“Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date…” writes the Register. Long-time Slashdot reader nimbius shares their report:
The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website…
Tag: phishing
A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines
Long-time Slashdot reader Garabito writes: The Department of Homeland Security has revealed that an unnamed U.S. natural gas compression facility was forced to shut down operations for two days after becoming infected with ransomware. The plant was targeted with a phishing e-mail, that allowed the attacker to access its IT network and then pivot to its Operational Technology (OT) control network,…
Breach of MGM Hotels’ Cloud Server Exposed Data on 10.6 Million People
Personal information from more than 10.6 million people was published online this week, reports ZDNet — all from people who’d stayed at MGM Resorts hotels (which include the Bellagio, Mandalay Bay, and ARIA):
Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some…
Anatomy of a Rental Phishing Scam
Jeffrey Ladish writes: I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I…
iPhones Can Now Be Used To Generate 2FA Security Keys For Google Accounts
Most modern iPhones running iOS 13 can now be used as a built-in phone security key for Google apps. 9to5Google reports: A built-in phone security key differs from the Google Prompt, though both essentially share the same UI. The latter push-based approach is found in the Google Search app and Gmail, while today’s announcement is more akin to a physical USB-C/Lightning…
Microsoft Takes Down 50 Domains Operated by North Korean Hackers
Microsoft announced today that it successfully took down 50 web domains previously used by a North Korean government-backed hacking group. From a report: The OS maker said the 50 domains were used to launch cyberattacks by a group the company has been tracking as Thallium (also known as APT37). Microsoft said the Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence…
Mozilla To Force All Add-on Devs To Use 2FA To Prevent Supply-Chain Attacks
Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: “Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal],” said Caitlin Neiman, Add-ons Community Manager at Mozilla. “This is intended to help prevent malicious actors from taking control…
Chrome Now Warns You When Your Password Has Been Stolen
Google is rolling out Chrome 79, and it includes a number of password protection improvements. The Verge reports: The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach. Google has been warning about reused passwords in a separate browser extension or in its password checkup tool, but the company…