Table of Contents

  1. Crime
    1. German hospital computer systems infected
    2. New Orleans City Government Shuts Off Computers After Cyberattack
    3. Attackers Steal Credit Cards in Rooster Teeth Data Breach
    4. A small Wisconsin company stored thousands of people’s CDs, then vanished
  2. Privacy
    1. Problematic monetization in security products, Avira edition
    2. Attackers Terrify Homeowners After Hacking Ring Devices
    3. Offering software for snooping to governments is a booming business
    4. EFF Report Shows FBI Is Failing to Address First Amendment Harms Caused By National Security Letters
    5. Researchers Fooled Chinese Facial Recognition Terminals With Just a Mask
    6. German govt proposes law to force WhatsApp Gmail etc to hand over user passwords
    7. Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
  3. Digital rights
    1. India Shuts Down Internet Once Again, This Time In Assam and Meghalaya
  4. Apple
    1. Apple to Fix Bug That Bypasses Communication Controls for Kids
  5. Linux
    1. Cracking LUKS/dm-crypt passphrases
  6. Malware
    1. ChinaZ introduces new undetected malware
  7. Password reuse
    1. 49% of workers, when forced to update their password, reuse the same one with just a minor change
  8. Facebook
    1. Thief Stole Payroll Data for Thousands of Facebook Employees
  9. Windows
    1. Windows 10 mobile is dead

Crime

German hospital computer systems infected

Klinkum in Fürth has been impacted by a "cyber attack", and doesn't take new patients anymore.

New Orleans City Government Shuts Off Computers After Cyberattack

New Orleans city hall was struck by an attack, workers were
told to turn off and unplug their computers, and the city
websites are also down. They activated the emergency
operations center
and are working with law enforcement to
solve the issue. All emergency services (911 and 311 calls)
were not impacted. The mayor said this was a ransomware
attack
, but they have not received or found a ransom demand
yet.

Attackers Steal Credit Cards in Rooster Teeth Data Breach

The Rooster Teeth production company, suffered an attack that redirected shoppers to a fake payment form, which allowed attackers to steal names, email addresses, telephone number, physical address, and payment information.

A small Wisconsin company stored thousands of people’s CDs, then vanished

Customers have lost thousands of dollars after a Wisconsin company that digitized people's audio CDs, vinyl and cassettes has stopped operating. Even the CEO didn't know who was responsible.

Privacy

Problematic monetization in security products, Avira edition

Technical analysis of the Avira Browser Safety add-on reveals concerning practices, allowing the vendor to reconstruct the whole browsing history of its users and more.

Attackers Terrify Homeowners After Hacking Ring Devices

More Ring camera devices getting spied on, with attackers having creepy conversations with unsuspecting children. NulledCast streams live podcasts on random targets such as Ring and Nest trolling. Ring claims that no unauthorized access to its systems were made, and the attacks originate from credential stuffing, where username:password combinations were obtained by attackers from previous public breaches.

Offering software for snooping to governments is a booming business

Jamal Khashoggi, a Saudi journalist and critic of the kindgdom's government, was killed while visiting the consulate in Istanbul. After denying responsability, the Saudi government admitted that he was killed in a rogue operation. Two months later, another Saudi resident filled a lawsuit against NSO Group, claiming they have licensed Pegasus, a spyware used by the Saudi government to spy and execute Mr. Khashoggi. WhatsApp has also sued the firm, saying its software has been used to hack roughly 1400 users.

EFF Report Shows FBI Is Failing to Address First Amendment Harms Caused By National Security Letters

EFF released a report based on in-depth analysis of records obtained via a Freedom of Information Act request, criticizing FBI approach and claiming they violate the first amendment rights of the NSL recipients.

Researchers Fooled Chinese Facial Recognition Terminals With Just a Mask

An AI company, Kneron, ran a series of tests at facial recognition terminals in China, and found out that a 3D mask of the face is enough to fool the terminals and allow the purchase at AliPay and WeChat terminals at shops in China.

German govt proposes law to force WhatsApp Gmail etc to hand over user passwords

Now the German goverment is going bananas over the terrorists/pedophiles/nazis threat in order to force tech companies to turn over user data, including usernames, passwords (who stores them unencrypted anyways?), IP addresses and port number (wtf???). Should we all abandon multi-factor authentication now and store passwords in cleartext?

Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance

EFF released a detailed technical report analyzing third party trackers in the corporate world.

Digital rights

India Shuts Down Internet Once Again, This Time In Assam and Meghalaya

In response to protests, India has shut down internet in the states of Assam and Meghalaya, in what seems to be a new global trend for governments trying to silence its own citizens.

Apple

Apple to Fix Bug That Bypasses Communication Controls for Kids

Communication limts feature in Apple used for parental control could be bypassed when the contacts are not stored in iCloud, but on other services

Linux

Cracking LUKS/dm-crypt passphrases

Nice article about how to crack luks/dm-crypt passphrases using john/hashcat and custom scripts.

Malware

ChinaZ introduces new undetected malware

A new malware strain used to build a DDoS botnet was discovered and analyzed by Intezer.

Password reuse

49% of workers, when forced to update their password, reuse the same one with just a minor change

A survey of 200 people revealed that not only 72% of users reuse the same password in their personal life, but also 49% reused the same password with a minor change when forced to update their password. Also writing passwords in a text file or on a physical paper is still a thing people do.

Facebook

Thief Stole Payroll Data for Thousands of Facebook Employees

Personal banking information from tens of thousands of Facebook employees was compromised when a thief stole corporate hard drives from an employee's car. The unencrypted hard drives contained names, bank account numbers, last 4 digits of social security numbers, compensation information, bonuses and some equity details. In total about 29k US employees who worked at Facebook in 2018 were impacted.

Windows

Windows 10 mobile is dead

If it wasn't already known, the Windows 10 Mobile has been dead, now already oficial.