F1TYM1

Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus (a third vaccine was just announced). That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and the classroom.

Hackers who stole 350,000 Spotify passwords stored them on a cloud server without a password. The hackers access the passwords using a cache of login credentials stolen from other data breaches, as all of the the users who had their Spotify passwords stolen were reusing the same password acorss multiple accounts- the biggest error of password security.

As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia’s most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.

Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to discuss.

In part 1, I deliberately kept everything really high level because frankly, I didn’t want to scare people off. I’m not ashamed to say that the process of getting even the basics working absolutely did my head in as I waded through a sea of unfamiliar technologies, protocols and acronyms. I wish I’d had just the fundamentals down pat before going deeper and that was my intention with the first part of the series.

Protecting lone workers is an issue that businesses may not have come across previously, especially those based in busy city centre office blocks pre-coronavirus. Yet with many thriving business districts deserted through a lockdown and not everyone able to work from home, it’s an issue more management teams are having to consider. 

Several years ago, I created a “malware puzzle” – basically, a crossword puzzle but with terms related to malware. You can find that puzzle here: https://bartblaze.blogspot.com/2013/08/malware-puzzle.html

Written by Shannon Vavra
Nov 23, 2020 | CYBERSCOOP

Strong e-commerce sales are predicted to help lift overall holiday retail spending in the U.S., according to forecasts released today by the National Retail Federation (NRF) and eMarketer. Both firms expect to see overall retail sales growth during November and December, though the market may be impacted by slowing brick-and-mortar sales.

Written by Sean Lyngaas
Nov 23, 2020 | CYBERSCOOP

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Thomas Moyer, 50, Apple’s chief security officer, was indicted last week by a criminal grand jury on allegations that he, Undersheriff Rick Sung and Capt. James Jensen arranged for 200 iPads to be donated to the sheriff’s office to loosen up the release of concealed-carry weapons permits for Apple security officers. The sheriff’s office is the police force for Cupertino, where Apple’s global headquarters are located. The iPad donation was shelved once a separate DA investigation into pay-to-play suspicions involving the concealed-gun permits — in which Jensen was one of four people indicted earlier this year — got underway in August 2019, District Attorney Jeff Rosen said at a Monday news conference.

Strong e-commerce sales are predicted to help lift overall holiday retail spending in the U.S., according to forecasts released today by the National Retail Federation (NRF) and eMarketer. Both firms expect to see overall retail sales growth during November and December, though the market may be impacted by slowing brick-and-mortar sales.

The term ‘cybersecurity’ has been tossed around lately. But although cybersecurity has been viewed as a saving grace for mobile devices, computers, etc. the topic is still cloaked in misconception. Things that might pop up, when it comes to cybersecurity, are:

Bernard Meyer, reporting for CyberNews: In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of “affordable” wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. CyberNews reached out to Walmart for comment and to understand whether they were aware of the Jetstream backdoor, and what they plan to do to protect their customers. After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: “Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it.”