TaskRabbit (now owned by Ikea) was hacked this week. They are back up and have written an update, but aren't sharing much yet of what happened, only that personal information might have been compromised.
The network was built from over 52.000 compromised servers, mostly Wordpress sites. The creators redirect part of their traffic to malicious landing pages, and rented this "traffic as a service" out to others.
Even though your phone says you're fully patched, the vendor might have not included a few security updates.
Just a nice example of why IoT security is a thing. The 'smart' thermometer was used as a foothold to discover and extract a database with personal data on the casino's high rollers.
A total of 34 tech firms (Microsoft, Facebook, LinkedIn, ..) have committed to a number of promises: never help a government launch a cyberattack, build stronger defences, share intel with each other and empower customers to protect themselves better.
Update all the things \o/
- Chrome has a new version out, where they move forward on distrusting Symantec certs, site isolation and preventing code injection: link
- Cisco has an update for a critical vulnerability in WebEx: link
- Intel is issuing a fix for a vulnerability where a local attacker can alter the behaviour of the firmware and cause it to reboot, crash or potentially execute code: link
Starting in version 70, due to come out in October, Chrome will remove http cookies after a certain time. They'll start with a year and work their way down.
It's Microsoft's version of Google's Safe Browsing API. It works of a different database than Google's and is apparently even better in detecting phishing sites.
Interesting article about the challenges of cyber insurance, from the point of view of the insurance company.
I wouldn't call it broken, but it's still an interesting article. The author registers himself as Stripe, Inc, but based out of Kentucky instead of Delaware, like the real Stripe. He then uses his company to get an EV certificate for Stripe, Inc.