September 18, 2020
From the sea. So series it cyber-security headlines. It's Friday September eighteen twenty twenty. Oracle's bid calls for access to TIKTOK source code. The news comes to sources speaking to Bloomberg and would see oracle getting access to any updates to the source code as part of being named Tik Tok trusted technology partner in the US. This is meant to ensure there are no back doors that would allow bite dance to gather data on users in the US since this would not involve a transfer of anybody dance algorithms to Oracle. It would seemingly not run afoul of recently updated Chinese technology export restrictions. A patient dies in the wake of ransomware attack. The attack impacted Duesseldorf University Hospital in Germany on September tenth resulting in planned in outpatient treatments as well as emergency care not being possible at the facility a patient with a life threatening condition was redirected to another hospital receiving care in our later. But ultimately, passing away the ransomware note on the hospital servers indicated the attack was actually meant for Heinrich University after police contacted the threat actors to advise that a hospital was impacted the provided the decryption key German prosecutors are investigating this attack as a negligent manslaughter. Back doors and bugs discovered in high silicones video encoders the back doors were discovered by sales for security engineer, Alexi coercion of impacting the software running on a lennox stack provided by high silicon for its IPTV HD two, six, four, h dot two, six, five video encoders powered by the high thirty five twenty chipset flaws found could all be exploited over a network including an administrative interface with backdoor password root access via? telnet and on authenticated file uploads in a statement high silicon corporate parent Weiwei so that the vulnerabilities are in the application layer provided by equipment vendors not introduced by the chips or High Silicon T. K. Koji tested encoders by you Ray Tek J. Tech digital video instruments, and found them all to be vulnerable to some or all of the exploits and suspects that other products based on the chips that are as well. Dunkin donuts reaches a settlement over failure to disclose data breaches. These bridges date back as far as two thousand fifteen when over nineteen thousand customer accounts were compromised in a credential stuffing attack. This provided the attackers with access to user names, emails, account passwords, pins, and account balances with information eventually sold the third parties. Dunkin didn't disclose the bridge until two thousand eighteen and failed to reset passwords have impacted users. Freeze funds and its loyalty program or put in place any security changes to prevent another attack a similar credentials stuffing attack hit Dunkin and twenty nineteen spring a lawsuit from the state of New York in the settlement Dunkin agreed to pay six hundred, fifty, thousand dollars in damages, and in here disclosure and security policies ducking claims that prior to the settlement, it had already made such changes to it security policies. And now a word from our sponsor detect systems forget projects, get answers, start preventing insider threats, stopping data loss, and monitoring remote employees in minutes days. And do it all without invading your privacy. Detect systems helps enterprise wants safer and smarter with the first of its kind human centric approach to enterprise operational intelligence learn more start a free thirty day trial at detect systems, dot com. That's. E X SYSTEMS DOT COM. Mozilla shutting down Firefox send and Fire Fox notes Firefox. Send popular. Free File. Sharing Service was already taken off line after Zd net reported it was being used by malware groups. At the time the move is said to be temporary move to permanently shutter send appears to be related to recent layoffs at Mozilla with the team tasked with reengineering the service. No longer with the company notes away to sink encrypted notes across browsers will be shut down in October with its support supporting also part of the layoffs. Two Iranian nationals indicted for hacking into American networks, federal prosecutors have accused two men from Hamadan. Of the attacks which seemed to be motivated by both financial gain, and at the request of the Iranian government, the Justice Department claims information stolen in the attacks relates to national security, nuclear information, personal financial information, and intellectual property. Tax Day far as two thousand, thirteen impacting higher education, human rights, activists, telecommunication businesses, and defense contractors. Wilbur Ross provides details about the forthcoming. We chat ban an executive order prohibiting transactions with we chat in the US is set to go into effect on Sunday Secretary of Commerce Wilbur. Ross was given until Sunday to determine how transactions are actually defined in a court filing secretary Ross that the US does not intend to take actions that target persons or groups whose only connection with we chat is there use or downloading of the APP to convey personal or business information between users or otherwise defined the relevant transactions in such a way that would impose criminal or civil liability on such users. However, users may find that the APP is directly or indirectly impaired because of other actions. Google band stock aware APPs in the play store the benefits any APPS designed to track device that can be installed and run without a user's knowledge while Google has removed soccer br APPs went pointed out by security researchers an update to its developer program policy states that track users and send their data to another device must include an adequate notice or consent Ancho a persistent notification of the tracking the new rules go into effect October I. If you're listening to this podcast early enough, there may still be time to join us for our lives see. So series video chat. This week's discussion is hacking biometrics and our of critical thinking about using ourselves as a means to enhance the identity journey into security posture it all starts at ten. Am Pacific One PM Eastern to register just head on over to see. So series dot com and click the register for video chats button I'm rich draw Felino reporting for the series. cybersecurity headlines are available every weekday head to see. So series dot com for the full stories behind the headlines.