Security Briefing 3-27-2018
Craigslist shut down its personalssection on Friday in response to the passage of H.R. 1865, the Fight Online Sex Trafficking Act (FOSTA) bill, in both houses of Congress on Wednesday. Both moves have likely been taken to avoid lawsuits in the wake of the government gutting the law that protects online sites and services from responsibility for content posted by users.
A ransomware attack — possibly a variant of SamSam— has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city’s police department, water services and airport are not affected.
Researchers have discovered a new side-channel attack methodthat can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks. The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
A US consumer protection agency said Monday it has opened an investigation into Facebook’s privacy practices, another blow to the social network, which is struggling to deal with a growing crisis on misuse of private data. If you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year.
In a big victory for international law enforcement, Spanish police have arrested the alleged leader of Carbanak, a cybercrime group believed responsible for stealing over $1.2 billion from more than 100 banks in 40 countries.
Netflix expanded its bug bounty program on Wednesday opening it up to any white hat hackerand at the same time increased the top reward to $15,000.
Since emerging from Intel as a standalone cybersecurity company in April 2017, McAfee has consistently made multiple new product announcements simultaneously. It has continued that model this week with a new version of the Enterprise Security Manager (ESM 11), and enhancements to Behavioral Analytics, Investigator, Advanced Threat Defense, and Active Response. And two new SOC’s!