New attack surface in Windows CTF system. Bluetooth flaw to decrypt traffic. Minimal mode. 16th August 2019

News

Personal note - minimal edition

Hey everyone,

I'm currently enjoying a vacation on the Belgian coast with my family, and I want to spend as much time as possible with them. So I've gathered the articles and news that seemed most interesting to me, but with less curation and summarisation than usual. I hope it's still valuable to you! Enjoy!

Breaches and leaks

Fingerprints of 1 million people exposed in public biometrics database: link.
Choice Hotels leaks 700k customer records: link.
Hacking forum spills rival’s 321,000 member database: link.

Windows CTF flaws enable attackers to fully compromise systems

Bluetooth flaw lets attacker brute-force pairing encryption key

Capital One hacker took data from more than 30 companies

Microsoft warns of new worm-ready RDP bugs

Microsoft holding Windows 7 and Server 2008 R2 updates when Symantec is installed

Symantec cannot handle the SHA-2 signing of the updates.

Zero-day in Steam client affects all Windows users

EBS snapshots: hundreds of exposed Amazon cloud backups leaking sensitive data

U.S. election systems left exposed online

U.N. Report: North Korea gained $2 billion from cyberattacks to fund weapons program

Chrome and Firefox changes spark the end of EV certificates

Stealing personal information through GDPR access requests

Responding to Firefox 0-days in the wild

This one is really worth a read. It's on how Coinbase detected the use of two Firefox zero days against them and how they handled it. Kudos!

Sponsorships

1Password: a password manager worth recommending

After using 1Password Teams for several years, I finally moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from.