Spotify celebrity pages defaced to plug Trump, Taylor Swift
A hacker has vandalized Spotify’s list of the year’s most popular songs. The hacker, who goes by the name “Daniel,” defaced the Spotify pages of some of the world’s most popular singers, including Lana Del Rey. “Daniel” replaced the celebrities’ photos with one that’s allegedly of himself, included a plug for Donald Trump, and gave a “shout out to my queen Taylor Swift.”
(BBC)
Clop ransomware gang rips off 2M credit cards from retailer E-Land
Last month, South Korean retailer E-Land shut down 23 stores after it got hit by a Clop ransomware attack. E-Land Retail claimed that sensitive customer data was safe and sound and encrypted on another server. However, Clop operators are telling a different story: they told Bleeping Computer that they breached E-Land over a year ago and have been bleeding it of payment cards using point-of-sale (POS) malware.
8% of all Google Play apps vulnerable to old security bug
A scan performed by security firm Check Point has revealed that about 8% of Android apps on Google Play Store are vulnerable to a security flaw in a popular Java library, in spite of Google having patched the bug way back in March. The vulnerable apps include some widely used ones, such as Microsoft’s Edge browser, Grindr, OKCupid, and Cisco Teams.
(ZDNet)
Nearly 1 in 5 bugs in open-software code are maliciously planted
The world’s largest platform for open-source software, Microsoft-owned GitHub, has found that 17% of all software vulnerabilities were intentionally planted in code by threat actors. While the backdoors and “bugdoors” grab headlines, the majority of vulnerabilities are plain old errors, according to GitHub’s 2020 Octoverse report.
(ZDNet)
Thanks to our episode sponsor, AuthSafe
Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization’s systems from being hampered. Learn more at Authsafe.ai
Data of 243M Brazilians exposed due to password in source code
Personal data belonging to 243 million Brazilians, both alive and dead, were doxxed after developers left the password for a government database inside the source code of an official Brazilian Ministry of Health’s website for at least six months. Such source code is easily viewed in a browser window. The security SNAFU was discovered by Brazilian reporters who also found data for 16M Brazilian COVID-19 patients.
(ZDNet)
Dropbox used by Russian hackers to stash malware-siphoned data
Turla, a Russian hacking group that conducts cyber-espionage campaigns against high-profile government targets, has used a novel malware toolset to install backdoors and steal sensitive documents, according to the Slovakian security firm ESET. The malware framework, called Crutch by its authors, can bypass some security layers by abusing legitimate infrastructure—including Dropbox—in order to blend into normal network traffic, says ESET researchers.
Facebook will focus algorithms on policing anti-Black hate speech
Facebook is overhauling its algorithms to better detect hate speech. According to internal documents, its former, supposedly “race-blind” practices have mostly resulted in removal of slurs against Whites, men and Americans, and have resulted in the flagging and deletion of innocuous posts by people of color. The so-called WoW Project will entail tweaking automated moderation systems to improve detection of the “worst of the worst,” including slurs directed at Blacks, Muslims and Jews.
How to get marketing to stop feeding the phishers on social media
Marketing wants to publish as much company information as possible, while the security team would rather not feed the spearphishers. You can, actually, get techies and marketing to work together to ensure that, for example, nobody’s publishing photos of passwords on whiteboards. For example, get Twitter to send new login alerts to security instead of to marketing — just one of four tips CSO Online recently gleaned from security firms.