Search Results for “Catalin Cimpanu”


March 25, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Now Blocks All Third-Party Cookies by Default With the Release of Safari 13.1

Starting with the release of Safari 13.1 and through updates to the Intelligent Tracking Prevention (ITP) privacy feature, Apple now blocks all third-party cookies in Safari by default, thwarting the ability of online advertisers and analytics firms to use browser cookie files to track users as they visit different sites across the internet. Apple claims, however, that it was already blocking most third-party cookies anyway. Apple is following in the Tor browser footsteps to implement this privacy measure. Google’s Chrome v80 released in February supports third-party cookie blocking but won’t be fully rolled out to Chrome users until 2020.

Related: iPhone Hacks, The Verge, MacRumors, iMoreiMore, MacRumors, Gizmodo, iPhone Hacks, iPhone Hacks, iPhone Hacks, PhoneArena, BusinessLine – Home, fossBytesiMore, Techradar, Pocket-lint, Engadget, iMore, MacDailyNews, The Apple Post, Full Disclosure, Full Disclosure, Full Disclosure, The Register

Tweets:@1BlockerApp @johnwilander @johnwilander @johnwilander @johnwilander @johnwilander @johnwilander

iPhone Hacks: Safari browser adds Full Third-Party Cookie Blocking on iOS, iPadOS 13.4, macOS
The Verge: Apple updates Safari’s anti-tracking tech with full third-party cookie blocking
MacRumors: Safari in New Versions of iOS and macOS Includes Full Third-Party Cookie Blocking
iMore: Apple releases iPadOS 13.4 with trackpad and mouse support
iMore: Apple releases iOS 13.4 with iCloud Drive folder sharing
Gizmodo: Apple Will Now Let You Buy Apps for Mac and iOS as a Bundled Package
iPhone Hacks: Apple Releases iOS 13.4 and iPadOS 13.4 With iCloud Folder Sharing, Trackpad Support, More
iPhone Hacks: Apple Releases macOS 10.15.4 and tvOS 13.4
iPhone Hacks: Apple Releases watchOS 6.2 with IAP Support, Expands ECG Feature to More Countries
PhoneArena: The latest Safari will protect your privacy by blocking third-party cookies
BusinessLine – Home: Apple updates Safari browser to block third-party cookies
fossBytes: New Apple Privacy Feature Released 2 Years Before Google Promised It For Chrome
iMore: Apple beefs up web security and privacy in iOS 13.4
Techradar: Safari update delivers ‘significant improvement for privacy’
Pocket-lint: Safari now blocks all third party trackers, with Chrome only following in 2022
Engadget: Safari now blocks all third-party cookies by default
iMore: Apple releases iOS 13.4 with iCloud Drive folder sharing
MacDailyNews: Apple releases iOS 13.4
The Apple Post: Apple releases iOS 13.4 with iCloud Drive Folder Sharing, new Memoji, updated Mail app and more
Full Disclosure: APPLE-SA-2020-03-24-7 Xcode 11.4
Full Disclosure: APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
Full Disclosure: APPLE-SA-2020-03-24-5 Safari 13.1
The Register – Security: Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters… and something weird called iTunes for Windows

@1BlockerApp: Safari now fully blocks third-party cookies by default. This is a significant improvement for privacy since it disables login fingerprinting and brings other additional benefits.
@johnwilander: The long wait is over and the latest update to Safari's Intelligent Tracking Prevention is here: Full third-party cookie blocking and more https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/ Safari users, welcome to the future and a safer web!
@johnwilander: This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.
@johnwilander: Second, full third-party cookie blocking removes statefulness in cookie blocking. There were many who raised concerns over ITP's future back in January. Hopefully, they'll now help spread the message that ITP is not only OK, it's leading the way.
@johnwilander: Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you're logged in to and use it as a fingerprint. Not in Safari.
@johnwilander: Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web's original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari.
@johnwilander: Fifth, all script-writeable storage is now aligned with the 7-day expiry Safari already has for client-side cookies. Finally, delayed bounce tracking is now detected and dealt with just like regular bounce tracking. Stay safe everyone, and make sure to use a browser you trust.


March 2, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Bug in Walgreens’ Personal Mobile App Exposed Personal Data of Some Users

Pharmacy chain giant Walgreens announced that its official mobile app contained a bug that exposed the personal details of some of its users. The problem stemmed from what the company described as “an error within the Walgreens mobile app personal secure messaging feature,” exposing details such as first and last name, prescription details, store number, and shipping addresses, where available. The leak lasted only a week, between Thursday, January 9, and Wednesday, January 15. Walgreens said it fixed the bug on January 15.

