Security News > 2020 > August

DEF CON FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic. Customers of satellite broadband ISPs include large enterprises, shipping companies, and communications providers using orbiting birds to relay traffic.

Software has ZERO such known quantities that can be used to create complex systems. Yes, the problem is that software is artisanal no, mathematics cannot be usefully applied to hand-crafted software after the fact.

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place. According to Abnormal Security, cybercriminals are zeroing in on email clients that don't support modern authentication, such as mobile email clients; and legacy email protocols, including IMAP, SMTP, MAPI and POP. Thus, even if MFA is enabled on the corporate email account, an employee checking email via mobile won't be subject to that protection.

Fully opening the door to allow people to contribute to - and notably, tinker with - the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt. Since an appropriate buyer didn't turn up, the next plan is to open up the service's code base.

A team of Chinese researchers has described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car. The researchers conducted their analysis on a real Mercedes-Benz E-Class and demonstrated how a hacker could have remotely unlocked the car's doors and started its engine.

The United States has fired a new salvo in its rivalry with China, ordering sweeping restrictions against Chinese-owned social media stars TikTok and WeChat. It belongs to Chinese tech firm ByteDance and targets the international market while Douyin, a domestic version of the platform, caters exclusively to Chinese users.

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks. Out of the box, NGINX sets a limit of 1MB for file uploads.

Transport layer security and DNS, two of the foundational protocols of the internet, have recently undergone radical changes to protect browser user privacy. At the same time, they will reduce security on-premises in the short term, and security professionals must put tools in place in the next couple of years, a new report from Forrester Research states.

More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year. The announcement of the "First 20gb release in a series of large Intel leaks" was made by user and IT consultant Tillie 1312 Kottmann #BLM on Twitter, who called the information "Intel exconfidential Lake Platform Release."

President Donald Trump on Thursday ordered a sweeping but unspecified ban on dealings with the Chinese owners of consumer apps TikTok and WeChat, although it remains unclear if he has the legal authority to actually ban the apps from the U.S. The twin executive orders - one for each app - take effect in 45 days. The administration has provided no specific evidence that TikTok has made U.S. users' data available to the Chinese government.