Ryuk ransomware infection to get your files back, for pity’s
sake, don’t. The criminals behind it have broken their own decryptor,
meaning nobody will be able to unlock files scrambled by the malicious
software.
Tomi Engdahl says:
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Tomi Engdahl says:
Raju hakkerihyökkäys, virussuojaus oli päivän myöhässä 10 vuoden
edestä valtion asiakirjoja kaapattiin
https://www.tivi.fi/uutiset/tv/e9f58ed2-e081-4210-bdb2-5ad2de29e271
tapahtuneen marraskuun 25. päivänä. Hakkerit onnistuivat
kryptaamaan jopa 7700 gigatavua tiedostoja yhteensä kymmenen vuoden
ajalta. Valtionhallinnossa oli käytössä haittaohjelmilta suojaava
virusohjelmisto, mutta kyseisen haitakkeen tunnistustiedot siihen
saatiin vasta hyökkäystä seuraavana päivänä
https://thenextweb.com/hardfork/2019/12/09/bitcoin-ransomware-government-data-argentina/
Tomi Engdahl says:
Intel Patches Plundervolt, High Severity Issues in Platform Update
https://www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-platform-update/
Intel addressed 14 security vulnerabilities during the December 2019
Patch Tuesday, with seven of them being high and medium severity
security flaws impacting multiple platforms including Windows and
Linux. The security issues patched today were detailed in the 9
security advisories published by Intel on its Product Security Center,
with the company having delivered them to customers through the Intel
Platform Update (IPU) process. The vulnerabilities disclosed today
could allow authenticated or privileged users to potentially enable
information disclosure, trigger denial of service states, escalate
privileges, or execute malicious code at an elevated level of
privilege via local access. Each advisory comes with a detailed list
of all affected products as well as recommendations for vulnerable
products, and also include contact details for users and researchers
who would want to report other vulnerabilities found in Intel branded
tech or products.
Tomi Engdahl says:
https://www.securityweek.com/adobe-patches-critical-flaws-acrobat-brackets-photoshop
A total of 21 vulnerabilities have been patched in Acrobat and Reader, including critical out-of-bounds write, use-after-free, heap overflow, buffer error, untrusted pointer dereference, and security bypass issues that can be exploited for arbitrary code execution.
Tomi Engdahl says:
Hackers allegedly emptied brokerage accounts with a simple email scam — here’s how to protect yourself
https://www.cnbc.com/2019/12/11/how-to-protect-your-brokerage-account-from-email-scams.html
Brooklyn prosecutors said in november that a Lithuanian man and an unknown co-conspirator emptied the brokerage accounts of hapless victims of hundreds of thousands of dollars. It would have been more, but for a handful of investors who made some seemingly simple but savvy moves to stop the fraud from happening
Tomi Engdahl says:
#YOLO WINXP RDP VULN RELEASED WITH NO PATCH (via twitter @[DaveFoose](https://twitter.com/DaveFoose)) [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1489](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1489)
Tomi Engdahl says:
Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
The December 2019 Android Security Bulletin has been published by Google and contains details of several vulnerabilities within the Android operating system. In total, three vulnerabilities have been given a critical rating. However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you. Unfortunately, not all Android devices receive these security updates, and those that do don’t necessarily get them as quickly as they should.
Tomi Engdahl says:
FBI shares security advice for online shopping
https://www.zdnet.com/article/fbi-shares-security-advice-for-online-shopping/
FBI: Use credit cards rather than debit cards, don’t use public WiFi,
keep your devices updated, and more. Ahead of the yearly Christmas
shopping spree, one of the FBI’s regional offices has published
yesterday a series of security tips to help users stay safe while they
shop online.
Tomi Engdahl says:
Beware of bad Santas this Xmas: Piles of insecure smart toys fill
retailers’ shelves
https://www.theregister.co.uk/2019/12/11/top_toys_still_toppled_by_security_testing/
Latest Which? study with NCC Group highlights toys it ain’t smart to
buy. It seems to come around quicker every year the failure of
so-called smart toys to meet the most basic of security requirements.
Which?
Tomi Engdahl says:
https://thehackernews.com/2019/12/nginx-copyright-rumbler.html?m=1
Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world’s second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider.
Over 30% of the websites on the Internet today, including many of the world’s most popular sites like Netflix and Twitch, run on the Nginx server.
Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks, an American technology company, for $ 670 million.
