ATENTIONβΌ New - CVE-2013-7469
π Read
via "National Vulnerability Database".
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.π Read
via "National Vulnerability Database".
<b>⛓ Unsupervised Learning: No. 165 ⛓</b>
<code>Media</code><code>Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter.</code><code>The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think about as well.</code><code>Subscribe to the Newsletter or Podcast</code><code>🛡️ Security News
🔥 The OpenAI team created an algorithm that can write news stories so well that they are refusing to release it due to potential use to create fake news. I get what theyβre doing, but the odds of this not being co-developed by many other groups is close to zero over a span of months. Hereβs an example of a fake story it wrote about national security, and it did this on its second try with just a few words of seeding by a human. Link
People are concerned that Twitter may not be actually deleting DMs when you delete them. Someone pulled their data archive from Twitter and found their own deleted DMs. Itβs a good reminder that itβs a good policy to just consider anything you do online to be permanent. Link
Trend Micro and the Ponemon Institute created a Cyber Risk Index, which ranks from -10 to 10. Strangely, the lower the number the better, even though itβs called a Risk Index. And if you put that in a graph from left to right, the right side is better than the left side. I couldnβt even get into the way they built the numbers because Iβm forced to assume that process was as bad as the interface. The whole purpose of a system like this is to be used by others, so how could you possibly make such bad choices on the UI? Link
Someone found an open Chinese database online that was being used to track the location of millions of Uyghurs in the country. Between this, the re-education camp, the mass-surveillance and social credit system, the nation-wide censorship firewall, and their colonization of Africa, itβs obvious theyβre willing to do anything to win at this real-life game of Civiilization. Theβve become morally belligerent. Link
Drones will soon require visible license plates. Link
Switzerland is doing a bug bounty on their e-voting system. Link
The Pentagon is worried about China and Russia fielding ground-based lasers that can blind and otherwise disable U.S. satellites. Link
Advisories: Ubiquiti Device DDoS Potential, 75 Adobe Vulnerabilities, Android App Tracking, SAP HANA,
Leaks: 620 Million Records For Sale on Dark Web
⚙️ Technology News
If you refresh this website youβll get a human face, except theyβre not real humansβtheyβre AI generated. Importantly, itβs not a collection of pre-made images getting loaded. Theyβre all generated on the fly. Link
Chinese phones now make up a third of the European market, and Huawei has the top position. Link
One in six Americans wear a smartwatch. Link
👧🏼 Human News
Student debt thatβs 90 or more days delinquent is now at $166 billion dollarsβwhich is an all-time high. Link
Men who could do more than 40 push-ups had a 96% reduced risk of cardiovascular disease relative to men who could do less than 10, over a ten-year study. Link
Mars Rover Opportunityβs last words were, βMy battery is low and itβs getting dark.β It was a little robot that was only supposed to work for 90 days, but it soldiered on for 15 years. And after not being able to raise her after many attempts, they sent her Billie Hollidayβs Iβll Be Seeing You. Itβs strange how I get emotional about such things, but Iβll miss her. I hope to be able to watch when we revive her once on the planet. Link
NASA and ESA are planning a mission to deflect an astroid. Link
💡 Ideas, Trends, & Analysis
The Rise of the Corporate Technology Ecosystem β My new essay on how corporations will soon become our universal and subscription-basedβ¦
<code>Media</code><code>Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter.</code><code>The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think about as well.</code><code>Subscribe to the Newsletter or Podcast</code><code>🛡️ Security News
🔥 The OpenAI team created an algorithm that can write news stories so well that they are refusing to release it due to potential use to create fake news. I get what theyβre doing, but the odds of this not being co-developed by many other groups is close to zero over a span of months. Hereβs an example of a fake story it wrote about national security, and it did this on its second try with just a few words of seeding by a human. Link
People are concerned that Twitter may not be actually deleting DMs when you delete them. Someone pulled their data archive from Twitter and found their own deleted DMs. Itβs a good reminder that itβs a good policy to just consider anything you do online to be permanent. Link
