F1TYM1

Written by Sean Lyngaas
Oct 19, 2020 | CYBERSCOOP

TikTok returns to Pakistan, Apple launches a music-focused streaming station and SpaceX launches more Starlink satellites. This is your Daily Crunch for October 19, 2020.

Social media platforms have repeatedly found themselves in the United States government’s crosshairs over the last few years, as it has been progressively revealed just how much power they really wield, and to what purposes they’ve chosen to wield it. But unlike, say, a firearm or drug manufacturer, there is no designated authority who says what these platforms can and can’t do. So who regulates them? You might say everyone and no one.

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, and the absence of Deepfakes from the 2020 US elections.

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

The US government accused six members of Russia’s military intelligence of being behind the destructive NotPetya ransomware attack. 

Six Russian intelligence officers accused of launching some of the “world’s most destructive malware” — including an attack that took down the Ukraine power grid in December 2015 and the NotPetya global ransomware attack in 2017 — have been charged by the U.S. Justice Department.

Written by Tim Starks
Oct 19, 2020 | CYBERSCOOP

Six Russian intelligence officers accused of launching some of the “world’s most destructive malware” — including an attack that took down the Ukraine power grid in December 2015 and the NotPetya global ransomware attack in 2017 — have been charged by the U.S. Justice Department.

Working from home is becoming more of a permanent option with each passing day, but working from home means your network is provided not by your corporate enterprise but by carriers such as Verizon, AT&T, and Comcast.

October 19, 2020 • Caitlin Mattingly

The U.S. Federal Bureau of Investigation, the FBI, has taken an increasingly prominent role in the day-to-day cyber defense of organizations and institutions here in the U.S. and globally. Through the establishment of the IC3, the Internet Crime Complaint Center, the FBI provides an invaluable public resource for prevention, response, and mitigation of cyber threats to businesses and public organizations of all sizes.

Written by Shannon Vavra
Oct 19, 2020 | CYBERSCOOP

Multi-factor authentication (MFA) is one of the most popular authentication security solutions available to organizations today. It really comes as no surprise, as the multi-factor authentication benefits of enhanced security go beyond the basic password security measures by forcing the user to authenticate with another method that (presumably) only the legitimate user has access to. 

In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named Akanksha Sachin Verma. As per the description given by the author, it is an intermediate-level challenge. The goal is to get root access of the machine and read the root flag.

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for grabs, and in play, or at stake. Then, all of a sudden…it wasn’t.

In addition to being the largest fast food restaurant in the world, McDonald’s is also one of the world’s largest employers, real estate companies, and toy companies, thanks to the Happy Meal. It has also been transitioning into a tech company over the past several years, introducing a mobile app, kiosk systems, and digital menu boards, and investing in a data analytics company, a mobile tech company, and a voice analytics company. For CISO Tim Youngblood that means driving a framework for understanding and managing risk, and building a risk-aware culture at the fast food giant. Tune in to learn how he approaches risk management and how he believes the pandemic changed the security landscape.

Various factors may introduce vulnerabilities in a product during its lifecycle, resulting in a drift from the required compliance status. Hence, it is of utmost importance that security is baked into the product at every stage of development and possibilities of security gaps are ruled out. CI/CD integration in the product lifecycle establishes a consistent and automated way to build, package, and test applications; thereby, ensuring that the security parameters are a part of each delivery.

As more and more data is stored in the cloud and companies enable BYOD and remote work, comprehensive threat protection against known and zero-day malware becomes a critical need. Unfortunately, even some of the largest organizations have fallen victim to today’s threats. From operation-disrupting ransomware to viruses that steal sensitive information, there is much that can go wrong. Fortunately, through modern security measures designed for transforming IT ecosystems, organizations can prevent malware attacks and their ramifications that consume time, money, and end up destroying brand reputation.