Tomi Engdahl says:
Russian police raid NGINX Moscow office
Russian search engine Rambler.ru claims full ownership of NGINX code
https://www.zdnet.com/article/russian-police-raid-nginx-moscow-office/
Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology.
Equipment was seized and employees were detained for questioning.
Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code.
According to the Netcraft December 2019 Web Server Survey, NGINX has market share of 38%.
Tomi Engdahl says:
Apple Used the DMCA to Take Down a Tweet Containing an iPhone
Encryption Key
https://www.vice.com/en_us/article/pkeeay/apple-dmca-take-down-tweet-containing-an-iphone-encryption-key
Apple asked Twitter to take down a viral tweet posted by an
independent iPhone security researcher. Then, the company backtracked
and asked for the tweet to be re-posted. Security researchers are
accusing Apple of abusing the Digital Millennium Copyright Act (DMCA)
to take down a viral tweet and several Reddit posts that discuss
techniques and tools to hack iPhones. On Sunday, a security researcher
who focuses on iOS and goes by the name Siguza posted a tweet
containing what appears to be an encryption key that could be used to
reverse engineer the Secure Enclave Processor, the part of the iPhone
that handles data encryption and stores other sensitive data.
Tomi Engdahl says:
Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards
https://www.bleepingcomputer.com/news/security/hundreds-of-counterfeit-sneaker-sites-hacked-to-steal-credit-cards/
As the craze for the latest Off-White, Nike, and Adidas sneakers heats
up, sites selling counterfeit kicks have popped up to capitalize on
sneakerheads searching for the best deal. To make a bad deal even
worse, hackers are now targeting these sites to install malicious
Magecart scripts that also steal your credit card information. When
shoppers purchase sneakers off of counterfeit sites, they will find
that they didn’t get the sneakers they were expecting, and in some
cases, may not get anything at all. In a new report, Malwarebytes has
discovered a large-scale hacking operation that is targeting these
counterfeit sneaker sites and infecting them with malicious scripts to
steal shopper’s credit cards.
https://blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/
Tomi Engdahl says:
Cybersecurity: This password-stealing hacking campaign is targeting
governments around the world
https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/
Researchers uncover a phishing campaign attempting to steal login
credentials from government departments across North America, Europe
and Asia – and nobody knows who is behind it. A mysterious new
phishing campaign is targeting government departments and related
business services around the world in cyber attacks which aim to steal
the login credentials from the victims.
Tomi Engdahl says:
Hackers Dupe Facial Recognition Systems With Creepy Mask
https://futurism.com/the-byte/hackers-dupe-facial-recognition-mask
Researchers at the AI firm Kneron were able to easily fool facial recognition systems at a variety of high security locations — including banks, border crossing checkpoints, and airports — using a high quality mask, Fortune reports.
They suggest that anybody with the capability of creating such a mask could easily fool these systems as well — a grave reality check for widespread facial recognition tech.
Using the mask, the researchers fooled payment systems by Chinese tech giants Alibaba and WeChat. Some systems were even easier to fool than that — they managed to get through a self-boarding terminal at Schiphol Airport in the Netherlands by using a picture of a face on a phone screen.
Tomi Engdahl says:
‘It’s Scary Stuff’: Cyber-Security Expert Says Recording-Device Investigation At Hyatt Hotel Is Not Uncommon
https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/
MINNEAPOLIS (WCCO) – Police are investigating a report of recording devices found in guest rooms at a Minneapolis hotel.
The cameras were discovered at the downtown Hyatt Regency on Saturday.
WCCO’s Esme Murphy spoke with a cyber-security expert who warned: Situations like this are both common and hard to detect.
“It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer where the voyeur is sitting,” Lanterman explained.
surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere.
Tomi Engdahl says:
A thief took Facebook hard drives with payroll data from a worker’s car
https://engt.co/2qNzv8o
They contained payment info for around 29,000 current and former workers.
It seems Facebook just couldn’t make it through to the end of the year without another privacy-related incident. Only this time around, its own employees are affected. A thief broke into a payroll worker’s car and stole hard drives that reportedly contained unencrypted payroll information for around 29,000 current and former US employees.
Tomi Engdahl says:
India shuts down internet once again, this time in Assam and Meghalaya
https://tcrn.ch/2rMpx7E
India maintained a shutdown of the internet in the states of Assam and Meghalaya on Friday, now into 36 hours, to control protests over a controversial and far-reaching new citizen rule.
