Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 10th, 2018)

A new data leak at the German Domainfactory registrar. More patches and warnings for Android users. Trends on malware exploit kits and Apple’s iOS security improvements over the years. I have lots of other links to the latest security news.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

1. Google issued 44 patches for its Android operating system as part of its July Security Bulletin. These range from issues with its OS frameworks to fixing several bugs. The most notable was a problem with Android OS media framework that could allow attackers to execute code remotely on those devices. Please download the latest fixes.

  • Email gray
  • Permalink gray

2.  The hosting company Domainfactory has taken down its forums after hackers posted messages claiming to have breached into its infrastructure. The German subsidiary of GoDaddy notified its customers that it had been breached last week and asked them to change passwords. The breach goes back to January. – SECURITY AFFAIRS

  • Email gray
  • Permalink gray

3. And there are further Android woes ahead. Low-end phones contain malware that is designed to commit digital ad fraud and collect personal data from users without their knowledge. The malware is targeting new and naïve smartphone users in developing markets. Researchers found more than a million fraudulent attempts to purchase Brazilian premium services in a single month. – UPSTREAM SYSTEMS

  • Email gray
  • Permalink gray

5. The latest draft of the TLS standard, v1.3, is now out and this post describes what you can do to support it with the various Google products and test across your network infrastucture. It adds the feature zero round-trip times, which can have the potential to improve browsing performance. – DARK READING

  • Email gray
  • Permalink gray

8.  A cybersecurity audit performed on DC’s Metro transit system highlighted that the agency remains vulnerable to attacks that might endanger its overall system security. Many of the key details are being kept secret, to prevent hackers from exploiting them. Metro lacks appropriate incident response measures. Metro will address many of the issues in the audit. – CISO MAGAZINE

  • Email gray
  • Permalink gray

9. Microsoft Azure’s AD Password Protection is a hybrid service in public preview that provides protection against common passwords. It works on both Azure AD organizational accounts and on-premises Windows Server AD accounts. It prevents users and administrators from changing or resetting their passwords to simple, easily crackable passwords.  It comes with four components: Azure service, on-premises proxy, a service that runs on domain controllers, and a custom password filter. This post tells you how to get it set up. – SECURITY BOULEVARD

  • Email gray
  • Permalink gray

10. The Lokibot malware has been active since 2015. It is an infostealer that was involved in many spam campaigns and was initially advertised for purchase on hacking forums for up to $300. Apparently, a new source has hijacked the code and created an updated version and is selling it online.  D00RT@GITHUB

  • Email gray
  • Permalink gray

The ever wise Swift on Security, about the value of helpdesk personnel.  You will want to read the entire thread. -- SWIFT ON SECURITY @ TWITTER

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

WEEKLY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

WEEKLY

SUBSCRIBED!

Share via

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

The best source of in-depth news and analysis about Amazon

Inside Amazon

The best source of in-depth news and analysis about Amazon

TWICE WEEKLY
The best source of in-depth news and analysis about Amazon

Inside Amazon

TWICE WEEKLY

SUBSCRIBED!

Share via

Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

Fascinating, curious and amazing journalism, all in one link.

DAILY
Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

DAILY

SUBSCRIBED!

Share via