The games experienced various issues as a result, from Internet and television services going down to the website being unreachable. They don't want to comment on who did it, although Russia and North Korea are prime candidates. The attacks work through a piece of malware dubbed 'Olympic Destroyer'. Here's an overview of what it does.
A new bug was discovered where if you send a certain sequence of characters for an Indian language called Telugu, you crash your phone. Apple will release a fix. For a much deeper dive on why this might happen check out this Hackernews post and comments.
The update fixes 50 vulnerabilities, of which 14 are rated critical. A particularly bad one is a fix for Outlook where just previewing a malicious email can compromise your system.
Time to group them up again so there's a bit more room for other news.
- a legacy Fedex service still had an unsecured bucket with the personal details of thousands of customers, including ID cards and drivers licenses: link
- data on 800.000 Swisscom customers leaked through an external partner: link
- a few weeks old but still: a French marketing agency had an unsecured s3 bucket with personal details on 12.000 'influencers': link
A researcher points out that there is nothing blocking any app on MacOS from using the builtin screenshot API. It's available to all and doesn't require any permission. Add some phone-home code and OCR and you can sneak out pretty much anything.
Since ad blockers are related to security, I figure it's useful to show clearly what Chrome's built-in ad blocker does, starting February 15th.
In short it blocks obnoxious ads and sites, but is no substitute for the likes of uBlock Origin from a security point of view.
Fantastic overview of various security measures to take and suggested tools to implement them.
Very interesting read on how Lyft tries to work security in the development cycle with a high degree of respect for the engineers' time and responsibilities.
A few issues back we saw a thought provoking article on how to steal credit card information through third-party packages. I can certainly recommend it if you haven't read it yet.
This article is part 2, where the author explores what you can do about it. None of the options are an easy fix, but worth a read for sure.
Real-time phishing, while difficult to pull off, can defeat 2fa protection by proxying the two-factor response to the attacker. These researchers released a tool on Github based on Selenium and Python that communicates between the phishing site and the attacker's session.
Cool little video showing a skimmer sliding a keypad over a payment terminal in an Aldi store. It only takes him about a second.
Use the dead accurate Netsparker web application security scanner to do the work for you, including eliminating false positives.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure, used by yours truly every day. It fully integrates with G Suite, and you can try it free with 10 devices for as long as you need.