Get Your List of Top Infosec Journalists and Sources Today!

Become a Patron of Metacurity today and gain access to our exclusive quarterly lists ot top infosec journalists and resources.

Sponsor message. Interested in sponsoring Metacurity? Email us at info@metacurity.com and we’ll get back to you right away.


Latest News

6 hours ago
Catalin Cimpanu / ZDNet

Dangerous Remote Code Execution Vulnerability in F5’s Popular BIG-IP Networking Product Is Very Likely to Be Exploited, Cyber Command Says Don’t Delay Patching Over the Weekend

One of the world’s largest provider of enterprise networking gear, F5, published a security advisory this week warning customers to patch a dangerous security flaw in the company’s BIG-IP product that is very likely to be exploited. BIG-IP is a highly popular networking product in use by government networks, ISPs, cloud providers, and enterprise customers around the globe. Tracked as CVE-2020-5902, the BIG-IP bug is a remote code execution vulnerability that was found and privately reported to F5 by Mikhail Klyuchnikov, a security researcher at Positive Technologies. U.S. Cyber Command warned in a tweet not to delay implementing the patches for the bug over the holiday weekend.

6 hours ago
Stephen Nellis, Pareseh Dave / Reuters

Groups Backed by Google and Facebook Criticize Apple’s Plan to Require Apps to Seeking Additional Permission Before Tracking Them Across the Web

Sixteen marketing associations, some of which are backed by Facebook and Alphabet’s Google, criticized Apple’s plans to require apps in its upcoming iOS 14 to seek additional permission from users before tracking them across other apps and websites. Apple announced last week features in its forthcoming operating system for iPhones and iPads that will require apps to show a pop-up screen before they enable a form of tracking commonly needed to display personalized ads.

6 hours ago
Catalin Cimpanu / ZDNet

Like TikTok, LinkedIn Was Spotted Accessing Shared Clipboard Feature in Upcoming iOS 14 Beta Feature

A bug in LinkedIn’s new beta version of iOS 14 allowed the app to read the clipboard content after every user keypress, even accessing the shared clipboard feature that enables iOS apps to read content from a user’s macOS clipboard, a user discovered. For the new iOS 14 coming in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using the new mechanism, users discovered last week that TikTok was likewise reading users’ content from their clipboards. LinkedIn said the spotted behavior was a bug and not an intended feature and plans to issue a fix.

ANNOUNCING METACURITY’S INFOSEC JOBS DESTINATION

Metacurity is now offering employers a unique way to reach out to thousands of elite infosec job candidates. Visit our infosec jobs destination today and take advantage of early-bird pricing.

(Sponsor message)


19 hours ago
Francois Murphy / Reuters

Iran Said It Will Retaliate Against Any Country That Carries Out Cyberattacks Following Fire at Natanz Uranium Enrichment Plant

Iran said it would retaliate against any country that carries out cyberattacks on its nuclear sites after a fire broke out at its Natanz plant, which some Iranian officials said may have been caused by cyber sabotage. That site, much of which is underground, is the location of one of several Iranian facilities monitored by inspectors of the International Atomic Energy Agency (IAEA), the U.N. nuclear watchdog. It is also the location of the world’s first physically destructive cyberattack, Stuxnet, engineered by Israel and the United States. One official said the attack had targeted a centrifuge assembly building, referring to the delicate cylindrical machines that enrich uranium, and said Iran’s enemies had carried out similar acts in the past.

1 day ago
Cristiano Lima / Politico

Senate Committee Passes Revamped Version of EARN IT Act, Attempts to Defuse Criticism of Anti-Encryption Effect, Still Seeks to Pare Back Section 230

The Senate Judiciary Committee passed a revamped version of the EARN IT Act, a measure ostensibly aimed at removing liability protections for online businesses that host child porn, but that in effect would have jeopardized the protections for end-to-end encryption across the web. However, the panel also approved an amendment by Chair Lindsey Graham (R-SC) that could defuse attempts to portray the bill as an attack on encryption. The committee also unanimously approved an amendment by Sen. Patrick Leahy (D-VT) intended to “exclude encryption” as something that could lead to “increased liability” for companies. Yet the bill  still encourages state lawmakers to look for loopholes to undermine end-to-end encryption, such as demanding that messages be scanned on a local device before they get encrypted and sent along to their recipient, according to the EFF. The bill also seeks to pare back strong industry legal liability protections known as Section 230 of the Communications Decency Act of 1996.

