Daily NCSC-FI news followup 2019-10-19

Schneier: Why Technologists Need to Get Involved in Public Policy

www.schneier.com/blog/archives/2019/10/why_technologis.html

US stopped using floppy disks to manage nuclear weapons arsenal

www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/ The system was created in 1968 and has been running for nearly 50 years on top of an IBM Series/1 mainframe, using 8-inch floppy disks as its storage medium.

US.GOV: Mind Your Own Business Act – Execs Could Face Jail Time For Privacy Violations

threatpost.com/execs-jail-time-privacy-violations/149334/ In addition to fines, senior executives who knowingly lie to the FTC could face up to 10- to 20-year criminal penalties under the act.

Debug mode in popular webdev tool Laravel exposes credentials for hundreds of websites, including Donald Trumps

www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/

Microsoft Tackles Election Security with Bug Bounties

threatpost.com/microsoft-election-security-bug-bounties/149347/ Researchers can earn up to $15,000, depending on the severity of the bug found.

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/

UC Browser app abuses may have exposed 500 million users

www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users

Vatican sponsored eRosary Application Account Takeover

fidusinfosec.com/clicktopray-erosary-account-takeover/ See also

www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/

Redaman banking malware C&C servers hidden inside the Bitcoin blockchain

research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/

SIMATIC IPC – Security Guidelines for Linux systems

support.industry.siemens.com/cs/document/109768383/simatic-ipc-security-guidelines-for-linux-systems

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.