Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

120 Comments

  1. Tomi Engdahl says:

    MIDDLE EAST DICTATORS BUY SPY TECH FROM COMPANY LINKED TO IBM AND GOOGLE
    https://theintercept.com/2019/07/12/semptian-surveillance-mena-openpower/

    Reply
  2. Tomi Engdahl says:

    Zoom patches Mac client after flaw allowed websites to turn on webcams without permission
    https://techcrunch.com/2019/07/08/a-vulnerability-in-zooms-mac-client-could-allow-websites-to-turn-on-cameras-without-permission/

    Video conferencing giant Zoom has published a patch for its Mac client removing a rogue web server from users’ computers that allowed any website to join a video call without permission.

    Reply
  3. Tomi Engdahl says:

    German banks to stop using SMS to deliver second authentication/verification factor
    https://www.helpnetsecurity.com/2019/07/12/german-banks-sms-tan/

    German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure.

    Reply
  4. Tomi Engdahl says:

    Never Commit a Crime When Your Phone Is Connected to a Wi-Fi Network
    https://slate.com/technology/2019/07/glenelg-high-school-graffiti-wifi-login.html

    Four students who left racist graffiti on their high school were caught when their smartphones betrayed them.

    Reply
  5. Tomi Engdahl says:

    Google is investigating the source of voice data leak, plans to update its privacy policies
    https://techcrunch.com/2019/07/11/google-is-investigating-the-source-of-voice-data-leak-plans-to-update-its-privacy-policies/

    Google has responded to a report this week from Belgian public broadcaster VRT NWS, which revealed that contractors were given access to Google Assistant voice recordings, including those which contained sensitive information

    https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/

    Reply
  6. Tomi Engdahl says:

    The FTC Lawsuit over D-Link: Technical Perspective of Routers Security
    https://www.vdoo.com/blog/ftc-lawsuit-over-d-link

    The U.S. Federal Trade Commission (FTC) sued D-Link for putting consumers’ most sensitive personal data at risk due to the inadequate security of its routers and cameras. D-Link was criticized for releasing products which lack basic security measures, and for responding late

    Reply
  7. Tomi Engdahl says:

    Greece’s Top Level Domain registries breached By Hacker
    https://akonnor.online/greeces-top-level-domain-registries-breached-by-hacker/

    State-sponsored hackers have broken ICS-Forth, the organization that manages Greece’s superior domain country codes of .gr and .el.

    gain access to accounts at domain registrars and managed DNS suppliers where they make modifications to a company’s DNS settings. By modifying DNS records for internal servers, they intercept traffic meant for a company’s legitimate apps or webmail services to clone servers wherever they do man-in-the-middle attacks and intercept login credentials.

    Reply
  8. Tomi Engdahl says:

    Hey, Google, why are your contractors listening to me?
    https://nakedsecurity.sophos.com/2019/07/12/hey-google-why-are-your-contractors-listening-to-me/

    Thanks to how your Google Home voice assistant records our conversations, which are sometimes triggered by mistake, audio clips – both those recorded on purpose and otherwise – are being sent to engineers working on Google Home voice processing.

    Reply
  9. Tomi Engdahl says:

    As Florida cities use insurance to pay $1 million in ransoms to hackers, Baltimore and Maryland weigh getting covered
    https://beta.washingtonpost.com/local/as-florida-cities-use-insurance-to-pay-1-million-in-ransoms-to-hackers-baltimore-and-maryland-weigh-getting-covered/2019/07/06/d1c0dc16-9f77-11e9-9ed4-c9089972ad5a_story.html?outputType=amp

    Lake City’s experience and that of another Florida city are examples of the rapidly growing role of insurance providers in helping governments and businesses respond to cyberattacks. In each case, cities that faced losing valuable records avoided that calamity, and at a modest financial cost.

    Reply
  10. Tomi Engdahl says:

    Last year, [investigators in the Netherlands discovered]( https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr/ ) that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines.

    All of which contravenes the EU’s General Data Protection Regulation, or GDPR, the Dutch said.
    https://www.zdnet.com/article/microsoft-office-365-banned-in-german-schools-over-privacy-fears/

    Reply
  11. Tomi Engdahl says:

    Symantec reveals WhatsApp and Telegram exploit that gives hackers access to your personal media
    https://venturebeat.com/2019/07/15/symantec-reveals-whatsapp-and-telegram-exploit-that-gives-hackers-access-to-your-personal-media/

    Cybersecurity company Symantec found an exploit that could allow WhatsApp and Telegram media files — from personal photos to corporate documents — to be exposed and manipulated by malicious actors.

    The security flaw, dubbed Media File Jacking, stems from the time lapse between when media files received through the apps are written to a disk and when they are loaded in an app’s chat user interface.

    Reply
  12. Tomi Engdahl says:

    Facebook Embeds ‘Hidden Codes’ To Track Who Sees And Shares Your Photos
    https://www.forbes.com/sites/zakdoffman/2019/07/14/facebook-is-embedding-hidden-codes-to-track-all-your-uploaded-photos-report/

    an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding “hidden codes” in photos uploaded by users onto the site.

    “Facebook is embedding tracking data inside photos you download,” Edin Jusupovic claimed on Twitter

    contained what I now understand is an IPTC special instruction.” The IPTC (International Press Telecommunications Council) sets technical publishing standards, including those for image metadata.

    “the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).”

    According to one analyst, the metadata has been added since 2016 and “contains an IPTC block with an ‘Original Transmission Reference’ field that contains some kind of text-encoded sequence. This coding method lets Facebook “know it has seen the image before when it gets uploaded again,” explained a user on Reddit.

    Not everyone is willing to play along with the Facebook scheme though. Twitter strips out the basic level of IPTC coding when images are posted on its site.

    Reply
  13. Tomi Engdahl says:

    Sextortion was invented by one woman in the Philippines, Maria Caparas. She turned the idea of making friends online and video chats into a clever, evil scam that would not exist without social media.
    Read more at https://www.channelnewsasia.com/news/video-on-demand/the-dark-web/queen-of-sextortion-11679252

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*