Cybersecurity Roundup #17
“It’s funny to us as we’re so used to worms and viruses being bad news rather than making the world a better place.“ - Graham Cluley
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
Microsoft is releasing a substantial number of security fixes again in October’s Patch Tuesday release—with 11 rated “Critical” by Microsoft (including the latest Adobe Flash security update).
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent
The TrickBot botnet has survived a takedown attempt orchestrated by a coalition of tech companies on Monday. TrickBot command and control (C&C) servers and domains seized yesterday have been replaced with new infrastructure earlier today, multiple sources in the infosec community have told ZDNet.
Shady deals: The destructive relationship between network access sellers and ransomware groups
Ransomware groups are taking advantage of opportunities to purchase network access on dark web forums to quickly compromise networks across a variety of industries and unleash their disabling malware.
Five Eyes governments, India, and Japan make new call for encryption backdoors
Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.
Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure
A team of vulnerability spotters have netted themselves a six-figure payout from Apple after discovering dozens security holes in the Cupertino giant's computer systems, some of which could have been exploited to steal iOS source code, and more.
Sophisticated Android Ransomware Executes with the Home Button
A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices – surfacing its ransom note when a user hits the Home button.
Greg Rattray Invented the Term Advanced Persistent Threat
I was so pleased to read this Tweet yesterday from Greg Rattray: Background First, some background. Who is Greg Rattray? First, you could call him Colonel or Doctor. I will use Col as that was the last title I used with him, although these days when we chat I call him Greg.
Exclusive: Pakistan to block social media app TikTok for ‘immoral’ content – sources
Pakistan has decided to block social media App TikTok for failing to filter out “immoral” content, three top government officials said on Friday. “The platform, however, hasn’t been able to fully satisfy Pakistani authorities.
Fitbit Spyware Steals Personal Data via Watch Face
Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.
Report: U.S. Cyber Command Behind Trickbot Tricks
A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware.