Security daily (24-07-2020)

TikTok dumps QAnon channels, following Twitter’s crackdown

The only thing social media companies can seemingly agree upon when it comes to moderating content on their platforms is that QAnon crosses the line. TikTok has removed a number of hashtags associated with the far-right conspiracy theory group is poised to limit the spread of the group that the FBI has described as a domestic terrorism threat. The company has made it more difficult for users to search for popular hashtags, reportedly including “QAnon” and “QAnonTruth,” among others, following a similar announcement from Twitter that it would remove 7,000 accounts and limit 150,000 more. QAnon has pushed the unfounded conspiracy theory that President Donald Trump is fighting a “deep state” of government officials, celebrities and business leaders who secretly work as child sex traffickers and control global order. Its supporters frequently harass Trump critics, while believers have been linked to real-world acts of violence throughout the country. One supporter […] The post TikTok dumps QAnon channels, following Twitter’s crackdown appeared first on CyberScoop. (CyberScoop)

CISA confirms hackers are exploiting F5 flaw on federal and private networks

The Department of Homeland Security’s cybersecurity division said Friday it had responded to at least two hacking incidents at U.S. government and private-sector organizations that exploited a critical vulnerability in enterprise software to take control of the victim’s computer systems. DHS’s Cybersecurity and Infrastructure Security Agency said the unidentified malicious hackers had for weeks been scanning federal agencies’ networks for a flaw in a popular software made by F5 Networks, which was revealed earlier this month. CISA said it was working with multiple sectors to investigate possible breaches related to the vulnerability, with two compromises confirmed as of Friday. The vulnerability allows hackers to execute code remotely on target systems, opening up a pathway to deleting files or disabling services. Hackers will continue to exploit the bug, CISA warned. The agency “strongly urg[ed] users and administrators to upgrade their software to the fixed versions.” The disclosure shows how, once a […] The post CISA confirms hackers are exploiting F5 flaw on federal and private networks appeared first on CyberScoop. (CyberScoop)

Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […] The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop. (CyberScoop)

Garmin knocked out by ransomware attack

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame. (Graham Cluley)

ASUS routers could be reflashed with malware – patch now!

Responsible disclosure means the bugs are already fixed - but don't forget to check that you applied the patch. (Naked Security)

Become an IoT Master with This eBook + Video Bundle

If you're a regular Null Byte reader, you probably know your fair share of programming languages and have at least some experience with web or app development. But it's possible to apply your hard-earned coding and tech talents to other closely-related fields as well.

The Complete IoT & Hardware eBook + Video Course Bundle will teach you how to use your programming prowess to create a virtually limitless number of excellent Internet of Things (IoT) projects and tools from scratch, and it's available for over 95% off at just $29.99 today.

Ideal for lovers of all things tech and development... more (Null Byte « WonderHowTo)

UK And US Say Russia Fired A Satellite Weapon In Space

(News ≈ Packet Storm)

FBI Warns About Backdoors In Chinese Tax Software

(News ≈ Packet Storm)

Instacart User Data For Sale On The Dark Web

(News ≈ Packet Storm)

Blackbaud Hack: More UK Universities Confirm Breach

(News ≈ Packet Storm)

Researchers Reveal New Security Flaw Affecting China's DJI Drones

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.

The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM (The Hacker News)

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack

Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity.

The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and (The Hacker News)

DJI Drone App Riddled With Privacy Issues, Researchers Allege

The DJI GO 4 application open users’ sensitive data up for the taking, researchers allege. (Threatpost)

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns. (Threatpost)

News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags

Threatpost editors talk about the biggest security news stories for the week ended Jul. 24. (Threatpost)

Malicious ‘Blur’ Photo App Campaign Discovered on Google Play

Twenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads. (Threatpost)


/security-daily/ 25-07-2020 23:44:22