F1TYM1

Welcome back to This Week in Apps, the TechCrunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The Trump administration moves forwards with plans to ban TikTok and WeChat (although TikTok gets a partial extension), Unity goes public and we announce the winner of this year’s Startup Battlefield. This is your Daily Crunch for September 18, 2020.

Some of the biggest names in online gaming in the United States have received letters from the U.S. government requesting information about their relationship with the multibillion-dollar Chinese technology company, Tencent, according to reports.

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

NS8 launched in 2016 to provide online fraud detection and prevention software for small businesses. More than 200 NS8 employees were laid off last week after executives told them the company was under investigation by the SEC for fraud. The news was startling for many, considering the company had announced a $123 million Series A funding round in June, led by global VC firm Lightspeed Venture Partners. In a statement, NS8 said that its board “has learned that much of the company’s revenue and customer information had been fabricated by Mr. Rogas.” The company added that no other employees or stakeholders had been charged and that it is cooperating with federal investigators. In its complaint, filed in the Southern District of New York, the Justice Department alleged that from January 2019 to February 2020, between 40% and 95% of NS8’s assets were made up. During that period, the agency alleged, Rogas presented doctored bank statements to reflect over $40 million in fictitious revenue. Charges by the Justice Department carry penalties up to 20 years in prison. Rogas is expected to face a judge in Nevada on Friday.

On September 11, Otila Rogers, a former inmate who spent most of the past decade in and out of California’s prison system, received a phone call she’d been waiting for since March.

To improve security, enhance user experience, and address compatibility with future AWS Identity changes, AWS Single Sign-On (SSO) is making changes to the sign-in process that will affect some AWS SSO customers. The changes will go into effect globally in early October 2020.

The U.S. Commerce Department has now announced the details of how it will enforce the shutdown of TikTok and WeChat in the country, after announcing in August plans to do so by September 20 over national security concerns. The news is structured along two dates, September 20 and November 12. Both apps and their app updates will no longer be distributed in U.S. app stores as of September 20. But TikTok specifically gets an extension on how it operates until November 12.

John Biggs Contributor

• GBatteries let you charge your car as quickly as visiting the pump
• The new TAG Heuer Carrera Calibre Tourbillon Nanograph is a lot of buzzwords in a beautiful package

Eric Villines Contributor

==========================================================================
Ubuntu Security Notice USN-4519-1
September 17, 2020

The headlines aren’t always kind to the National Security Agency, a spy agency that operates almost entirely in the shadows. But a year ago, the NSA launched its new Cybersecurity Directorate, which in the past year has emerged as one of the more visible divisions of the spy agency.

A patient has died as result of a cyberattack at a German hospital. As per hospital investogation, hacker attacked a weak spot in “widely used commercial add-on software,” resulting in system crashed and the hospital wasn’t able to access data; emergency patients were taken elsewhere and operations postponed. Cybersecurity experts reacted below on this critical incident.

On Wednesday, Facebook announced a new project: the company would send out a hundred employees and contractors equipped with glasses that would record every piece of audio, visual, and spatial information possible in public and private spaces.

The modern network has all of the tools needed to batten down the hatches on even the most sophisticated of threats. Your perimeter-based security tools are preventing breaches from malicious actors while your endpoint tools are protecting individual devices from compromise. But what happens when threats don’t look like threats? What happens when a threat actor already has a foothold into the network? The IP checks every box? These are called insider threats, and we’ve seen some big-name enterprises fall victim to such attacks in recent years.

The U.S. Commerce Department has now announced the details of how it will enforce the shutdown of TikTok and WeChat in the country, after announcing in August plans to do so by September 20 over national security concerns. The news is structured along two dates, September 20 and November 12. Both apps and their app updates will no longer be distributed in U.S. app stores as of September 20. But TikTok specifically gets an extension on how it operates until November 12.

The big news this week is the huge flaw in Microsoft’s Active Directory, CVE-2020-1472 (whitepaper). Netlogon is a part of the Windows domain scheme, and is used to authenticate users without actually sending passwords over the network. Modern versions of Windows use AES-CFB8 as the cryptographic engine that powers Netlogon authentication. This peculiar mode of AES takes an initialization vector (IV) along with the key and plaintext. The weakness here is that the Microsoft implementation sets the IV to all zeros.