Target checkouts hit by outage for a second day in a row

Another day, another Target checkout outage.

Many took to social media to complain that checkouts at the retail giant went down for a second day in a row. Many stores were only taking cash and gift cards. It comes after Target suffered a global point-of-sale machine outage on Saturday. Checkouts were down for more than two hours.

North Dakota’s New Cyber Vision

As data breaches and ransomware headlines become commonplace, what can state and local governments, universities, community colleges, K-20 schools and others in the public sector do to change the cybersecurity paradigm?

These Are the Internet of Things Devices That Are Most Targeted By Hackers

ZDNet reports: Internet-connected security cameras account for almost half of the Internet of Things devices that are compromised by hackers even as homes and businesses continue to add these and other connected devices to their networks. Research from cybersecurity company SAM Seamless Network found that security cameras represent 47 percent of vulnerable devices installed on home networks.

According to the data, the average U.S. household contains 17 smart devices while European homes have an average of 14 devices connected to the network… Figures from the security firm suggest that the average device is the target of an average of five attacks per day, with midnight the most common time for attacks to be executed — it’s likely that at this time of the night, the users will be asleep and not paying attention to devices, so won’t be witness to a burst of strange behavior.

Vim and Neo Editors Vulnerable To High-Severity Bug

JustAnotherOldGuy quotes Threatpost:A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution…

Where is the EU going on tech and competition policy?

Huge technology policy questions are looming for whoever takes the top jobs at the European Union in the coming months. Decisions that could radically reshape tech business models, reconfigure the competitive landscape and change the relationship between Internet users and the content and services they consume.

Censorship vs. the memes

The most annoying thing in any conversation is when people drop a meme bomb, some simple concept they’ve heard elsewhere in a nice package that they really haven’t thought through, which takes time and nuance to rebut. These memes are often bankrupt of any meaning. When discussing censorship, which is wildly popular these days, people keep repeating these same memes to justify it:
  • you can’t yell fire in a crowded movie theater
  • but this speech is harmful
  • Karl Popper’s Paradox of Tolerance
  • censorship/free-speech don’t apply to private organizations
  • Twitter blocks and free speech
This post takes some time to discuss these memes, so I can refer back to it later, instead of repeating the argument every time some new person repeats the same old meme.

You can’t yell fire in a crowded movie theater

This phrase was first used in the Supreme Court decision Schenck v. United States to justify outlawing protests against the draft. Unless you also believe the government can jail you for protesting the draft, then the phrase is bankrupt of all meaning.

In other words, how can it be used to justify the thing you are trying to censor and yet be an invalid justification for censoring those things (like draft protests) you don’t want censored?

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

By David Fiser, Jakub Urbanec and Jaromir Horejsi

Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant (detected by Trend Micro as Backdoor.Linux.DOFLOO.AA) of the Linux botnet malware AESDDoS caught by our honeypots.

This British 3D Printing Meetup is On the Rise

Most people who are serious about designing, building, or improving 3D printers see the Midwest Reprap Festival as the place where the latest and greatest is on show for all to see. But if you live on the other side of the world as I do, chances are slim that you’ll be able to attend.

Flaw in Evernote Chrome Ext Put 4.6M at Risk | Avast

4.6M Evernote users put at risk

Cybersecurity watchdogs discovered a critical flaw in the popular organization app Evernote, reported Bleeping Computer. The vulnerability allows attackers to access sensitive information stored on third-party sites connected to the Evernote account. By exploiting a logical coding error in the Evernote Web Clipper Chrome extension, attackers could gain privileges in Iframes beyond Evernote’s domain. Users can link various third-party sites to their Evernote app, creating an unintentional linked database of login credentials, financial data, personal communications, and more, which attackers could explore and steal.