Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 10th, 2018)

A new data leak at the German Domainfactory registrar. More patches and warnings for Android users. Trends on malware exploit kits and Apple’s iOS security improvements over the years. I have lots of other links to the latest security news.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

1. Google issued 44 patches for its Android operating system as part of its July Security Bulletin. These range from issues with its OS frameworks to fixing several bugs. The most notable was a problem with Android OS media framework that could allow attackers to execute code remotely on those devices. Please download the latest fixes.

  • Email gray
  • Permalink gray

2.  The hosting company Domainfactory has taken down its forums after hackers posted messages claiming to have breached into its infrastructure. The German subsidiary of GoDaddy notified its customers that it had been breached last week and asked them to change passwords. The breach goes back to January. – SECURITY AFFAIRS

  • Email gray
  • Permalink gray

Interested in reaching smart, sophisticated readers like yourself?

Inside's newsletters have more than half a million highly-engaged, influential readers across industries. For the opportunity to tell your brand's story in a way that resonates with this outstanding readership, contact us today.

3. And there are further Android woes ahead. Low-end phones contain malware that is designed to commit digital ad fraud and collect personal data from users without their knowledge. The malware is targeting new and naïve smartphone users in developing markets. Researchers found more than a million fraudulent attempts to purchase Brazilian premium services in a single month. – UPSTREAM SYSTEMS

  • Email gray
  • Permalink gray

5. The latest draft of the TLS standard, v1.3, is now out and this post describes what you can do to support it with the various Google products and test across your network infrastucture. It adds the feature zero round-trip times, which can have the potential to improve browsing performance. – DARK READING

  • Email gray
  • Permalink gray

8.  A cybersecurity audit performed on DC’s Metro transit system highlighted that the agency remains vulnerable to attacks that might endanger its overall system security. Many of the key details are being kept secret, to prevent hackers from exploiting them. Metro lacks appropriate incident response measures. Metro will address many of the issues in the audit. – CISO MAGAZINE

  • Email gray
  • Permalink gray

9. Microsoft Azure’s AD Password Protection is a hybrid service in public preview that provides protection against common passwords. It works on both Azure AD organizational accounts and on-premises Windows Server AD accounts. It prevents users and administrators from changing or resetting their passwords to simple, easily crackable passwords.  It comes with four components: Azure service, on-premises proxy, a service that runs on domain controllers, and a custom password filter. This post tells you how to get it set up. – SECURITY BOULEVARD

  • Email gray
  • Permalink gray

10. The Lokibot malware has been active since 2015. It is an infostealer that was involved in many spam campaigns and was initially advertised for purchase on hacking forums for up to $300. Apparently, a new source has hijacked the code and created an updated version and is selling it online.  D00RT@GITHUB

  • Email gray
  • Permalink gray

The ever wise Swift on Security, about the value of helpdesk personnel.  You will want to read the entire thread. -- SWIFT ON SECURITY @ TWITTER

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 
   
   

Gain cybersecurity expertise from Harvard's VPAL in 8 weeks. Learn More.

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

 

[YOUR LOGO HERE – click for details]

Subscribe to Inside Security

MORE NEWSLETTERS

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

DAILY
A thoughtful roundup of news and links for developers

Inside Dev

DAILY

SUBSCRIBED!

Share via

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

Inside Bitcoin

Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

DAILY
Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

Inside Bitcoin

DAILY

SUBSCRIBED!

Share via

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via