The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes:
Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense. The full report is here.
SANS has made freely available its “Work-from-Home Awareness Kit.”
When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems: read more…
Original release date: April 15, 2020
(Bob’s note: Let’s not forget that during the pandemic our old friends are still engaged with the US in ongoing, daily cyberwar operations.) The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Read more…
UN experts believe the DPRK cyber-steals and launders money, extorts companies and funnels the cash into its nuclear program.
The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.
Cybercriminals are threatening not only to hold sensitive data hostage but also to release it publicly unless the ransom is paid, says cyber threat intelligence provider Check Point Research. Read more…
Note from Bob: This breach means that email account hijacking is easily done, and emails arriving from valid WHO, CDC, and similar organization’s accounts may be spoofed or malicious. Suspect any emails from these groups. The World Health Organization is in the middle of responding to a global pandemic. It is COVID-19 chaos. Lives are at stake. Suddenly, out of nowhere, hackers publish more than 2,000 usernames and passwords for those who are part of the WHO, giving anyone with these credentials access to WHO servers and employee email inboxes. And then comes a plot twist you didn’t see coming: white supremacist and extremist groups are sharing the login credentials with glee, encouraging their members to use them to uncover “the truth” about the coronavirus. This plot is reality according to SITE Intelligence Group, an NGO that tracks online activity… Read more
A mobile phone forensics outfit looking into real-world attacks going back more than two years has uncovered two Apple Mail app bugs.
It’s like a cloud of personal information breathed out in a plume by a database that didn’t bother to wear a mask.