Employers! Gain Access to Thousands of Elite Cybersecurity Professionals Each Month.

Metacurity has launched a jobs destination to offer our thousands of unique visitors each month access to infosec job opportunities. We offer employers cost-effective access to the elite cybersecurity personnel who visit Metacurity.  Post your jobs there now to find the scarce talent you seek.

Sponsor message. Interested in sponsoring Metacurity? Email us at info@metacurity.com and we’ll get back to you right away.


Latest News

7 months ago
Jay Peters / The Verge

Flaw in Encrypted Emails Sent From Apple Mail Allows Some Emails to Be Read in Plaintext, Apple Plans Fix in Future Update

Apple has known for months about a vulnerability in encrypted emails sent from Apple Mail that allows some small portion of those emails to be read in plaintext format, according to Apple IT specialist Bob Gendler. The flaw affects only those using macOS, Apple Mail who are also sending encrypted emails from Apple Mail. Gendler found that a file, snippets.db, in macOS database files that store information from Mail and other apps, which are then used by Siri to better suggest information to users. The snippets.db file stores the unencrypted text of emails. Gendler tested four most recent macOS releases, Catalina, Mojave, High Sierra, and Sierra, and could read encrypted email text from snippets.db on all of them. Apple says it plans a fix for the problem in a future software update.

7 months ago
Stephanie Findlay, Edward White, Song Jung-a / Financial Times

India’s Doomed Moon Mission Was Hit by a Cyberattack Expert Says, India’s Space Research Agency Denies It, Says Core Systems Are ‘100% Isolated’ From Internet

India’s space research agency was warned of a cyber attack in the middle of a landmark moon mission as part of a broader assault by suspected North Korean hackers, Yash Kadakia, founder of Security Brigade, a Mumbai-based cybersecurity company, says. The attack on the Indian Space Research Organisation (ISRO) was disclosed during its much-hyped Chandrayaan-2 moon mission in September that failed. ISRO confirmed that it was warned of a cyber attack but said it had found nothing suspicious after an investigation. However, the Nuclear Power Corporation of India recently initially issued a similar denial following reports of a hack on its Kudankulam plant before clarifying that malware had entered one of its networks. The ISRO official said its core systems are 100% isolated from the Internet. Kadakia said officials at ISRO were sent a phishing email and clicked on the links, spreading malware in the organization.

7 months ago
Catalin Cimpanu / ZDNet

Microsoft Issues Warning to Patch for BlueKeep Flaw Because Next Exploit Could Deliver Payloads More Damaging Than Coin Miners

Microsoft’s security team believes that more destructive BlueKeep attacks are on the horizon and urges users and companies that haven’t done so yet to implement patches for the flaw that enables the attacks. Microsoft issued the warning after security researchers detected the first-ever malware campaign that weaponized the BlueKeep vulnerability. Those attacks, which were detected last weekend, used BlueKeep to break into unpatched Windows systems and install a cryptocurrency miner, a relatively mild outcome given the fears surrounding BlueKeep.  However, those attacks might be the beginning. Microsoft said, “the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.”

ANNOUNCING METACURITY’S INFOSEC JOBS DESTINATION

Metacurity is now offering employers a unique way to reach out to thousands of elite infosec job candidates. Visit our infosec jobs destination today and take advantage of early-bird pricing.

(Sponsor message)


7 months ago
Sankalp Phartiyal / Reuters

Nineteen Indian WhatsApp Users Infected by NSO Group’s Pegasus Spyware Demand Government Explain Whether It Mounted Surveillance on Them

A group of nineteen Indian WhatsApp users whose phones were hacked by NSO Group spyware, including journalists and lawyers, demanded in an open letter that Prime Minister Narendra Modi’s government must explain whether it had mounted the surveillance on them. Facebook’s WhatsApp last week sued Israel’s NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users. Of those allegedly affected by NSO’s Pegasus spyware, 121 are in India. The Indian government has neither confirmed nor denied it purchased Pegasus software to spy on its citizens. In the open letter, the group said “We seek an answer from the Government of India about whether it was aware of any contract between any of its various ministries, departments, agencies, or any State Government, and the NSO Group or any of its contractors to deploy Pegasus or related malware for any operations within India.”

7 months ago
Brian Krebs / Krebs on Security

Hospitals Hit With Data Breach or Ransomware Can Expect to See Jump in Fatal Heart Attacks, Researchers

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, according to a study conducted by researchers at Vanderbilt University‘s Owen Graduate School of Management. The researchers used a Department of Health and Human Services (HHS) list of healthcare data breaches to drill down on data about patient mortality rates at more than 3,000 Medicare-certified hospitals, about 10 percent of which had experienced a data breach. After the data breaches or attacks, as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined.

