How-To Geek: Proton Mail and Calendar Just Gained 38 New Improvements. “Members of the ‘Proton community’ should pat themselves on the back. Proton (perhaps still best known for its VPN) has updated its Mail and Calendar services with 38 new improvements, all of which were sourced from user requests and complaints.”
Bleeping Computer: Google Chrome emergency update fixes 6th zero-day exploited in 2023. “Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw (tracked as CVE-2023-6345) in a new security advisory published today.”
Gothamist: 4M NYers’ data and medical records were exposed in a breach. Here’s how to protect against ID theft.. “At least 4 million New Yorkers’ private information could be at risk of identity theft after a data breach at a medical transcription company that works with hospitals in New York, state Attorney General Letitia James said Tuesday. The company, Nevada-based Perry Johnson & Associates, works with Northwell Health, which has hospitals and clinics across the five boroughs and Long Island, as well as Crouse Health in Syracuse. About 9 million patients nationwide are affected by the breach, according to the attorney general’s office.”
Rolling Stone: We Spied on Trump’s ‘Southern White House’ From Our Couches. “We didn’t have to risk life and limb, posing as the help and smuggling information out through a well-funded spy ring. All we had to do was sign up for an online service, enter the address of Mar-a-Lago, and click a button. Within a few minutes, we had a report profiling thousands of visitors to Trump’s club over the course of an entire year, including details like where they likely live and work, their ages, incomes, ethnicities, education levels, where they were immediately before visiting, and where they spent their time on the property once they got there.”
Georgia Tech: Largest Study of its Kind Shows Outdated Password Practices are Widespread. “Three out of four of the world’s most popular websites are failing to meet minimum requirement standards and allowing tens of millions of users to create weak passwords. The findings are part of a new Georgia Tech cybersecurity study that examines the current state of password policies across the internet.”
The Register: Microsoft’s bug bounty turns 10. Are these kinds of rewards making code more secure?. “Microsoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond.”
Mashable: ‘Gay furry hackers’ breach nuclear lab, demand it create catgirls . “Idaho National Laboratory (INL), one of the largest nuclear labs in the US, confirmed this week that it has been hacked. The group behind the data breach was self-described ‘gay furry hackers’ Sieged Security aka SiegedSec, who have demanded the INL put its efforts and resources into creating real-life catgirls. They probably aren’t being serious, but they did hack into a huge nuclear lab, so who knows.” Posterity, are you starting to appreciate the weirdness?
Ars Technica: Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet. “Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday.”
RTE: New tool launched to prevent online shopping scams. “‘CheckMyLink’ is a security tool built by Munster Technological University Cyber Skills in collaboration with Scam Adviser and An Garda Síochána. It checks that the website someone is about to buy from is genuine and free from malware.” I tried it briefly. Basically it runs a bunch of checks against a domain name. Sometimes it’s confusing — the legitimate Amazon domain name has really bad TrustPilot ratings — but overall it provides a lot of useful information.
WIRED: Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records. “A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program’s legality.”
New York Times: The Invisible War in Ukraine Being Fought Over Radio Waves. “Using electromagnetic waves to flummox and follow smarter weapons has become a critical part of the cat-and-mouse game between Ukraine and Russia. The United States, China and others have taken note.”
Techdirt: Unsealed FTC Complaint Shows Data Broker Kochava Hoovered Up Oceans Of Sensitive Data On Millions Of Americans. “According to the amended complaint, the scope of the data Kochava was casually collecting and monetizing is massive. It includes detailed movement data of consumers down to the meter, as they visited sensitive locations like hospitals, temporary shelters, abortion clinics and places of worship. Kochava then made it easy for advertisers to target consumers based on sensitive metrics.”
Denver 7: New research shows your car is spying on your every move, including your sex life. ” If you thought your cell phone, Alexa or Google device were the worst about spying on you — think again. It turns out your car is one of the worst offenders when it comes to protecting your privacy. Mozilla, the company that built the Firefox internet browser and is now a leading watchdog for consumer privacy data, found cars are the worst product category they have ever reviewed for privacy.”
Bleeping Computer: Google ads push malicious CPU-Z app from fake Windows news site. “A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware. The new campaign was spotted by Malwarebytes analysts who, based on the backing infrastructure, assess that it is part of the same operation that used Notepad++ malvertising to deliver malicious payloads.”
ABC News (Australia): Major Australian port operator shuts down amid cyber security incident, impacting goods in and out of the country. “Australia’s second largest port operator has shut down because of a cyber security incident, impacting the movement of goods in and out of the country. DP World Australia, which operates ports in Melbourne, Sydney, Brisbane and Fremantle, is responsible for 40 per cent of maritime freight said it began responding to a cybersecurity incident on Friday.”