2 days ago
Joseph Cox / Motherboard

Authorities Bust Organized Crime Members Across Europe Following a Sweeping Operation by Europol, Eurojust That Penetrated and Monitored Encrypted Chat Network EncroChat

Law enforcement authorities across Europe and the UK busted organized crime members as a result of a joint investigation by Europol and Eurojust to dismantle EncroChat, an encrypted phone network widely used by criminal networks. French authorities penetrated the EncroChat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and quietly read the users’ communications for months. The interception of EncroChat messages came to an end on June 13, 2020, when the company realized that a public authority had penetrated the platform. At the time it realized it had been subject to a sophisticated breach, an associate of EncroChat sent an email to users saying, “Due to the level of sophistication of [an] attack and the malware code, we can no longer guarantee the security of your device.” EncroChat claims it had legitimate users as well as those busted by authorities. French authorities said they hope “users claiming to be of good faith and wishing to have their personal data deleted from the legal proceedings can send their request to the investigation department.” EncroChat had 60,000 users worldwide and 10,000 in the UK. At least 700 people were arrested in the UK, seizing £54m in cash and tonnes of drugs in what authorities called the UK’s “biggest and most significant” operation ever against organized crime.

2 days ago
Catalin Cimpanu / ZDNet

A Hacker Has Left Ransom Notes on Nearly 23,000 or Nearly Half of MongoDB Databases Accessible Online

A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, Victor Gevers, a security researcher with the GDI Foundation, has confirmed. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment. The hacker threatens to leak the victims’ stolen data within two days if no payment is made and threatens to contact the victim’s local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.

2 days ago
Diane Bartz / Reuters

Advocacy Groups From Around the Globe Urge Regulators to Dig Deeper Into Google-Fitbit Deal Given Concerns of Google’s Growing Clout

Twenty advocacy groups from the United States, Europe, Latin America and other areas signed a statement urging regulators to be wary of Google’s $2.1 billion bid for fitness tracker company Fitbit because of privacy and competition concerns. The groups, which include Public Citizen, Access Now from Europe and the Brazilian Institute of Consumer Defense, said that Google’s clout in the digital world would expand as a result of the deal and give Google access to such intimate information about users as how many steps they take daily, the quality of their sleep and their heart rates.  Google said it believes the combination of Google’s and Fitbit’s hardware efforts will increase competition in the wearable technology sector.

2 days ago
Queenie Wong / CNET

Facebook Says It Exposed User Data to Thousands of Developers In Violation of Updated Policy

Facebook admitted that  it shared user data with thousands of developers even after access to the data should have expired. The social network said it fixed the issue, but the mistake allowed an estimated 5,000 developers to continue receiving user data for a longer time than expected. Facebook said it recently discovered that apps continued to receive data from the social network even if a user wasn’t active on the developer’s app for 90 days, contrary to a policy it adopted in 2018.

2 days ago
Sergiu Gatlan / Bleeping Computer

Evil Corp Crew Hacked Dozens of U.S. Newspaper Websites As Part of WastedLocker Ransomware Campaign

The Evil Corp malware crew hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework, Symantec said in an update to its report on the WastedLocker ransomware attacks unleashed by the group. The company which owns the compromised news sites was alerted, and the malicious code was removed.

3 days ago
Rachel Lerman / Washington Post

California’s Consumer Privacy Law Goes Into Effect Today Despite Industry Calls for Delay Due to Coronavirus

The California Consumer’s Privacy Ac (CCPA)t, considered the toughest law for digital privacy in the U.S., will finally be enforced today despite industry calls for the state to hold off because of the novel coronavirus pandemic, Attorney General Xavier Becerra announced. The Act went into effect on January 1 after facing stiff headwinds from industry and lawmakers and gave companies six months before enforcement began. Becerra’s office is now able to start sending businesses warnings that they might be in violation of the law and give them 30 days to fix the issues before facing possible fines or lawsuits.

3 days ago
Sean Lyngaas / Cyberscoop

Mobile Malware Operators FakeSpy Have Been Impersonating Postal Services in Attacks in the U.S., China and Europe

Mobile data-stealing malware operators known as FakeSpy have been impersonating various postal services in attacks on users in the U.S., China, and Europe in the last several weeks, expanding beyond their initial footprint of South Korea and Japan, researchers at Cybereason report.  The attackers have masqueraded as the U.S. Postal Service, along with couriers from Germany to Britain to Taiwan. Cybereason believes that FakeSpy operatives are based in China.