7 months ago
Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard

Alphabet’s Independent Cybersecurity Startup Chronicle is Dead and Now Folded Back Into Google, CEO, CSO Have Left the Company

Chronicle, the independent startup that Google’s parent company Alphabet started in 2018, which was supposed to revolutionize cybersecurity, has been folded back into Google, within its Cloud department. Chronicle’s CEO and chief security officer have already left, and the chief technology officer is leaving later this month, and other employees are looking to go too. Chronicle was founded with the idea of leveraging machine learning and Alphabet’s near-endless well of security telemetry data about known malware and internet infrastructure. The goal was to use these resources to help security teams at companies detect intrusions that could threaten a company’s network.

7 months ago
AnnaMaria Andriotis / Wall Street Journal

Capital One CISO Will Leave the Company in Wake of Massive Data Breach

Following the financial institution’s massive data breach revealed in July, Capital One’s Chief Information Security Officer (CISO), Michael Johnson, will be moved out of his role and become an adviser. The bank will begin an external search for a replacement. Mike Eason, the chief information officer of Capital One’s commercial bank, was named interim CISO. The breach, which exposed the data of 106 million customers and cardholder applicants, was not discovered until an outside hacker tipped off the company 127 days after it occurred.

Podcasts

7 months ago
Cyber Speaks Live

Vets in Cybersecurity with Ryen Macababad of Microsoft

Sgt. Ryen Macababad from Microsoft discusses veteran transition to civilian life and the crisis facing our nation with veteran suicide rates.

7 months ago
Malicious Life Episode 60

B-Side: Lodrian Cherne On Stalkerware

In this out-of-band episode, we’re bringing you the full interview with Lodrina Cherne, a Digital Forensics Expert. Nate Nelson, our senior producer, spoke with Lodrina on Spyware : what is it, how it works, who sells it, and how you can avoid it yourself.

7 months ago
CYBER / Motherboard

How Google Torpedoed A Cybersecurity Rising Star

Originally a spawn of the Alphabet company—Google’s parent umbrella—Chronicle was a cybersecurity startup considered by many to be a game-changer. Lorenzo Francheschi-Bichierrai joins the show to tell us about the internal struggles of Chronicle.

7 months ago
ISC StormCast

Adobe Mobile SDK; QNAP Advice; Double ZIP Files; Ring Video Doorbell

Johannes Ullrich talks about Adobe Mobile SDK Update Fixes TLS Defaults. QNAP Updates QSnatch Advisory, Double Loaded ZIP Files Delivery Malware, Ring Video Doorbell Leaks Wifi Password.

7 months ago
Security Ledger

Episode 166: But Why, AI? ZestAI’s Quest to make Artificial Intelligence Explainable

Jay Budzik, the Chief Technology Officer at ZestAI, talks about that company’s push to make artificial intelligence decisions explainable and how his company’s technology is helping to root out synthetic identity fraud.

7 months ago
Recode Pivot

Twitter and the Saudis, Facebook’s ‘Switcharoo’, and the 2020 digital ads race

Kara Swisher and Scott Galloway talk about former Twitter employees who were spying on user data for Saudi Arabia. They also talk about a big leak of internal Facebook emails that further shows Facebook’s conniving use of data.

Cybersecurity Events

June 1-4POSTPONED - Gartner Security & Risk Management SummitNational Harbor, MDUSA
June 2-4POSTPONED - National Cyber SummitHuntsville, ALUSA
June 4-13Pen Test HackFest & Cyber Ranges Summit & TrainingVirtualVirtual
June 6POSTPONED BSides San AntonioVirtualVirtual
July 7-12CANCELED SteelconBirminghamUK
June 11-12POSTPONED - Area 41ZurichSwitzerland
June 12-14CircleCityConVirtualVirtual
June 13DisinfosecVirtualVirtual
June 20-21POSTPONED Blue Team ConChicago, ILUSA
July 25-Aug. 2HOPE: Hackers on Planet EarthVirtualVirtual
Aug. 4-5CANCELED BSides Las VegasLas Vegas, NVUSA
Aug. 1-6Virtual Black Hat USAVirtualVirtual
Aug. 6-9 DefconVirtualVirtual
Sept. 22-25WWHF DEADWOOD 2020Deadwood, SDUSA
Oct. 24-25GrrrconGrand Rapids, MIUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!”


Please Support Us!

We need the help and support of our individual readers as we develop new forms of corporate support, including sponsorships and an information security job hub. Please support Metacurity’s  by one of the two following methods. If you have any questions at all, please don’t hesitate to contact us at info@metacurity.com

Patreon

We’ve launched a Patreon campaign to help you support the Metacurity community. Check it out and earn lots of goodwill from your infosec peers and even get a great Metacurity sticker, among other patron rewards!

One-Time or Recurring Payments

If you like to support our effort to truly become the end of cybersecurity information overload, chip in and for less than a proverbial cup of coffee you will be doing your part to help Metacurity survive. Please select one of the options below to ensure that Metacurity sticks around as an important information security resource.