Issue 73

TaskRabbit takes down app and website after getting hacked

TaskRabbit (now owned by Ikea) was hacked this week. They are back up and have written an update, but aren't sharing much yet of what happened, only that personal information might have been compromised.
bleepingcomputer.com


Researchers take down malicious traffic distribution network EITest

The network was built from over 52.000 compromised servers, mostly Wordpress sites. The creators redirect part of their traffic to malicious landing pages, and rented this "traffic as a service" out to others.
bleepingcomputer.com


Your Android phone says it's fully patched, but is it really?

Even though your phone says you're fully patched, the vendor might have not included a few security updates.
helpnetsecurity.com


Hackers attack casino’s through its fish tank thermometer

Just a nice example of why IoT security is a thing. The 'smart' thermometer was used as a foothold to discover and extract a database with personal data on the casino's high rollers.
hackread.com


Tech firms pledge not to help governments launch cyberattacks

A total of 34 tech firms (Microsoft, Facebook, LinkedIn, ..) have committed to a number of promises: never help a government launch a cyberattack, build stronger defences, share intel with each other and empower customers to protect themselves better.
helpnetsecurity.com


Update all the things \o/

  • Chrome has a new version out, where they move forward on distrusting Symantec certs, site isolation and preventing code injection: link
  • Cisco has an update for a critical vulnerability in WebEx: link
  • Intel is issuing a fix for a vulnerability where a local attacker can alter the behaviour of the firmware and cause it to reboot, crash or potentially execute code: link


Google Chrome to auto-expire cookies delivered over http

Starting in version 70, due to come out in October, Chrome will remove http cookies after a certain time. They'll start with a year and work their way down.
bleepingcomputer.com


Microsoft ports anti-phishing extension to Google Chrome

It's Microsoft's version of Google's Safe Browsing API. It works of a different database than Google's and is apparently even better in detecting phishing sites.
bleepingcomputer.com


Cyberinsurance tries to tackle the unpredictable world of hacks

Interesting article about the challenges of cyber insurance, from the point of view of the insurance company.
wired.com


Extended Validation (EV) certificates are broken

I wouldn't call it broken, but it's still an interesting article. The author registers himself as Stripe, Inc, but based out of Kentucky instead of Delaware, like the real Stripe. He then uses his company to get an EV certificate for Stripe, Inc.
ian.sh


Sponsorship

Securing your company Macs

Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure, used by yours truly every day. It fully integrates with G Suite, and you can try it free with 10 devices for as long as you need.
fleetsmith.com


The (easy) road to GDPR compliance

GDPR is coming, are you ready? If not, don't worry. Read this easy to follow whitepaper that gives practical advise on what businesses have to do to get started and become GDPR compliant.
netsparker.com