Issue 96

Minimal mode - traveling for work

It's been less than a month since I joined Articulate, and I'm already invited to a company retreat at Lake Tahoe. No complaints here! This issue will be a minimal one, where I select the stories that jump out to me but with less filtering and summarising.
Next week I'll be visiting BruCon, so it'll be a minimal version then as well. Normal service should resume thereafter.



Breaches and leaks

  • SHEIN: fashion retailer, exposed data and passwords of over 6 million customers.
  • United Nations: a Wordpress site related to the UN exposed thousands of resumes.
  • NewsNow: UK newssite, suffered a breach where "encrypted" passwords were accessed but further details seem sparse.


Mac Mojave zero-day allows malicious apps to access sensitive info


threatpost.com


Unwiped drives and servers from NCIX retailer for sale on Craigslist


bleepingcomputer.com


Zero-day Windows JET database vulnerability disclosed by Zero Day Initiative


bleepingcomputer.com


Millions of Twitter DMs may have been exposed by year-long bug


sophos.com


Over 80 Cisco products affected by FragmentSmack DoS bug


bleepingcomputer.com


Tricky DoS attack crashes Mozilla Firefox


threatpost.com


Cloudflare improves privacy by encrypting the SNI during TLS negotiation


bleepingcomputer.com


Update all the things \o/

  • Western Digital finally fixes an authentication bypass in its MyCloud NAS devices: link
  • Cisco Webex Network Recording Player has an update that fixed a remote code execution vulnerability: link


UK regulator fines Equifax Ltd 500,000 pounds for 2017 security breach

Just missed this one last week.
reuters.com


Firefox Monitor starts tracking breached email addresses


sophos.com


Mirai botnet authors avoid jail time by helping FBI


krebsonsecurity.com


Sponsorship

A comprehensive guide to application-level denial of service

The availability of web applications is critical nowadays, more than ever. But it's also at risk because of very complex application-level denial of service attacks. Read this guide that highlights the different DoS techniques used so you know what to look for.
netsparker.com


1Password for Teams and Business

Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.
1password.com