F1TYM1

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

WhatsApp delays enforcement of a controversial privacy change, Apple may get rid of the Touch Bar in future MacBooks and Bumble files to go public. This is your Daily Crunch for January 15, 2021.

Software is becoming an increasingly pivotal part of modern business and society. In turn, consumers have come to expect instant gratification. This has driven businesses to concentrate on innovation and speed to market. Businesses that can???t keep up with the hyper-competitive market of speed-to-value are falling behind.

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

On the day a violent mob of Trump supporters stormed the U.S. Capitol, a worried GitHub employee warned his co-workers in the D.C. area to be safe.

To prevent security breaches and data loss, organizations have directed a lot of time, effort, and capital spend toward security initiatives. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter have only revealed equal if not greater threats within. To help counter this internal threat, organizations have invested heavily in internal monitoring and other advanced security controls that inspect traffic at all layers of the OSI stack to identify malicious activity and stop it before it reaches the destination, or to issue an alert on the activity alone. 

Not long ago, we helped MSPs pick the right remote monitoring and management (RMM) platform for them, and make it an essential part of their service toolkit. As you may recall, an RMM is a tool that helps MSPs do the work. And what better way to track the work—and other elements associated with it—than to have professional service automation (PSA) software do it for you?

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Written by Shannon Vavra
Jan 15, 2021 | CYBERSCOOP

On the day a violent mob of Trump supporters stormed the U.S. Capitol, a worried GitHub employee warned his co-workers in the D.C. area to be safe.

Chinese smartphone maker Xiaomi is the latest to be added to the Trump administration’s military blacklist. On Thursday, the Department of Defense added nine companies to its list of alleged Chinese military companies, including Xiaomi.

When retired web developer Catherine Kunicki tried to sign up for her first dose of the Covid-19 vaccine in downtown Brooklyn, the AdvantageCare Physicians website rejected her. She received an error message that her identity couldn’t be verified through Experian, a credit monitoring company. 

Much has been said about the shadow cast by the pandemic across security teams, as well as the widespread and seismic changes it has facilitated across every part of business function. The sudden shift into remote working has been a challenging endeavour for everyone, but especially among senior management. According to the recent COVID-19 State of Remote Work Survey 2.0, OneLogin recently discovered that they in fact represent the biggest security risk to a business. Nevertheless, much less has been said about the personal pressure which these changes in business and working culture have exerted on individuals.

The European Medical Agency (EMA) has warned that information on COVID-19-related medicines and vaccines, which was stolen in a cyber attack last December and leaked online earlier this week, includes correspondence that’s been manipulated prior to publication “in a way which could undermine trust in vaccines”.

A ransomware attack launched against gaming company Capcom last November keeps getting worse, threatpost reported this week. The company now says that the personal data of up to 400,000 of its customers was compromised in the attack — 40,000 more than the company originally thought. Capcom is a Japan-based publisher of blockbuster games like Resident Evil, Street Fighter and Dark Stalkers.  The breach was first detected on Nov. 2.. On Nov. 19, Capcom said its personal as well as corporate data was compromised. This is the third update from Capcom on the incident.

You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change. The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that user data was not accessed. Ubiquiti has mentioned that the database that may have been accessed contains a user’s name, email address, hashed password, and optionally the mailing address and phone number.

Next week we will publish our third annual “Defending Against Critical Threats” report; a roundup of some the most impactful cyber attacks from the past 12 months.

Malicious actors have hacked a number of Twitter accounts, including verified accounts, in an Elon Musk giveaway scam. Security researches MalwareHunterTeam have seen an increase in the number of verified Twitter accounts being hacked by a scam which claims that Elon Musk is giving away cryptocurrency. Accounts are compromised by replying to the giveaway tweet. The tweet contains links to a Medium article promoting the giveaway, with the article containing further links to the scams landing page.