Issue 18

Another hole opens up in LastPass that could take weeks to fix

Yet another problem with Lastpass was discovered, and it's a major one, allowing passwords to be stolen by a malicious website. It was yet again discovered by Tavis Ormandy from Project Zero.

sophos.com

 

Google slams Symantec for 'failures' in SSL/TLS certificate process

Google has publicly 'shamed' Symantec's work as a CA Root Authority, saying it has seen up to 30.000 certificates that were not properly validated. Google will take various measures to decrease the trust that Chrome gives to the CA.

darkreading.com

 

Here’s all the new stuff in Apple’s latest security document

Apple released a new white paper on iOS security, and this article highlights some of the things that have been added. If you want a deep dive in the white paper itself, go nuts.

techcrunch.com

 

Android security is better but still has a long way to go

Google released a detailed report on Android security, which states that they are making progress but still have a huge pile of work left to do. Especially on patching and prevention of malicious apps. The report itself can be found here.

wired.com

 

Man charged with $100m ‘whaling’ attack on two US tech giants

Last week an arrest was made for a Lithuanian man who tricked two large tech companies in wiring a total of $100 million to his own accounts, by impersonating an Asian hardware manufacturer that they were both working with.

sophos.com

 

GiftGhostBot - the malicious bot attempting to compromise gift cards across 1,000 websites

A bot was discovered that tries to find valid gift-card codes for various websites through brute force. Once validated, the attackers can use the gift cards to purchase all kinds of goods.

distilnetworks.com

 

Users leak sensitive data via Microsoft document-sharing site

It turns out a lot of users of the docs.com service didn't realise that documents are public by default. Through simple searches on the website or through search engines, one can find things like passwords and medical data.

bitdefender.com

 

Instagram adds two-factor authentication

Instagram (finally) released 2fa functionality to its platform, which seems very well implemented with regards to usability.

threatpost.com

 

Apple fixes 223 vulnerabilities across macOS, iOS, Safari

Time to update your devices. Apple released updates that fix a total of 223 bugs across iOS, macOS, and other products. Of those bugs, 70 could lead to arbitrary code execution.

threatpost.com

 

GoDaddy acquires Sucuri

Sucuri, a provider for website security tools, has been acquired by GoDaddy.

helpnetsecurity.com

 

Bill would compel firms to say if cybersec expert sits on board

A newly introduced bill would require publicly traded companies to disclose whether any members of the board of directors have cybersecurity experience.

govinfosecurity.com