Latest News

2 weeks ago
Thomas Brewster / Forbes

Aventura Technologies and Current and Former Employees Hit With Criminal Charges for Illegally Selling Chinese Surveillance and Security Equipment, Luxury Yacht and Financial Accounts Seized

Federal prosecutors filed charges against Long Island, New York-based technology company Aventura Technologies, along with seven current and former employees, including CEO Frances Cabasso, claiming it had exposed the U.S. government and private customers to security risks by illegally importing and selling surveillance and security equipment from China. Although Aventura claimed its technology was made in the U.S., much of it appeared to be banned technology from China. The criminal complaint also alleged the Cabassos laundered the money they made with the relabelled Chinese kit. Government agents raided the firm and seized the Cabassos 70-foot luxury yacht and froze $3 million in 12 financial accounts that contained “proceeds from the defendants’ unlawful conduct.”  Aventura’s managing director Jack Cabasso and his wife were among those charged.

2 weeks ago
Jeff Stone / Cyberscoop

Flaw in Amazon’s Ring Video Doorbell Pro IoT Can Allow Attacker to Intercept Wi-Fi Credentials and Attack Household Network

An issue in Amazon’s Ring Video Doorbell Pro IoT device allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a broader attack against the household network, researchers at Bitdefender report. One primary reason the credentials are interceptable is that the device receives the user’s network credentials from the smartphone app, with the data exchange performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers. A hostile actor can also trigger the reconfiguration of the Ring Video Doorbell Pro by continuously sending de-authentication messages so that the device gets dropped from the wireless network.

2 weeks ago
Catalin Cimpanu / ZDNet

Echo Speakers, Samsung and Sony Smart TVs, Xiaomi Mi9 Phone and Routers Hacked on First Day of Pwn2Own, Bug Hunters Earned $195,000

Amazon Echo speakers, Samsung and Sony smart TVs, the Xiaomi Mi9 phone, and Netgear and TP-Link routers were hacked on the first day of the Pwn2Own hacking contest in Tokyo, with bug hunters earning a total of $195,000. It appears so far that Google Nest cameras and Facebook Portal hubs will survive this year’s competition because no security researchers announced plans to attempt exploits on these devices. Team Fluoroacetate, made up of Amat Cama and Richard Zhu, the winners of the last two Pwn2Own competitions, successfully hacked the Amazon Echo, as well as Sony and Samsung smart TVs, and the Xiaomi Mi9 smartphone.

2 weeks ago
Brian Fung / CNN

Facebook Sued by California for Failing to Respond to Subpoenas Over Its Privacy Practices, 18-Month Investigation Revealed

In a filing in California Superior Court, California Attorney General Xavier Becerra revealed the state has been conducting an 18-month investigation into Facebook’s privacy practices and accused the social media giant of failing to provide answers to 19 sets of questions and records. Becerra also accused Facebook of failing to provide copies of requested executive communications.  California’s investigation into Facebook has involved two subpoenas containing more than a dozen sets of questions and several requests for documents related to privacy settings, developer policies, and communications involving top executives. The investigation began as an inquiry into the Cambridge Analytica scandal and expanded over time into whether Facebook violated California law.

Podcasts

2 weeks ago
Threatpost

Emotet Resurgence Continues With New Tactics, Techniques and Procedures

Since Emotet came out of hibernation last month, researchers are seeing the banking trojan’s authors take on a consistent trend of new evasion tactics and social engineering techniques. Suweera De Souza, principal security research analyst with Netscout, talks about some some of the new tactics and techniques that she has observed Emotet using since its reemergence just last month.

2 weeks ago
NPR

2 Ex-Twitter Employees Charged With Spying For Saudi Arabia

NPR’s Rachel Martin talks to Mike Chapple, a former computer scientist with the NSA, who says Twitter should have known that its employees were working for a foreign power.

2 weeks ago
Cyberlaw Podcast

Sandworm and the GRU’s global intifada

This episode is a wide-ranging interview with Andy Greenberg, author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.

2 weeks ago
Smashing Security

153: Cybercrime doesn’t pay (but Uber does)

Graham Cluley and Carole Theriault, joined this week by Lisa Forte talk about the cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the center of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

2 weeks ago
ISC StormCast

Google PlayStore Security; Xen and npcap Patches; TrendMicro Insider Issue; SANS Ouch Newsletter

Johannes Ullrich talks about Google Improving PlayStore Security With Partners, Xen Security Advisories, npcap pool corruption vulnerability, TrendMicro Employee Selling Customer Data to Tech Support Scammers.

2 weeks ago
Wall Street Journal Tech News Briefing

Google Buys Fitbit. What Does It Mean for Users’ Data?

Google has bought wearables device maker Fitbit for 2.1 billion dollars. The search giant wants to become a major player in health data. But the Wall Street Journal’s Sarah E. Needleman says the deal raises questions about how users’ health and wellness data will be used.

Cybersecurity Events

Nov. 4-9SANS Paris November 2019ParisFrance
Nov. 7-9POC2019SeoulKorea
Nov. 9BSides CharlestonCharleston, SCUSA
Nov. 11-16SANS London November 2019LondonUK
Nov. 15-17SecureWV 2019 Hack3rCon XCharleston, WVUSA
Nov. 16-28SANS Gulf Region 2019DubaiUAE
Nov. 17-20FS-ISAC Fall SummitWashington, DCUSA
Nov. 18SANS AustinAustin, TXUSA
Nov. 18Securing Mobility SummitLos Angeles, CAUSA
Nov. 18-25Pen Test HackFest Summit & TrainingBethesda, MDUSA
Nov. 18-20NICE ConferencePhoenix, AZUSA
Nov. 18-23SANS Munich November 2019MunichGermany
Nov. 20-21Infosecurity North America and ISACANew York, NYUSA
Nov. 20-21ISC EastNew York, NYUSA
Nov. 21CyberwarconArlington, VAUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!


Support Us!

If you enjoy Metacurity, let us know by becoming a patron. For less than the price of a cup of coffee per day, you can ensure that we continue to deliver you the best of information security news from across the web. We need help in support our growing hosting charges and have great plans for delivering even more dynamic and useful information.Become a Patron!