Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.



  1. Tomi Engdahl says:


  2. Tomi Engdahl says:

    Zoom patches Mac client after flaw allowed websites to turn on webcams without permission

    Video conferencing giant Zoom has published a patch for its Mac client removing a rogue web server from users’ computers that allowed any website to join a video call without permission.

  3. Tomi Engdahl says:

    German banks to stop using SMS to deliver second authentication/verification factor

    German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure.

  4. Tomi Engdahl says:

    Never Commit a Crime When Your Phone Is Connected to a Wi-Fi Network

    Four students who left racist graffiti on their high school were caught when their smartphones betrayed them.

  5. Tomi Engdahl says:

    Google is investigating the source of voice data leak, plans to update its privacy policies

    Google has responded to a report this week from Belgian public broadcaster VRT NWS, which revealed that contractors were given access to Google Assistant voice recordings, including those which contained sensitive information

  6. Tomi Engdahl says:

    The FTC Lawsuit over D-Link: Technical Perspective of Routers Security

    The U.S. Federal Trade Commission (FTC) sued D-Link for putting consumers’ most sensitive personal data at risk due to the inadequate security of its routers and cameras. D-Link was criticized for releasing products which lack basic security measures, and for responding late

  7. Tomi Engdahl says:

    Greece’s Top Level Domain registries breached By Hacker

    State-sponsored hackers have broken ICS-Forth, the organization that manages Greece’s superior domain country codes of .gr and .el.

    gain access to accounts at domain registrars and managed DNS suppliers where they make modifications to a company’s DNS settings. By modifying DNS records for internal servers, they intercept traffic meant for a company’s legitimate apps or webmail services to clone servers wherever they do man-in-the-middle attacks and intercept login credentials.

  8. Tomi Engdahl says:

    Hey, Google, why are your contractors listening to me?

    Thanks to how your Google Home voice assistant records our conversations, which are sometimes triggered by mistake, audio clips – both those recorded on purpose and otherwise – are being sent to engineers working on Google Home voice processing.

  9. Tomi Engdahl says:

    As Florida cities use insurance to pay $1 million in ransoms to hackers, Baltimore and Maryland weigh getting covered

    Lake City’s experience and that of another Florida city are examples of the rapidly growing role of insurance providers in helping governments and businesses respond to cyberattacks. In each case, cities that faced losing valuable records avoided that calamity, and at a modest financial cost.

  10. Tomi Engdahl says:

    Last year, [investigators in the Netherlands discovered]( ) that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines.

    All of which contravenes the EU’s General Data Protection Regulation, or GDPR, the Dutch said.

  11. Tomi Engdahl says:

    Symantec reveals WhatsApp and Telegram exploit that gives hackers access to your personal media

    Cybersecurity company Symantec found an exploit that could allow WhatsApp and Telegram media files — from personal photos to corporate documents — to be exposed and manipulated by malicious actors.

    The security flaw, dubbed Media File Jacking, stems from the time lapse between when media files received through the apps are written to a disk and when they are loaded in an app’s chat user interface.

  12. Tomi Engdahl says:

    Facebook Embeds ‘Hidden Codes’ To Track Who Sees And Shares Your Photos

    an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding “hidden codes” in photos uploaded by users onto the site.

    “Facebook is embedding tracking data inside photos you download,” Edin Jusupovic claimed on Twitter

    contained what I now understand is an IPTC special instruction.” The IPTC (International Press Telecommunications Council) sets technical publishing standards, including those for image metadata.

    “the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).”

    According to one analyst, the metadata has been added since 2016 and “contains an IPTC block with an ‘Original Transmission Reference’ field that contains some kind of text-encoded sequence. This coding method lets Facebook “know it has seen the image before when it gets uploaded again,” explained a user on Reddit.

    Not everyone is willing to play along with the Facebook scheme though. Twitter strips out the basic level of IPTC coding when images are posted on its site.

  13. Tomi Engdahl says:

    Sextortion was invented by one woman in the Philippines, Maria Caparas. She turned the idea of making friends online and video chats into a clever, evil scam that would not exist without social media.


Leave a Comment

Your email address will not be published. Required fields are marked *