3 days ago
Paul Mozur and Nicole Perlroth / New York Times

Chinese Hacking Campaign Against China’s Uighur Minority Began in 2013, Eight Types of Malware Used to Hack Phones, Keyboards and Apps

A Chinese hacking campaign against the country’s largely Muslim Uighur population designed to pull in data from the Uighur’s phones began in earnest in 2013, according to researchers at Lookout Security. Lookout found links between eight types of malicious software, some previously known, others not, that show how groups connected to China’s government hacked into Android phones by the Uighurs on a scale far more massive than had been realized. The hackers hid their tools in special keyboards used by the minority group, some of which could remotely turn on a phone’s microphone, record calls or export photos, phone locations, and conversations on chat apps. Others were embedded in apps that hosted Uighur-language news, Uighur-targeted beauty tips, religious texts like the Quran, and details of the latest Muslim cleric arrests.

3 days ago
Kieren McCarthy / The Register

Technology Consultant Sues AT&T Claiming Staff Allowed Criminals to Steal $1.9 Million in SIM Swapping Scam

AT&T has been sued for a second time over allegations its staff gave thieves control of a specific individual’s cellphone number to steal a large chunk of cryptocurrency in a SIM swap scam. Technology consultant Seth Shapiro has filed a $1.9 million claim against the mobile phone giant for allowing its staff to port his phone number to the hackers’ SIM. Shapiro said he noticed in May that his phone was no longer connected to AT&T’s network and later learned that criminal hackers gained control over his phone. He purchased a new phone reportedly at the request of AT&T and then learned the hijackers hacked that account too via SIM swapping and stole $1.9 million in cryptocurrency from his accounts. A criminal investigation led to charges against two AT&T employees who, it is alleged, assisted in shifting Shapiro’s number to the crooks.

3 days ago
Catalin Cimpanu / ZDNet

Microsoft Issues Two Out-of-Band Patches to Fix Windows Bugs That Can Be Exploited With Specially Crafted Image

Microsoft issued two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library. Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions. Microsoft said the two security flaws can be exploited with the help of a specially crafted image file. The image when opened inside apps that use the built-in Windows Codecs Library to handle multimedia content, then attackers would be allowed to run malicious code on a Windows computer and potentially take over the device.

4 days ago
Catalin Cimpanu / ZDNet

New Ransomware Strain Targeting macOS Users ‘EvilQuest’ Can Give Attacker Full Control Over Infected Host

A new ransomware strain targeting macOS users named OSX.EvilQuest differs from previous macOS ransomware threats because besides encrypting the victim’s files, it also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. With these capabilities, an attacker can maintain full control over an infected host. Some evidence indicates that EvilQuest has been distributed in the wild since the start of June 2020. Some researchers have found EvilQuest hidden inside pirated macOS software uploaded on torrent portals and online forums. Patrick Wardle of Objective-See, who has created several open-source macOS security tools, said that a tool he released in 2016, named RansomWhere, can detect and stop EvilQuest from running. Thomas Reed of Malwarebytes said that Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

4 days ago
Zack Whittaker, Devin Coldewey / TechCrunch

FCC Rules That Chinese Telecom and Tech Giants Huawei and ZTE Are ‘National Security Threats’

Continuing the U.S. Government’s crackdown on Chinese tech suppliers, the Federal Communication Commission (FCC) has declared Chinese telecom giants Huawei and ZTE “national security threats,” a move that will formally ban U.S. telecom companies from using federal universal service funds to buy and install the companies’ technology. FCC chairman Ajit Pai said that the “weight of evidence” supported the decision. Federal agencies and lawmakers have long claimed that because the tech giants are subject to Chinese law, they could be obligated to “cooperate with the country’s intelligence services.”

4 days ago
Brian Krebs / Krebs on Security

COVID-19 Quarantine Has Massively Decreased Demand for Account Information That Goes Into Physical Counterfeit Credit Cards

Months of COVID-19 quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards with far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data, according to researchers at Gemini Advisory. At the same time, the supply of card-present data has remained steady based on data from a 10-month-long card breach at dozens of fast-food Chicken Express locations throughout Texas and other southern states. One concern is that hackers may have established beachheads in a number of smaller online merchants and are simply biding their time.

