Security News > 2020 > September
We'll guide you through the process of using Homebrew package manager to install common security tools on macOS computers to assess and aid in hardening devices on your network. Typically, security admins would use a security suite that includes all the tools needed, such as Parrot or the popular Kali distribution, based on the Linux kernel.
With a ban of the app set to take place just before midnight on Sunday, a judge in the US District Court for Washington, D.C., earlier in the day found in favor of an injunction filed by TikTok owner ByteDance challenging an executive order from Donald Trump. Signed by Trump on Aug. 6, 2020, the order would have prohibited any US app store from distributing or maintaining the TikTok app, code, or updates.
More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. The Joker apps advertise themselves as legitimate apps.
Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.
Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.
The U.S. Cybersecurity and Infrastructure Security Agency has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the Microsoft Windows Netlogon Remote Protocol. The vulnerability allows an unauthenticated attacker connected to a domain controller using Netlogon to gain domain administrator access.
Singapore-based cryptocurrency exchange KuCoin over the weekend announced that hackers managed to steal large amounts of cryptocurrencies from multiple hot wallets. On Saturday, the exchange announced that it identified a number of large withdrawals in Bitcoin, ERC-20 and other tokens from its hot wallets, and that it launched an investigation into the matter, while suspending the deposit and withdrawal service.
A hacker has found a way to upload PDF files to the websites of several organizations, including the World Health Organization and UNESCO. The attack, first reported by Cyberwarzone.com, does not appear particularly sophisticated and its impact is likely low, but the same vulnerabilities could have been exploited by more advanced threat actors for more serious attacks. Georgia Tech and the WHO have apparently removed the files uploaded by the hacker, but the files are still present on the UNESCO and the Cuban government websites at the time of writing.
Abstract: Executive Order 12,333 is a 1980s Executive Order signed by President Ronald Reagan that, among other things, establishes an overarching policy framework for the Executive Branch's spying powers. Although electronic surveillance programs authorized by EO 12333 generally target foreign intelligence from foreign targets, its permissive targeting standards allow for the substantial collection of Americans' communications containing little to no foreign intelligence value.
Tyler Technologies, a major provider of software and services for state and local governments in the United States, has advised customers to reset remote network access passwords after a couple of customers reported suspicious logins. It's currently unclear if the suspicious logins are related to the recent ransomware incident, but as a precaution the company has advised clients who haven't already done so to reset the passwords that Tyler staff use to remotely access their network and applications.