Security News: October 3, 2019 – PSW #622

 

 

This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals love, Doordash third-party breach hits 4.9 Million users, and how a “Bulletproof” Dark Web data center was seized by German police!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security News: October 3, 2019

Paul’s Stories

  1. American Express Insider Breaches Cardholder Information
  2. Turkey fines Facebook $282,000 over privacy breach
  3. FBI: Don’t pay ransomware demands, stop encouraging cybercriminals
  4. WhatsApp Flaw Opens Android Devices to Remote Code Execution Attacks
  5. Measuring the Security of IoT Devices – Schneier on Security
  6. Good cybersecurity comes from focusing on the right things, but what are they? – Help Net Security
  7. Skylight Cyber | All Your Cloud Are Belong To Us (CVE-2019-12491)
  8. MITRE ATT&CK: Clipboard data
  9. 10 Cybersecurity Myths That Criminals Love
  10. Top 5 New Open Source Security Vulnerabilities in September 2019
  11. The Secret to CISO Success? Do This One Thing Extremely Well – Accellion

Larry’s Stories

  1. A malware strain dubbed Masad Stealer is using the Telegram messaging app to steal cryptocurrency by accessing browser passwords and clipboard information, security researchers learned.
  2. Security researchers detected a previously undocumented botnet named Gucci, which is capable of launching multiple types of distributed denial-of-service (DDoS) attacks against targeted organizations.
  3. A former Yahoo software engineer has pleaded guilty to hacking 6,000 user accounts in a hunt for sexual images. Following an FBI investigation, Reyes Daniel Ruiz, 34, also admitted to hacking the iCloud, Facebook, Dropbox and Gmail accounts of his victims, primarily young female colleagues and friends.
  4. Web-conferencing users who don’t assign passwords could be having online meetings with more people than they think, according to new research.

Lee’s Stories

  1. Unfixable Jailbreak Exploit released iPhone X and prior vulnerable to exploit, physical access required. Fixed in iPhone 11.
  2. Doordash third-party breach hits 4.9M users Third party security is critical.
  3. “Bulletproof” Dark Web data center seized by German Police While the takedown is significant, services will likely move to alternate hosting sites.
  4. Ex-Yahoo Engineer Hacked accounts seeking Porn Ex-Yahoo Engineer cracked passwords, seeking credentials to access other services, porn, gaming, iTunes, etc.
  5. Microsoft blocks 38 more attachment types in Email These can be enabled by Exchange Admin. Include Python, PowerShell, Java and Certificate file typical extensions.
  6. O.MG Lightning Cable hits Prime Time The O.MG cable is hitting the shelves at Hak5 for $49.

Hosts

Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely
Lee Neely – Senior Cyber Analyst
Matt Alderman
Matt Alderman – CEO
Paul Asadoorian
Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
  • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!