Trend Micro and the Ponemon Institute created a Cyber Risk Index, which ranks from -10 to 10. Strangely, the lower the number the better, even though itβs called a Risk Index. And if you put that in a graph from left to right, the right side is better than the left side. I couldnβt even get into the way they built the numbers because Iβm forced to assume that process was as bad as the interface. The whole purpose of a system like this is to be used by others, so how could you possibly make such bad choices on the UI? Link
Someone found an open Chinese database online that was being used to track the location of millions of Uyghurs in the country. Between this, the re-education camp, the mass-surveillance and social credit system, the nation-wide censorship firewall, and their colonization of Africa, itβs obvious theyβre willing to do anything to win at this real-life game of Civiilization. Theβve become morally belligerent. Link
Drones will soon require visible license plates. Link
Switzerland is doing a bug bounty on their e-voting system. Link
The Pentagon is worried about China and Russia fielding ground-based lasers that can blind and otherwise disable U.S. satellites. Link
Advisories: Ubiquiti Device DDoS Potential, 75 Adobe Vulnerabilities, Android App Tracking, SAP HANA,
Leaks: 620 Million Records For Sale on Dark Web
⚙️ Technology News
If you refresh this website youβll get a human face, except theyβre not real humansβtheyβre AI generated. Importantly, itβs not a collection of pre-made images getting loaded. Theyβre all generated on the fly. Link
Chinese phones now make up a third of the European market, and Huawei has the top position. Link
One in six Americans wear a smartwatch. Link
👧🏼 Human News
Student debt thatβs 90 or more days delinquent is now at $166 billion dollarsβwhich is an all-time high. Link
Men who could do more than 40 push-ups had a 96% reduced risk of cardiovascular disease relative to men who could do less than 10, over a ten-year study. Link
Mars Rover Opportunityβs last words were, βMy battery is low and itβs getting dark.β It was a little robot that was only supposed to work for 90 days, but it soldiered on for 15 years. And after not being able to raise her after many attempts, they sent her Billie Hollidayβs Iβll Be Seeing You. Itβs strange how I get emotional about such things, but Iβll miss her. I hope to be able to watch when we revive her once on the planet. Link
NASA and ESA are planning a mission to deflect an astroid. Link
💡 Ideas, Trends, & Analysis
The Rise of the Corporate Technology Ecosystem β My new essay on how corporations will soon become our universal and subscription-basedβ¦
β Sorry, we didnβt mean to keep that secret microphone a secret, says Google β
π Read
via "Naked Security".
It's been off by default, Google says - not much consolation to those who don't cotton to the notion of a "secret" listening gadget.π Read
via "Naked Security".
Naked Security
Sorry, we didnβt mean to keep that secret microphone a secret, says Google
Itβs been off by default, Google says β not much consolation to those who donβt cotton to the notion of a βsecretβ listening gadget.
β Hacker Lauri Love denied bid to get computers back β
π Read
via "Naked Security".
Hacker Lauri Love has failed to get his computers back six years after UKβs National Crime Agency took them as part of a criminal investigation.π Read
via "Naked Security".
Naked Security
Hacker Lauri Love denied bid to get computers back
Hacker Lauri Love has failed to get his computers back six years after UKβs National Crime Agency took them as part of a criminal investigation.
π 5 workplace technologies that cause the most employee data breaches π
π Read
via "Security on TechRepublic".
Some 83% of US security professionals said employees have accidently exposed sensitive customer information, according to an Egress survey.π Read
via "Security on TechRepublic".
TechRepublic
5 workplace technologies that cause the most employee data breaches
Some 83% of US security professionals said employees have accidently exposed sensitive customer information, according to an Egress survey.
β 19-Year-Old WinRAR Flaw Plagues 500 Million Users β
π Read
via "Threatpost | The first stop for security news".
Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.π Read
via "Threatpost | The first stop for security news".
Threat Post
19-Year-Old WinRAR Flaw Plagues 500 Million Users
Users of the popular file compression tool are urged to immediately update after a serious code execution flaw was found in WinRAR.
β Password managers leaking data in memory, but you should still use one β
π Read
via "Naked Security".
Several popular password managers appear to do a weak job at scrubbing passwords from memory once they are no longer being used.π Read
via "Naked Security".
