An Update on Android TLS Adoption
security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html Today, were happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default.
Critical Android Flaw Leads to Permanent DoS
threatpost.com/google-critical-android-permanent-dos-flaw/150764/ The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.
Smith & Wesson Web Site Hacked to Steal Customer Payment Info
Ryuk Ransomware Is Making Victims Left and Right
www.bleepingcomputer.com/news/security/ryuk-ransomware-is-making-victims-left-and-right/ While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware.. The company hit by the malware is T-System based in Dallas, Texas, and it is currently working to recover from the attack. At the moment of writing, company systems are offline.
Russian FaceApp selfie-slurper poses ‘potential counterintelligence threat’, FBI warns
www.theregister.co.uk/2019/12/03/fbi_faceapp_warning/ Netizens who fire up FaceApp for fun may be unknowingly putting national security at risk, according to the FBI.
Microsoft: Spear-phishing email has doubled in a year, so here’s how to beat it
www.zdnet.com/article/microsoft-spear-phishing-email-has-doubled-in-a-year-so-heres-how-to-beat-it/ Microsoft warns that advanced spear-phishing attacks have become so targeted that it refers to them internally as ‘laser’ phishing.
Avast and AVG Firefox Extensions Pulled from Mozilla Addons Site
www.bleepingcomputer.com/news/software/avast-and-avg-firefox-extensions-pulled-from-mozilla-addons-site/ Avast and AVG Firefox Extensions Pulled from Mozilla Addons Site
Microsoft OAuth Flaw Opens Azure Accounts to Takeover
threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/ Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover.
When Stalkerware Stalks the Enterprise
securityintelligence.com/articles/when-stalkerware-stalks-the-enterprise/ Stalkerware apps can track ones location, record audio through the phones microphone, copy and transmit text messages, send call logs, record web browsing activity, record keystrokes and more and all of it can occur without the phone users knowledge.
Facebook Ads Manager Targeted by New Info-Stealing Trojan
www.bleepingcomputer.com/news/security/facebook-ads-manager-targeted-by-new-info-stealing-trojan/ Attackers are distributing an information-stealing Trojan disguised as a PDF reader that steals Facebook and Amazon session cookies as well as sensitive data from the Facebook Ads Manager.
AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things
www.theregister.co.uk/2019/12/03/aws_s3_buckets/ “Access Analyzer for S3 is a new feature that monitors your access policies, ensuring that the policies provide only the intended access to your S3 resources,”. A new single-click option will block public access hopefully letting you avoid unauthorised use of the data before it is too late. The tool will also let you see which policy or ACL allows the access so that you know what to fix.
EFF warns of one-way mirror in the world of corporate online spying
www.zdnet.com/article/eff-warns-of-one-way-mirror-in-the-world-of-corporate-online-spying/ The Electronic Frontier Foundation (EFF) has published an extensive study into the hidden techniques and methods used by online service providers to collect and track our personal information and activities.
Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel
www.schneier.com/blog/archives/2019/12/rsa-240_factore.html We are pleased to announce the factorization of RSA-240, from RSA’s challenge list, and the computation of a discrete logarithm of the same size (795 bits)