The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example of a worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information.
Tomi Engdahl says:
Toys “R” Us Pivots From Teddy Bears to Surveillance
https://www.vice.com/en_us/article/8844×5/toys-r-us-pivots-from-teddy-bears-to-surveillance?utm_source=viceinstaus&utm_campaign=later-linkinbio-vice&utm_content=later-4420858&utm_medium=social
The once loved toy giant could have simply died a quiet death. Instead it has been co-opted and transformed into a private equity surveillance project.
Tomi Engdahl says:
Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you.
Tomi Engdahl says:
Man who had transplant finds out months later his DNA has changed to that of donor 5,000 miles away
https://www.nytimes.com/2019/12/07/us/dna-bone-marrow-transplant-crime-lab.html
Tomi Engdahl says:
It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
badly broken.
i386 architecture will be dropped starting with eoan (Ubuntu 19.10) https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
[oss-security] Lots of bugs in 32-bit x86 Linux entry code
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
It turns out that there are essentially no upstream development
resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
badly broken.
I’m not even going to try to enumerate individual bugs here. I’m
guessing that at least all x86_32 kernels that support PTI are
vulnerable to privilege escalation via a series of ESPFIX bugs, but
the missing segment override issue could go back years
Tomi Engdahl says:
If you get a call offering to fix your computer or PayPal/Bank/Tax or any other online account, it is a hoax. No competent professional will ever, ever, volunteer to fix your computer or account. Most like it is a scam to take your money. Do not download any remote control app on your phone from Play/App store to complete KYC or other stuff. Let your elderly friends and family member know it too. Stay safe and avoid scams.
Most competent professionals don’t even want you to know that they can fix your computer.
Tomi Engdahl says:
I don’t know if these are fake or not but they are funny as hell….https://m.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw/videos
Tomi Engdahl says:
Jailed Russian hacker: I hacked Democrats ‘under the command’ of Russian intelligence agents
https://www.businessinsider.com/russian-hacker-democrats-dnc-intelligence-2017-12?fbclid=IwAR1cPR_kzaIhysYkdfpsW46D0ucQhzPLpynBqubw_71tM3pVc8kR-zSgaRc&r=US&IR=T
A Russian hacker told a Moscow court in August that he was ordered to hack the Democratic National Committee by Russian intelligence agents at the FSB.
The hacker was arrested in mid-2016 on charges relating to his work with a notorious hacking collective.
A Russian hacker believed to be a member of a hacking collective called Lurk said in court over the summer that he was ordered by Russia’s security services, known as the FSB, to hack the Democratic National Committee.
Tomi Engdahl says:
Turkey is getting military drones armed with machine guns
Read more: https://www.newscientist.com/article/2227168-turkey-is-getting-military-drones-armed-with-machine-guns/#ixzz684jm3YzJ
Tomi Engdahl says:
https://www.forbes.com/sites/thomasbrewster/2019/12/10/google-chrome-will-now-warn-you-if-your-web-passwords-have-been-stolen/
Tomi Engdahl says:
https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/
Tomi Engdahl says:
FBI secretly demands a ton of consumer data from credit agencies. Now lawmakers want answers
https://tcrn.ch/2PiPHrH
Tomi Engdahl says:
Arduino Nano 33 IoT Debugging
Get your Nano 33 IoT board connected to full GDB debugging so you can solve those bugs and get your project released!
https://www.hackster.io/visualmicro/arduino-nano-33-iot-debugging-633ad8
Tomi Engdahl says:
WHITE HOUSE VETERANS
HELPED GULF MONARCHY
BUILD SECRET
SURVEILLANCE UNIT
https://www.reuters.com/investigates/special-report/usa-raven-whitehouse/
Tomi Engdahl says:
Ranked: The World’s Top 100 Worst Passwords
https://www.forbes.com/sites/daveywinder/2019/12/14/ranked-the-worlds-100-worst-passwords/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Tomi Engdahl says:
H:| Npm team warns of new ‘binary planting’ bug
https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/
Npm bug lets booby-trapped npm (JavaScript) packages plant or alter
binaries on the victim’s system. The team behind npm, the biggest
package manager for JavaScript libraries, has issued a security alert
yesterday, advising all users to update to the latest version (6.13.4)
to prevent “binary planting” attacks.. Also:
https://www.theregister.co.uk/2019/12/13/npm_path_traversal_bug/