[ad_1]
Roundup Here is a summary of the latest information from InfoSec, beyond what we have already reported.
Black Hat USA can nominate a keynote speaker after the outcry
This year, Black Hat USA has removed Will Hurd (R-TX), representative of the House of Representatives of the United States, after the outcry over his politics and his electoral record.
Participants and presenters threatened to boycott the annual security conference because of Congressional support for anti-abortion laws, efforts to reduce Planned Parenthood's spending, and their reluctance to support women in STEM, first announced TechCrunch.
Given the impetus needed for more diversity and inclusion in the worlds of technology and information security, Hurd's invitation to speak at the # The event annoyed some members of the cyber-community. For what it's worth, he's considered one of the most tech-savvy conference creators in America.
After 24 hours or less of pressure, the organizers of Black Hat said in a statement to The register On Friday, Hurd will not be teaching security in Vegas this year, as planned:
Meanwhile, Hurd's office replied:
.@HurdOnTheHillThe office of the US President reacted to the cancellation of Black Hat's main invitation after criticizing his record on women's rights.
"Congressman Hurd has always sought to engage groups of people who do not necessarily agree with all of his votes or opinions." pic.twitter.com/zHjaBU59ZT
– Eric Geller (@ericgeller) June 14, 2019
And as it is the Internet and we are in 2019, we are also punctuated by the outcry, which generates a negative reaction against the negative reaction …
There is no longer a separation between technology and politics for many years. Consume non-technical news and commentary with technical material. In cybersecurity in particular, you need a broader awareness.
– Wesley McGrew (@McGrewSecurity) June 14, 2019
A speech by a legislator who does not believe that women should have basic human rights is not a great way to make women feel welcome in the news community. @BlackHatEvents https://t.co/0nFrY30KEF
– Eva (@evacide) June 13, 2019
Let's be clear: Congressman Hurd was coming to Black Hat to talk about cybersecurity as the best advocate for the topic before Congress. Part of the community has decided to engage in polarization and politics based on a very small sample of biased information. https://t.co/n7pnR1rZ4f
– Matt Devost (@MattDevost) June 14, 2019
What other points of view prevent someone from playing Black Hat? Better not to invite a legislator with more than one mandate to his credit. Should Black Hat now ask potential speakers to give their views on abortion, or is it acceptable if we do not know? https://t.co/1TmcFMOLQk
– granick (@granick) June 14, 2019
Hey, then, who is going for DEF CON, then?
The pirates of Radiohead beat a group to post their recordings
Fans of British rock band mopey Radiohead were thrilled this week by the group that unexpectedly put on-line a collection of studio recordings to buy and download – a sound that apparently had already been stolen by pirates computer who threatened to publicly disclose the files, except a ransom was paid. In response, the group released the records themselves via Bandcamp rather than paying the six-figure request.
This online version only happened when the bad guys already gave up on receiving the dosh and gave up the dark web collection. Researchers from the Israeli cybersec company, Sixgill, claimed to have spotted the recordings of Pastebin's post dating back two full days before the group decided to issue the songs officially, and they provided this catch. from screen to The register to prove it:
This does not mean that you should browse the dark web for files and ignore the official Radiohead channel to get the songs, though. In addition to being the right thing to do, every sale benefits a charitable organization against climate change, Extinction Rebellion.
Emuparadise loses more than a million user accounts, hacked
The Emuparadise vintage game site is the latest website to see details of its user account falling into the hands of hackers. A collection of over one million accounts would have been offered on criminal software forums and would have been added to the HaveIBeenPwned.com tracking service. The hackers targeted the emulation site's user forums and would have been typing in salt-and-hashed names, pbadwords, IP addresses and e-mail addresses.
This is not a major violation, but if you have an Emuparadise account, you must make sure that your pbadword is not reused on other sites.
Cisco Issues Fix for CSRF Bug
Cisco IOS XE equipment administrators will want to spend a few more minutes today looking for fixes after Switchzilla has issued a warning about an intersite query forgery bug.
The vulnerability is only found in the web interface of IOS XE, but if it was exploited, it could allow an attacker to perform arbitrary commands with the permission level of the Current user. Other versions of IOS and those for which the Web interface is not enabled must be secured.
Avoid incites the user scared
The Evite invitations service had to set up an alert after discovering that an attacker had escaped with a data backup file that had been archived since the beginning of the year 2013.
While the archives are six years old, the information they contain is rather sensitive. The hackers were able to obtain names, user names, e-mail addresses, pbadwords and, in some cases, the date of birth, the telephone number and the postal address of the hacker. ;user.
The company said the user notification process was underway, but anyone on the site in 2013 would be well advised to change their pbadword for security reasons.
Watchdog barks at MI5 for careless data management
The well-known UK spy agency MI5 was hot this week after Blighty's investigative powers commissioner discovered problems with data processing by malicious people.
The watchdog said the MI5 was not doing enough to secure the personal information it had collected and stored en mbade under the power of warrants. In addition to not properly securing this sensitive data, it is said that the MI5 has also kept the information longer than expected by law.
Exim corrects the server flaw
Last week, we warned against the revealed command execution flaw for the Exim mail server software. Although administrators were able to fix the bug a few weeks ago by updating the latest version, a patch was also released this week for previous releases.
Those who are using Exim versions 4.87 through 4.91 will want to check this ad and make sure they have solved the problem, because exploit exploits for the flaw have recently been seen being used in nature for compromise vulnerable systems.
Report the British champion of human rights as the owner of a spy house
Lana Peel, a British gallerist and human rights activist, has been accused of having links with a notorious spyware developer.
The Guardian says Peel, CEO of Serpentine Galleries, also owns a stake in the NSO group. The company is developing a well-known surveillance software, Pegasus, which is being sold to governments around the world to crawl into target devices for close monitoring. The NSO, majority owned by the investment group Novalpina Capital, says it does not impose its software on bad people, even if human rights activists are not so sure.
"The Peel family has an investment in Novalpina and I am not involved in the operations or decisions of Novalpina, which is led by my husband, Stephen Peel, and his partners," Lana Peel said in a statement.
In short…
Meanwhile, Citizen Labs and its friends from academia published a report [PDF] about stalkerware and its effects.
The antivirus AVG and Firefox have clashed this week, resulting in the disappearance of people's saved pbadwords due to the update of a certificate.
®
[ad_2]
Source link