April 14, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Who Breached San Francisco Airport Websites Believed to Be Part of Russian Threat Group Energetic Bear

Cybersecurity firm ESET said that hackers believed to be operating on behalf of the Russian government as part of a threat group known as Energetic Bear (also known as DragonFly) were responsible for hacking two websites operated by the San Francisco International Airport (SFO), SFOConnect.com and SFOConstruction.com. Although San Francisco officials said that the hackers implanted code to steal login credentials, in a series of tweets, ESET said that “the targeted information was NOT the visitor’s credentials to the compromised websites, but rather the visitor’s own Windows credentials.” The goal was to steal NTLM hashes (usernames and passwords) that can be cracked to obtain a cleartext version of a user’s Windows password, ESET said. SFO changed its password after the website hacks, which is enough to prevent the hackers from using the stolen hashes.

Related: BleepingComputer.com, The Daily Swig, CISO MAG, Infosecurity Magazine, Homeland Security Today, Data Breach Today

Tweets:@ESETresearch


April 6, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Popular Hacking Forum OGUsers Experiences Second Data Breach in a Year, Data for All 200,000 Users Posted on Rival Hacking Forum

One of the most popular forums on the Internet for hackers, OGUsers, experienced its second data breach in a year when someone was able to breach the server through a shell in avatar uploading in the forum software and get access to the current database dated April 2, 2020. As was true of the previous breach, the OGUsers data was leaked on a rival hacking forum. The attacker is believed to have stolen the details of more than 200,000 users, the total number of users on the forum.  The breach was spotted by data breach monitoring service Under the Breach before the forum was put into maintenance mode by its administrators. Administrators said they reset passwords and urged users to enable two-factor authentication (2FA) for their accounts, so any of the data taken in the hack can’t be used to hijack accounts.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Russian Telco Rostelecom Redirected Traffic for More than 200 of the World’s Largest CDNs in BGP Hijack Incident

Last week traffic meant for more than 200 of the world’s largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected through Rostelecom, Russia’s state-owned telecommunications provider in a BGP (border gateway protocol) hijack incident that affected more than 8,800 internet traffic routes from 200+ networks, and lasted for about an hour. Among the companies impacted were giants, including Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode. Although some experts believe the hijack was an accident, it was exacerbated when Rostelecom’s upstream providers took the newly announced BGP routes and re-broadcast them all over the internet, amplifying the BGP hijack within seconds.

Related: Reddit – cybersecurity, Security Affairs, MANRS

Tweets:@James_inthe_box @atoonk @SilentCircle


Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Korean DarkHotel Hacking Group Has Launched Hacking Operation Against Chinese Government Agencies and Employees by Exploiting Zero-Day Flaw in Sangfor SSL VPN Servers, Sangfor Says Patch Now Available

Foreign state-sponsored hackers operating out of the Korean peninsula known as DarkHotel have launched a bona fide sophisticated massive hacking operation aimed at Chinese government agencies and their employees, according to Chinese security-firm Qihoo 360. The attacks were launched last month and are believed to be tied to the COVID-19 crisis. More than 200 VPN servers have been attacked in this campaign, which has used a zero-day vulnerability in Sangfor SSL VPN servers, typically deployed to provide remote access to enterprise and government networks. The hackers used the zero-day to gain control over the servers, where they replaced a file named SangforUD.exe with a boobytrapped version. Qihoo researchers say that 174 of these servers were located on the systems of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. It is unknown if North Korea or South Korea is behind the attacks. Qihoo said it reported the zero-day vulnerability to Sangfor last Friday, and Sangfor said that patches are now available.

Related: Cyber Security Review, 360 Core Security, TechNadu, Security Affairs, Wired, Cyberscoop

Tweets:@Bing_Chris @craiu @Mao_Ware


April 7, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Malware Operation Deploys Cryptocurrency-Mining Malware ‘Kinsing’ on Docker Servers Running API Ports Exposed on the Internet Without a Password

A malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password, with the hackers breaking into unprotected hosts and installing a new crypto-mining malware strain named Kinsing, researchers at Aqua Security report. The malware is primarily intended to mine cryptocurrency on the hacked Docker instance but also has secondary functions, including running scripts that remove other malware that may be running locally and gathering local SSH credentials in an attempt to spread to a company’s container network. Aqua recommends that companies review the security settings of their Docker instances and make sure no administrative APIs are exposed online.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Data From More Than 600,000 Email.it Users Are For Sale on the Dark Web After No Name Hacking Group Breached the Service Two Years Ago