4 days ago
Catalin Cimpanu / ZDNet

Google Removed Twenty-Five Android Apps From Play Store That Were Caught Stealing Facebook Credentials

Google has removed 25 Android applications from the Google Play Store that were caught stealing Facebook credentials, according to French cybersecurity firm Evina. Before they were taken down, the apps, which masqueraded as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. were collectively downloaded more than 2.34 million times. Google removed the apps earlier this month, after verifying the French security firm’s findings.

4 days ago
Ravie Lakshmanan / The Hacker News

APT Group StrongPity (Prometheum) Has Developed New Tactics to Control Compromised Systems, Recently Launched Watering Hole Attacks Against Kurds in Syria, Turkey

The advanced persistent threat group called StrongPity, also known as Prometheum, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender reports. The group has launched watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The attacks were likely politically motivated given that they coincided, with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring) last October. Although Syria and Turkey may be their recurring targets, the threat actor behind StrongPity appears to be expanding their victimology to infect users in Colombia, India, Canada, and Vietnam using tainted versions of Firefox, VPNpro, DriverPack, and 5kPlayer.

Podcasts

2 days ago
Smashing Security

185: Bieber fever, Roblox, and ransomware

Graham Cluley and Carole Theriault, joined this week by John Hawes, talk about the week’s news including who’s been dressing Robox players up in red baseball caps? which ransomware victim’s negotiations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels…

2 days ago
CYBER / Motherboard

Is America Still Number One At Hacking?

Motherboard reporter Lorenzo Francheschi Bicchiarrai and host Ben Makuch are discussing America’s standing among the world powers of cyberspace.

2 days ago
ISC StormCast

DNS Exfil in PoS Malware; EvilQuest Update; More Tools – Less Security

Johannes Ullrich talks about Alina PoS Malware Exfiltrating Data via DNS, Evil Quest “Ransomware” Update, IBM Cyber Resilient Organziation Report.

2 days ago
Dale Peterson / Unsolicited Podcast

ICS Security – Month In Review – June

Michael Toecker, Digital Bond alum and Founder of Context Industrial Security, joins Dale on the June month in review podcast.

3 days ago
Risky Business #590

Cyber Command sounds alarm on PAN’s yolo checkbox of doom

Patrick Gray and Adam Boileau talk about the week’s security news, including Inside the new American “e2ee busting” bill, Julian Assange hit with (another) superseding indictment, Trustwave uncovers sneaky Chinese accounting software backdoor, OMFG Palo Alto WTF and more.

3 days ago
Security Now 773

Ripple20 Too

Steve Gibson and Leo Laporte talk about the week’s top news including Congress wants to kill encryption & face recognition, New information about Ripple20, The Facial Recognition and Biometric Technology Moratorium Act wants to kill face recognition, The Lawful Access to Encrypted Data Act wants to kill encryption and more.

Spotlight











Cybersecurity Events

June 25Breaking Security AwarenessVirtualVirtual
June 29Middle East CISO ForumVirtualVirtual
June 30FutureConVirtualVirtual
July 1SANS Firehose TrainingVirtualVirtual
July 8ICS LockdownVirtualVirtual
July 11BSides San AntonioVirtualVirtual
July 20-24DFRWSVirtualVirtual
July 25-Aug. 2HOPE: Hackers on Planet EarthVirtualVirtual
Aug. 4-5CANCELED BSides Las VegasLas Vegas, NVUSA
Aug. 1-6Virtual Black Hat USAVirtualVirtual
Aug. 6-9 DefconVirtualVirtual
Sept. 22-25WWHF DEADWOOD 2020Deadwood, SDUSA
Oct. 24-25GrrrconGrand Rapids, MIUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!”


Please Support Us!

We need the help and support of our individual readers as we develop new forms of corporate support, including sponsorships and an information security job hub. Please support Metacurity’s  by one of the two following methods. If you have any questions at all, please don’t hesitate to contact us at info@metacurity.com

Patreon

We’ve launched a Patreon campaign to help you support the Metacurity community. Check it out and earn lots of goodwill from your infosec peers and even get a great Metacurity sticker, among other patron rewards!

One-Time or Recurring Payments

If you like to support our effort to truly become the end of cybersecurity information overload, chip in and for less than a proverbial cup of coffee you will be doing your part to help Metacurity survive. Please select one of the options below to ensure that Metacurity sticks around as an important information security resource.