Category: Fity Feeds

Written by Tim Starks
Nov 24, 2020 | CYBERSCOOP

Last week, President-elect Joe Biden selected many of his top White House aides. This week, he’s announced some top Cabinet and national security posts. There are many, many jobs left to fill — most notably defense secretary and attorney general — but here’s what we’re learning so far about Biden, the Biden administration and how he’ll govern …

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work.

Building tech startups takes cash — and lots of it. But when you’re talking space startups, you’re talking galactic-level money. Costs blast right through Earth’s exosphere and become, literally, astronomical. If space is your jam, you’re going to need financial help, and you’ll learn where and how to access it at TC Sessions Space 2020 (December 16-17).

Trump’s election denialism saw him retaliate in a way that isn’t just putting the remainder of his presidency in jeopardy, it’s already putting the next administration in harm’s way.

Two-Factor Authentication Bypass Flaw Could Affect Over 70 Million Domains

San Antonio, TX – November 24, 2020 – Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.

On Monday, the Biden transition team named former Secretary of State John Kerry to be the President-elect’s climate envoy. Kerry will also be on the National Security Council, making it the the first time any sort of climate position has sat on that body.

Written by Sean Lyngaas
Nov 24, 2020 | CYBERSCOOP

Howdy folks,

I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory (Azure AD) has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide.

India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps.

Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement. The ministry said it issued the order to block these apps “based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs.” The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn’t appear to be any Chinese app left in the top 500 apps used in India.

Many species evolve in parallel, each seeking a competitive edge over the other. As cybersecurity and technology have evolved, so have criminals and ‘bad actors’ who seek to exploit weaknesses in the system for personal gain – or just to prove a point. 

November 24, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of our popular book, “The Security Intelligence Handbook: How to Disrupt Adversaries and Reduce Risk with Security Intelligence.” Here, we’re looking at chapter three, “The Security Intelligence Lifecycle.” To read the entire section, download your free copy of the handbook.

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated:

F3, an anonymous Q&A app targeting Gen Z teens which blends a Tinder-style swipe-to-friend gamification mechanic, Stories-esque rich media responses and eye-wateringly expensive subscriptions to unlock a ‘Plus’ version that actually lets you see who wants to friend you — has raised a $3.9M seed round, including for a planned push on the US market.

Here are five key cyber-related lessons learned from the 2020 U.S. elections. Hint: It’s not always DDoS or foreign actors!

Written by Joe Warminsky
Nov 24, 2020 | CYBERSCOOP

Security engineer by day, bug hunter by night, Ashar Javed is on a journey to find 365 security bugs in Microsoft Office 365. His current count sits at around 310 and Javed said he has no intentions of stopping.