Issue 142

Personal note - minimal edition

Hey everyone,

I'm currently enjoying a vacation on the Belgian coast with my family, and I want to spend as much time as possible with them. So I've gathered the articles and news that seemed most interesting to me, but with less curation and summarisation than usual. I hope it's still valuable to you! Enjoy!



Breaches and leaks

  • Fingerprints of 1 million people exposed in public biometrics database: link.
  • Choice Hotels leaks 700k customer records: link.
  • Hacking forum spills rival’s 321,000 member database: link.


Windows CTF flaws enable attackers to fully compromise systems


bleepingcomputer.com


Bluetooth flaw lets attacker brute-force pairing encryption key


bleepingcomputer.com


Capital One hacker took data from more than 30 companies


zdnet.com


Microsoft warns of new worm-ready RDP bugs


sophos.com


Microsoft holding Windows 7 and Server 2008 R2 updates when Symantec is installed

Symantec cannot handle the SHA-2 signing of the updates.
zdnet.com


Zero-day in Steam client affects all Windows users


threatpost.com


EBS snapshots: hundreds of exposed Amazon cloud backups leaking sensitive data


techcrunch.com


U.S. election systems left exposed online


vice.com


U.N. Report: North Korea gained $2 billion from cyberattacks to fund weapons program


reuters.com


Chrome and Firefox changes spark the end of EV certificates


bleepingcomputer.com


Stealing personal information through GDPR access requests


vice.com


Responding to Firefox 0-days in the wild

This one is really worth a read. It's on how Coinbase detected the use of two Firefox zero days against them and how they handled it. Kudos!
coinbase.com


Sponsorships

1Password: a password manager worth recommending

After using 1Password Teams for several years, I finally moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from.
1password.com