Tuesday 5/28
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
Since that leak, rogue actors have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines. Now the tool is hitting the United States where it is most vulnerable, in local governments with aging digital infrastructure and fewer resources to defend themselves.
https://nyti.ms/2HIEVY9
Title insurer exposes millions of mortgage records in data breach
First American Financial Corp. “kept the digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images” on an open server “available without authentication to anyone with a Web browser.”
http://bit.ly/2QqONZ4
Security researcher spots a macOS malware vulnerability that’s not yet patched
Watch out for this potential vulnerability if you're opening up apps on a Mac: a security researcher has worked out a way that malware makers can bypass the macOS Gatekeeper protections to run malicious code. The key is in the way macOS handles network shares and treats them as safe: the system could be tricked into opening a zip file archive that contains malicious code.
http://bit.ly/2WrveFp
Wednesday 5/29
FireEye Buys Startup Verodin For $250M To Find Security Gaps
The purchase of Verodin will make it easier for FireEye customers to reliably and consistently quantify cyber risk in a way that's understandable to both frontline technicians as well as the board room, said FireEye CEO Kevin Mandia.
http://bit.ly/2KcjhwX
Thursday 5/30
Malware and botnets: Why Emotet is dominating the malicious threat landscape in 2019
Such is the power of Emotet that analysis by security company Proofpoint has found that the malware accounted for almost all of the botnet payloads delivered by email between January and March 2019 – and botnets accounted for 61% of all malicious payloads sent in phishing messages during that period.
https://zd.net/2XbxHRy
Flipboard reveals data breach, which left users’ details exposed
The news aggregation app announced in a post that it had identified unauthorized access of some of its internal systems, which contained some Flipboard users' account information and credentials. For more than nine months, the unauthorized person had access to Flipboard's systems, potentially able to obtain copies of databases which hosted users' information.
http://bit.ly/2VXEq07
Friday 5/31
McAfee Collaborates with Amazon Web Services to Bring Enhanced Database Security to the Cloud
McAfee today announced McAfee® Database Security for Amazon Relational Database Service (Amazon RDS), strengthening the company’s relationship with Amazon Web Services (AWS) and shared commitment to offer cloud-based security solutions. This new product delivers real-time visibility into virtually all database activity, including local privileged user access and offers the ability to monitor and thwart sophisticated attacks from within the database.
https://yhoo.it/2wt90Ex
It’s the middle of the night. Do you know who your iPhone is talking to?
App trackers are like the cookies on websites that slow load times, waste battery life and cause creepy ads to follow you around the Internet. Except in apps, there’s little notice trackers are lurking and you can’t choose a different browser to block them.
https://wapo.st/2HLbXH4
Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion
Over 2.3 billion files -- including sensitive data like payroll information, credit card details, medical data and patents for intellectual property -- are exposed publicly online, putting both people and organisations at risk of data theft, cybercrime, espionage and other malicious activities.
https://zd.net/2HKTSsu