Google Threat Intelligence Group
Google Threat Intelligence Group
Secure messaging apps under fire. Good to see the methods involved in gaining access to be aware of them.
security
Krebs on Security
Krebs on Security“I don’t recall seeing an ‘NTSB Board’ being fired during the middle of a plane crash investigation,” Frost said in a recent SANS newsletter. “I can say that the attackers in the phone companies will not stop because the review board has gone away. We do need to figure out how these attacks occurred, and CISA did appear to be doing some good for the vast majority of the federal systems.”If you never investigate crimes did they really happen?
ProPublica
ProPublicaHarris said he pleaded with the company for several years to address the flaw in the product, a ProPublica investigation has found. But at every turn, Microsoft dismissed his warnings, telling him they would work on a long-term alternative — leaving cloud services around the globe vulnerable to attack in the meantime.Public corporations that value shareholders more than customers were a mistake and definitely shouldn’t be handling national security. This whole series of events is frustrating because it was preventable.
Wired
WiredHagenah says that in cases of employers with “bring your own devices” policies, there’s a risk of someone leaving with huge volumes of company data saved on their laptops. That’s a particular risk if they’re disgruntled or leave on bad terms, he says.Or how about when a company is sued and must turn over all related employee Recall data? Seems like much more information than texts and emails contain. Companies might want to run this feature by their general counsel before deploying.
doublepulsar.com
doublepulsar.comI think they are probably going to set fire to the entire Copilot brand due to how poorly this has been implemented and rolled out. It’s an act of self harm at Microsoft in the name of AI, and by proxy real customer harm.AI has really obliterated the idea of getting consent from users. Big companies are just enabling data theft on a grand scale now. It's like people who build houses working for thieves rather than homeowners.
404 Media
404 MediaAs North Carolina and Montana enact new age verification laws effective January 1, residents can’t view sites in Pornhub’s parent company network.Interesting Republican effort to raise awareness and use of VPNs in red states.
Ars Technica
Ars TechnicaIn a press release, the FTC said that "Ring deceived its customers by failing to restrict employees' and contractors' access to its customers' videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards." In one case, an employee "viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms," the FTC said.This is awful and why I try not to buy surveillance devices. It’s difficult not to send data out of your house but I hope not being connected to the Internet becomes a selling point for electronics eventually.
palant.info
palant.info"So the more correct interpretation of events is: we do not have a new breach now, LastPass rather failed to contain the August 2022 breach. And because of that failure people’s data is now gone. Yes, this interpretation is far less favorable of LastPass, which is why they likely try to avoid it."I believe password managers are critical and also that this password manager is being mismanaged. I guess the time for me to move to a different service was last year.
New York Times
New York Times"Armed with secret court orders in the United States and the help of governments around the world, the Justice Department and the F.B.I. disconnected the networks from the G.R.U.’s own controllers. “Fortunately, we were able to disrupt this botnet before it could be used,” Mr. Garland said."Fantastic work and a great story. Just give me a steady stream of cybersecurity success stories please. Call the new beat Botnet Dragnet. I’ll waive my naming fee.
BuzzFeed
BuzzFeed"For years, digital rights groups like the Electronic Frontier Foundation, security researchers, and journalists have warned that Venmo’s public friend lists were a privacy threat. Founded in 2009 on the idea that payments could be another form of social content, Venmo allowed people to pay each other and post about those payments to its public feed and other social media platforms."It just takes a few seconds to update your Venmo privacy settings.
GCS
GCS"Third party link-shortening tools can add unnecessary steps to your processes, create accessibility issues, threaten user privacy and undermine user trust – with no benefit to you as communicators."Yes! The risks of using 3rd party URL shorteners outweighs any perceived benefit.
Bloomberg
Bloomberg"The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment."Facepalm. This should really help stem the tide of infrastructure attacks. We get a gas panic and the criminals get #!?*coin. At least the perpetrators can't buy Teslas with it.