The data of more than 600,000 users of Italian email service Email.it are currently being sold on the dark web after the service suffered a hacker attack. The hackers, who go by the name of NN (No Name) Hacking Group, went on Twitter to promote a website on the dark web where they were selling the company’s data. NN also said that the hack occurred two years ago in January 2018. They claim they asked the email service provider on February 1 to pay a bounty for pointing out the service’s flaws. Email.it confirmed it did not pay the bounty. The hackers are now selling the company’s data for an asking price that varies between 0.5 and 3 bitcoin ($3,500 and $22,000). They claim they stolen data consists of plaintext passwords, security questions, email content, and email attachments for more than 600,000 users who signed up and used the service between 2007 to 2020.

April 8, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Former Facebook CSO and Head of Stanford Cyber Policy Center Alex Stamos to Guide Zoom on Security Policy as Outside Consultant, Zoom Forms CISO Council Composed of Infosec Leaders

Former Facebook and Yahoo Chief Security Officer Alex Stamos, who currently leads the Stanford Internet Observatory Cyber Policy Center, is joining Zoom as an outside security consultant, Stamos announced in a Medium post. Stamos said that Zoom CEO Eric Yuan approached him for the move after the former Facebook CSO defended Zoom when the company was getting buried under an avalanche of bad press. Stamos is joining Zoom as an advisor and not as an employee or CSO. Also, Zoom announced the creation of a CISO Council and Advisory Board, which will include cybersecurity leaders from other companies, including VMware, Netflix, Uber, Electronic Arts, and others.

Related: BetaNews, Marketwatch, WebProNews, Android Central, iMore, Tech Insider, Reuters: Business News, San Jose Business News, Alex Stamos, Zoom Blog

Tweets:@zoom_us @AlexStamos @Shadow0pz

BetaNews: Zoom teams up with security experts, including Facebook’s former Chief Security Officer, to address privacy and safety
Marketwatch : Zoom forms cybersecurity council, adds former Facebook security chief as an advisor – MarketWatch
WebProNews : DHS: Zoom Responding to Security Concerns
Android Central : Zoom announces massive collaboration with security experts
iMore: Zoom announces massive collaboration with security experts
Tech Insider: Zoom is turning to Facebook’s former security chief to help fix its mounting privacy issues (ZM, FB)
Reuters: Business News: Zoom hires former Facebook security chief to beef up privacy, safety
San Jose Business News: Zoom brings former Facebook security chief in to advise amid criticism, lawsuit over privacy flaws
Alex Stamos:Working on Security and Safety with Zoom
Zoom Blog: Update on Zoom’s 90-Day Plan to Bolster Key Privacy and Security Initiatives

@zoom_us: We have officially formed our CISO Council and Advisory Board, including security leaders from across industries, and we’ve also announced that cybersecurity expert Alex Stamos has joined Zoom as an outside advisor [Blog Post] ...
@AlexStamos: Some personal news... After tweeting about Zoom last week I got a call from the CEO, @ericsyuan, and we had a great chat. Happy to say that I'll be helping Zoom out as they build up their security program.
@Shadow0pz: Hiring someone doesn't make a company secure. Hiring someone doesn't fix privacy. Hiring someone doesn't resolve existing bugs in code. I wish @alexstamos the very best. He's a solid and proven professional. @zoom_us we are watching, you need to LISTEN and ACT on his advice.


April 10, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Zoom Issues Fixes to Stop Leaking of Meeting IDs by Removing IDs From Title Bar, Goal Is to Reduce Zoombombing

Following highly publicized incidents in which Zoom users were shown to be leaking their meeting IDs, and even meeting passwords, when sharing screenshots of their meetings on social media, Zoom released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app’s title bar. The leaks of meeting IDs led to Zoombombing, where trolls search for meeting IDs online and then disturb meetings by playing porn videos, hurling insults, or making disturbing comments. By hiding the meeting IDs, Zoom hopes to curb Zoombombing. Also, Zoom fixed an issue with its meeting waiting rooms that allowed users to spy on meetings even if they weren’t approved to attend them.

Related: HOTforSecurity, WonderHowTo, Cyberscoop, Graham Cluley

Tweets:@campuscodi @campuscodi @campuscodi @rondeibert