Get Your List of Top Infosec Journalists and Sources Today!

Become a Patron of Metacurity today and gain access to our exclusive quarterly lists ot top infosec journalists and resources.

Sponsor message. Interested in sponsoring Metacurity? Email us at info@metacurity.com and we’ll get back to you right away.


Latest News

2 months ago
Raphael Satter, Humeyra Pamuk / Reuters

U.S. State Department Was Behind Those Puzzling Text Messages Sent to Users in Iran and Russia Offering $10 Million Reward for Nation-State Hacker Identities

The U.S. State Department has admitted it was behind confusing and highly ridiculed text messages sent to people in Iran and Russia, and seemingly elsewhere in the world, offering them a $10 million reward for information about nation-state hackers attempting to interfere in the U.S. election. The State Department said its goal was to raise awareness of the award internationally.

2 months ago
Kashmir Hill / New York Times

Former Employees Say Online Therapy App Talkspace Applies Data Mining Techniques to Patients’ Chat Transcripts, Gave Employees Burner Phones to Skirt Google App Store’s False Review Screening Mechanism

Online app Talkspace, which lets people talk with a licensed therapist throughout the day, has questionable privacy practices and treats patient chat logs as data mines, according to former employees. Talkspace has been analyzing transcripts to develop bots that monitor and augment therapists’ work, the former employees say. The company also reportedly uses the data to sell Talkspaces products better. Since the pandemic and recession began, Talkspace’s client base has soared. But in 2015 and 2016, the company purportedly also sought to improve its rating by asking its workers to write positive reviews, even going so far as to give employees “burner” phones to help evade the Google app stores’ techniques for detecting false reviews.

2 months ago
Catalin Cimpanu / ZDNet

Hackers Deface Tens of Reddit Channels to Show Pro-Trump Messages, NFL, Disneyland, Boston Celtics Channels Affected

A massive hack hit Reddit after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The Reddit channels defaced include those for NFL, many TV shows, The Pirate Bay, Disneyland, Disney’s Avengers, Boston Celtics, several city channels, and more. The channels have combined tens of millions of subscribers. Although Reddit hasn’t issued any details on the hack, the massive scale of the incident suggests that the intruder(s) might have gained access to a high-privileged moderator or admin account. Channel owners who are having problems have been asked to report problems in a Reddit ModSupport thread. The Reddit hack also comes after Reddit banned r/The_Donald, a channel for Donald Trump supporters.

New for Patrons Only! Five Easy Questions

New for Metacurity’s Patrons!

Metacurity is proud to offer our patrons original content only available to upper tier Patreon supporters.  Five Easy Questions is a new feature that poses five questions to industry influencers, starting with infosec journalist Catalin Cimpanu.

Sign up today and gain insight into what top influencers think is important in information security.

(Sponsor message)


2 months ago
Troy Hunt / TroyHunt.com

Troy Hunt Open Sources ‘Have I Been Pwned,’ Asks the Community to Help Support the Effort

On the heels of an aborted merger and acquisition initiative, highly respected cybersecurity expert Troy Hunt has decided open source his ground-breaking Have I Been Pwned code base. He said he is turning over the code to the public “for the betterment of the project and frankly for the betterment of everyone who uses it.” He said the project solely depends on him and is asking the community to help support the effort.

2 months ago
Sergiu Gatlan / Bleeping Computer

Flaws in Qualcomm’s Snapdragon DSP Chip Could Allow Attackers to Control Almost 40% of Smartphones

Six security vulnerabilities were found in Qualcomm’s Snapdragon chip Digital Signal Processor (DSP) chip that could allow attackers to take control of almost 40% of all smartphones, spy on their users, and create un-removable malware capable of evading detection, researchers at Check Point say. The chips can be found in nearly every Android phone, including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus, and more. Qualcomm has already patched the six security flaws found to affect the Qualcomm Snapdragon DSP chip; mobile vendors still have to implement and deliver security fixes to their devices’ users.

2 months ago
Andy Greenberg / Wired

Chinese State-Sponsored Hacking Group ‘Operation Skeleton Key’ Has Compromised at Least Seven Taiwanese Chip Firms

A hacking campaign called Operation Skeleton Key has compromised at least seven Taiwanese chip firms over the past two years, researchers at Taiwanese cybersecurity firm CyCraft say. The deep intrusions, which use a skeleton key injector” technique, appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. CyCraft previously called the group of hackers Chimera, the company’s new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom.

2 months ago
Zack Whittaker / TechCrunch

More Than a Dozen Vulnerabilities in Mercedes-Benz E-Class Cars Allowed Security Researchers to Remotely Open Doors, Start Engine

More than a dozen vulnerabilities in a Mercedes-Benz E-Class car allowed security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, to remotely open its doors and start the engine. The 19 security vulnerabilities are now fixed but could have affected as many as two million Mercedes-Benz connected cars in China.

2 months ago
Dan Goodin / Ars Technica

Researchers Who Intercepted Signals of Eighteen Satellites Says Satellite Communications Put Millions of People at Risk

Satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced Oxford Ph.D. candidate James Pavur showed. Pavur intercepted the signals of 18 satellites beaming Internet data to people, ships, and planes in a 100 million-square-kilometer swath that stretches from the United States, Caribbean, China, and India. Pavur said current solutions such as VPNs are ineffective for satellite communications and that he is presenting his findings so that the community can devise solutions.

Podcasts

2 months ago
BBC Tech Tent

The future for TikTok in the United States

Why the popular video app faces being bought out or banned in the US. Chris Fox is joined by the BBC’s North America technology reporter James Clayton to discuss the history of the app and why Donald Trump appears determined to ban it. Alex Stamos, former chief security officer at Facebook, discusses whether TikTok is really a security concern. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, explains why banning an app is tough to do. Vishal Shah from Instagram touts his TikTok alternative ‘Reels’ – one of the platforms hoping to attract TikTok users.

2 months ago
ISC StormCast

FTCODE Ransomware Resurfaces; MSFT Defender vs hosts file; MSFT Print Spool Vulnerabilities

Johannes Ullrich talks about FTCode Ransomware Resurfaces, Microsoft Anti-Malware Flagging Host File Manipulation, Reviving older printer vulnerablity.

2 months ago
Cyber Security Today

August 7, 2020 – How to avoid going to fake web sites

Ways to make sure you go where you want, not to sites created by crooks.

Cybersecurity Events

Aug. 25SecureITVirtualVirtual
Aug. 27SecureWorld Atlanta - Charlotte VirtualVirtual
Sept. 2-3The 15th International Conference on Critical Information Infrastructures Security 2020VirtualVirtual
Sept. 6Arab Security ConferenceCairoEgypt
Sept. 7-9ConfidenceVirtualVirtual
Sept. 8Billington Cybersecurity ConferenceVirtualVirtual
Sept. 7-115th IEEE European Symposium on Security and Privacy VirtualVirtual
Sept. 15-18AUSCERT2000VirtualVirtual
Sept. 18-10C0C0NVirtualVirtual
Sept. 22-28GISECDubaiDubai
Sept. 23DC METRO 2020 Virtual Cyber Security SummitVirtualVirtual
Oct. 6-7CyberconVirtualVirtual
Oct. 19-22ICS Security ConferenceVirtualVirtual
Oct. 24-25GrrrconGrand Rapids, MIUSA
Oct. 29GrayHatVirtualVirtual


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s my flash briefing!”


Please Support Us!

We need the help and support of our individual readers as we develop new forms of corporate support, including sponsorships and an information security job hub. Please support Metacurity’s  by one of the two following methods. If you have any questions at all, please don’t hesitate to contact us at info@metacurity.com

Patreon

We’ve launched a Patreon campaign to help you support the Metacurity community. Check it out and earn lots of goodwill from your infosec peers and even get a great Metacurity sticker, among other patron rewards!

One-Time or Recurring Payments

If you like to support our effort to truly become the end of cybersecurity information overload, chip in and for less than a proverbial cup of coffee you will be doing your part to help Metacurity survive. Please select one of the options below to ensure that Metacurity sticks around as an important information security resource.