Issue 18

Another hole opens up in LastPass that could take weeks to fix

Yet another problem with Lastpass was discovered, and it's a major one, allowing passwords to be stolen by a malicious website. It was yet again discovered by Tavis Ormandy from Project Zero.


Google slams Symantec for 'failures' in SSL/TLS certificate process

Google has publicly 'shamed' Symantec's work as a CA Root Authority, saying it has seen up to 30.000 certificates that were not properly validated. Google will take various measures to decrease the trust that Chrome gives to the CA.


Here’s all the new stuff in Apple’s latest security document

Apple released a new white paper on iOS security, and this article highlights some of the things that have been added. If you want a deep dive in the white paper itself, go nuts.


Android security is better but still has a long way to go

Google released a detailed report on Android security, which states that they are making progress but still have a huge pile of work left to do. Especially on patching and prevention of malicious apps. The report itself can be found here.


Man charged with $100m ‘whaling’ attack on two US tech giants

Last week an arrest was made for a Lithuanian man who tricked two large tech companies in wiring a total of $100 million to his own accounts, by impersonating an Asian hardware manufacturer that they were both working with.


GiftGhostBot - the malicious bot attempting to compromise gift cards across 1,000 websites

A bot was discovered that tries to find valid gift-card codes for various websites through brute force. Once validated, the attackers can use the gift cards to purchase all kinds of goods.


Users leak sensitive data via Microsoft document-sharing site

It turns out a lot of users of the service didn't realise that documents are public by default. Through simple searches on the website or through search engines, one can find things like passwords and medical data.


Instagram adds two-factor authentication

Instagram (finally) released 2fa functionality to its platform, which seems very well implemented with regards to usability.


Apple fixes 223 vulnerabilities across macOS, iOS, Safari

Time to update your devices. Apple released updates that fix a total of 223 bugs across iOS, macOS, and other products. Of those bugs, 70 could lead to arbitrary code execution.


GoDaddy acquires Sucuri

Sucuri, a provider for website security tools, has been acquired by GoDaddy.


Bill would compel firms to say if cybersec expert sits on board

A newly introduced bill would require publicly traded companies to disclose whether any members of the board of directors have cybersecurity experience.