50 million Facebook accounts exposed. China accused of hardware tampering. Minimal mode.  

News

Brucon - minimal mode

This week I'm at the Brucon security conference (and recovering from a 9-hour timezone difference), so we're in minimal mode again. This means I select news and articles that look interesting, but with less stringent filtering and summarising than usual. Regular service should resume next week.

Dieter Van der Stock

Breaches and leaks

  • Facebook: well, this was a big one. By abusing the "View as" function the attackers were able to access the accounts of 50 million users.
  • Chegg: not exactly small either. Chegg, a textbook rental service, had a data breach affecting over 40 million customers.
Dieter Van der Stock

How China used a tiny chip to infiltrate U.S. companies

This bit of news reads like a spy novel. I'm not entirely sure what to make of it. All involved companies released statements completely rejecting everything that was said in the original article. Will no doubt be continued.

bloomberg.com

New Linux kernel bug affects Red Hat, CentOS, and Debian Distributions

thehackernews.com

Security vulnerability in Apple's Device Enrollment Program could allow full access to corporate networks

9to5mac.com

Google adds new rules to end malicious Chrome extensions

bleepingcomputer.com

Updates

  • Adobe fixes 47 critical vulnerabilities in Acrobat and Reader: link
  • Foxit fixed more than a 100(!) vulnerabilities in their PDF reader: link
  • Mozilla patched seven vulnerabilities in Thunderbird, one of them being critical link
Dieter Van der Stock

Lock screen bypass already discovered for Appleā€™s iOS 12

sophos.com

Uber to pay $148 million in data breach settlement

techcrunch.com

Do You Really Know CORS?

performantcode.com

Hardening macOS

bejarano.io

Troy Hunt on using a Pi-hole to block ads

troyhunt.com

Sponsorships

1Password for Teams and Business

I use 1Password to securely share passwords and notes with my colleagues. Can't recommend them enough and I'm super honoured to have them as a sponsor.

1password.com

Application layer security for modern teams

Incredible organisations from startups to some of the worlds largest enterprises trust Templarbit to protect their web applications, APIs and microservices. Run a next-gen WAF or ship a smart Content Security Policy workflow in minutes.

templarbit.com

No spam, ever. We'll never share your email address and you can opt out at any time.