Security daily (11-11-2020)

Verified, episode 2 – A Conversation with Emma Smith, Director of Global Cyber Security at Vodafone

Over the past 8 months, it’s become more important for us all to stay in contact with peers around the globe. Today, I’m proud to bring you the second episode of our new video series, Verified: Presented by AWS re:Inforce. Even though we couldn’t be together this year at re:Inforce, our annual security conference, we […] (AWS Security Blog)

Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds

A web and mobile phone application that the Philippines government uses to track coronavirus cases contained a flaw that could have allowed access to the names of tens of thousands of health care providers that use the app in that country, according to new research. The flaw has been fixed, but it stands out as another cautionary tale of how software tools used to combat the pandemic can open up new fronts in data insecurity. Multinational company Dure Technologies and officials from the World Health Organization and the Philippines Department of Health developed the app to efficiently report COVID-19 cases and help with contact tracing, and released it in June. But when researchers from the University of Toronto’s Citizen Lab investigated the app’s code, they found pressing security issues. A web version of the app, which is known as COVID-KAYA, had a flaw in its authentication logic that revealed the […] The post Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds appeared first on CyberScoop. (CyberScoop)

Palo Alto Networks to buy Expanse, which monitors exposed digital assets, for $800 million

Silicon Valley cybersecurity giant Palo Alto Networks plans to bolster its ability to protect customers by acquiring Expanse, a company with expertise in monitoring the internet for exposed assets that could be ripe for cyberattacks. The $800 million deal, which Palo Alto Networks expects to close sometime before the end of February, is geared toward boosting the company’s security operations center (SOC) product called Cortex. Expanse’s strength is mapping and managing the digital attack surfaces of companies, governmental agencies and other organizations. The acquisition comes during a relatively quiet year for bigger deals involving cybersecurity companies, after a rush of activity toward the end of 2019. Palo Alto Networks says San Francisco-based Expanse’s technology will help it secure parts of networks that can get overlooked when customers modernize their IT — a process that has only accelerated as more businesses and government agencies move operations to the cloud and maintain large teleworking […] The post Palo Alto Networks to buy Expanse, which monitors exposed digital assets, for $800 million appeared first on CyberScoop. (CyberScoop)

“Instant bank fraud” hoax is back – don’t spread fake news!

You need to spread the word to your family and friends NOT to spread the word to their family and friends (Naked Security)

COVID-19 Data Sharing App Leaked Healthcare Worker Info

(News ≈ Packet Storm)

Microsoft November 2020 Patch Arrives With Fix For Windows Zero Day

(News ≈ Packet Storm)

Dutch Gov't Orders Further Anti-Spying Measures For Telecoms

(News ≈ Packet Storm)

New Platypus Attack Can Steal Data From Intel CPUs

(News ≈ Packet Storm)

Mysterious Bugs Were Used To Hack iPhones and Android Phones And No One Will Talk About It

(News ≈ Packet Storm)

Silver Peak SD-WAN Bugs Allow for Network Takeover

Three security vulnerabilities can be chained to enable unauthenticated remote code execution. (Threatpost)

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW. (Threatpost)

Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic

Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data. (Threatpost)

Minecraft Apps on Google Play Fleece Players Out of Big Money

Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month. (Threatpost)


/security-daily/ 12-11-2020 23:44:23