A First Look at Apple's iOS 15 "Private Relay" feature., (Tue, Sep 21st)Tue, 21 Sep 2021 15:51:03 GMT One of the notable additions to iOS 15, which was officially released yesterday, is its "Private Relay" feature [1]. Unlike a "simple" VPN, the private relay does appear to be more of a proxy service for HTTP, and it uses two hops with distinct entities to not allow one entity to become the new single-point-of-privacy-failure.
Malicious Calendar Subscriptions Are Back?, (Fri, Sep 17th)Fri, 17 Sep 2021 09:09:15 GMT Did this threat really disappear? This isn't a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions. Being a dad, you can imagine that I always performed security awareness with my daughters. Since they use computers and the Internet, my message was always the same: “Don't be afraid to ask me, there are no stupid questions or shame if you think you did something wrongâ€.
Epik Confirms Hack, Gigabytes of Data on OfferTue, 21 Sep 2021 19:22:19 +0000 "Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.
Payment API Bungling Exposes Millions of Users’ Payment DataMon, 20 Sep 2021 19:02:57 +0000 Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
Bring Your APIs Out of the Shadows to Protect Your BusinessMon, 20 Sep 2021 13:00:24 +0000 APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.
Porn Problem: Adult Ads Persist on US Gov’t, Military SitesFri, 17 Sep 2021 17:16:42 +0000 Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
# Reddit netsec
# Krebs On Security
Does Your Organization Have a Security.txt File?Mon, 20 Sep 2021 21:57:27 +0000 It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground.In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.
Trial Ends in Guilty Verdict for DDoS-for-Hire BossFri, 17 Sep 2021 01:22:31 +0000 A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Customer Care Giant TTEC Hit By RansomwareWed, 15 Sep 2021 21:31:08 +0000 TTEC, [NASDAQ: TTEC], a company used by some of the world's largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.