Naked Security
Password managers leaking data in memory, but you should still use one
Several popular password managers appear to do a weak job at scrubbing passwords from memory once they are no longer being used.
π΄ Security Analysts Are Only Human π΄
π Read
via "Dark Reading: ".
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.π Read
via "Dark Reading: ".
Darkreading
Security Analysts Are Only Human
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
β Highly Critical Drupal RCE Flaw Affects Millions of Websites β
π Read
via "Threatpost | The first stop for security news".
Admins should update immediately to fix a remote code-execution vulnerability.π Read
via "Threatpost | The first stop for security news".
Threat Post
Highly Critical Drupal RCE Flaw Affects Millions of Websites
Admins should update immediately to fix a remote code-execution vulnerability.
π How to regenerate certificates on VMware host servers π
π Read
via "Security on TechRepublic".
Regenerating certificates may securely resolve authentication traffic, which is not being properly encrypted.π Read
via "Security on TechRepublic".
TechRepublic
How to regenerate certificates on VMware host servers
Regenerating certificates may securely resolve authentication traffic, which is not being properly encrypted.
π How to set the AppArmor mode for a service in Ubuntu Server π
π Read
via "Security on TechRepublic".
If you work with a service outside of its standard behavior, you may need to change its AppArmor profile mode.π Read
via "Security on TechRepublic".
TechRepublic
How to set the AppArmor mode for a service in Ubuntu Server
If you work with a service outside of its standard behavior, you may need to change its AppArmor profile mode.
β Adobe Re-Patches Critical Acrobat Reader Flaw β
π Read
via "Threatpost | The first stop for security news".
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix.π Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Re-Patches Critical Acrobat Reader Flaw
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix.
π΄ Cyber Extortionists Can Earn $360,000 a Year π΄
π Read
via "Dark Reading: ".
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.π Read
via "Dark Reading: ".
Dark Reading
Cyber Extortionists Can Earn $360,000 a Year
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
π΄ New Free Tool Scans for Chrome Extension Safety π΄
π Read
via "Dark Reading: ".
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.π Read
via "Dark Reading: ".
Dark Reading
New Free Tool Scans for Chrome Extension Safety
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
β ThreatList: Porn-Focused Malware Triples, Dark Web Loves It β
π Read
via "Threatpost | The first stop for security news".
Premium-access credentials to porn sites are hot in the cyber-underground, as credential-harvesting malware proliferates.π Read
via "Threatpost | The first stop for security news".
Threat Post
ThreatList: Porn-Focused Malware Triples, Dark Web Loves It
Premium-access credentials to porn sites are hot in the cyber-underground, as credential-harvesting malware proliferates.
ATENTIONβΌ New - CVE-2013-5654 (yingzhipython)
π Read
via "National Vulnerability Database".
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storageπ Read
via "National Vulnerability Database".
π Cybersecurity Higher Education: The Top Cybersecurity Colleges and Degrees in 2019 π
π Read
via "Subscriber Blog RSS Feed ".
Top higher education institutions around the world are offering cybersecurity degrees and research programs for information security professionals looking to further their careers. The following are 82 of the top degree and research programs for cybersecurity studies.π Read
via "Subscriber Blog RSS Feed ".
π΄ Why Cybersecurity Burnout Is Real (and What to Do About It) π΄
π Read
via "Dark Reading: ".
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.π Read
via "Dark Reading: ".
Darkreading
Why Cybersecurity Burnout Is Real (and What to Do About It)
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
π΄ Human Negligence to Blame for the Majority of Insider Threats π΄
π Read
via "Dark Reading: ".
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web - a 20% jump from 2018.π Read
via "Dark Reading: ".
Dark Reading
Human Negligence to Blame for the Majority of Insider Threats
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web - a 20% jump from 2018.
π΄ Attack Campaign Experiments with Rapid Changes in Email Lure Content π΄
π Read
via "Dark Reading: ".
It's like polymorphic behavior - only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Researchers Propose New Approach to Address Online Password-Guessing Attacks π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Darkreading
Researchers Propose New Approach to Address Online Password-Guessing Attacks
Recommended best practices not effective against certain types of attacks, they say.