Apple Postpones Launch of Controversial CSAM Photo Scanning Program
New details emerge about Juniper's 2015 breach, Neuberger reiterates warning of possible cyber incidents over Labor Day weekend, FBI warns of attacks on food and agriculture sector, much more
Following intense criticism from privacy advocates and cybersecurity experts, Apple said it would delay the rollout of features designed to combat the spread of Child Sexual Abuse Material on its products.
In a statement, Apple said that “Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features." (Joseph Cox / Motherboard)
A Bloomberg investigation uncovered new details about a 2015 breach of Juniper Networks, which the company said resulted from hackers implanting “unauthorized code” in one of its network security products called NetScreen that could decipher encrypted communications and provide high-level access to customers’ computer systems.
As it turns out, according to Bloomberg’s investigation, Juniper installed NSA code with a backdoor that allowed the NSA to spy on Net Screen users and at least some of Juniper’s engineers knew about the backdoor. In 2012, hackers from China’s APT 5 then altered the NSA’s algorithm to decipher encrypted content. The Chinese hackers then implanted a second back door in 2014.
After detecting the 2012 and 2014 breaches of its network, Juniper failed to understand the nature of the attacks and assumed they were not connected and were limited to the theft of corporate intellectual property. Juniper declined to answer specific questions from Bloomberg. (Jordan Robertson / Bloomberg)
U.S. District Judge Jeffrey White ruled that Apple must face nearly all of a proposed class-action lawsuit claiming that its voice-activated Siri assistant violates users' privacy.
The judge said that the plaintiffs could try to prove Siri routinely recorded their private conversations because of "accidental activations" and that Apple disclosed these conversations to third parties, such as advertisers. (Jonathan Stempel / Reuters)
The propensity for digital threat actors to strike on U.S. holiday weekends is driven by the likelihood that fewer defenders are at work to resolve incidents.
Deputy national security adviser Anne Neuberger reiterated at a White House press briefing the warnings by the FBI and CISA for organizations to be on guard this Labor Day weekend for further attacks. Neuberger also said that security teams should proactively hunt for initial signs of compromise or anything unusual across their networks. (Brian Barrett / Wired)
According to a trusted source in the security community called “Bill,” one cybercrime group compromises up to 100,000 email inboxes per day. With this access, it does little else except for siphoning gift cards and customer loyalty program data that can be resold online.
The group averages between five and ten million email authentication attempts daily and comes away with 50,000 to 100,000 working inbox credentials. In their email intrusions, the fraudsters don’t download all the emails. Instead, they search for only domains and other terms related to companies that maintain loyalty and points programs and/or issue gift cards and handle their fulfillment. (Brian Krebs / Krebs on Security)
After gun-selling site Guntrader confirmed a data breach affecting more than 100,000 customers, the names and home addresses of 111,000 British firearm owners were dumped online as a Google Earth-compatible CSV file.
The file points to individual homes as likely firearm storage locations and contains postcodes, phone numbers, email addresses, and IP addresses. The UK’s National Crime Agency is investigating. (Michiel Willems / City A.M.)
Related: Infosecurity Magazine
A new version in a series of penetration testing tools made by the security researcher known as MG is a malicious cable called the OMG Cable that can record everything a user types, including passwords, and wirelessly send that data to a hacker who could be more than a mile away.
Cybersecurity vendor Hak5 is selling the cables, which come in new variations, including Lightning to USB-C. The OMG Cable also contains geofencing features, where a user can trigger or block the device's payloads based on the physical location of the cable. (Joseph Cox / Motherboard)
The FBI warns that ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.
"Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs," the FBI said in a Private Industry Notification. (Sergiu Gatlan / Bleeping Computer)
New Zealand broadband company Vocus has confirmed that a malicious actor or actors hit it with a DDoS attack that took its internet down for an hour, affecting thousands of people across the country.
The company said its engineers were able to resolve the problem quickly, and customers should have come back online automatically," they said. (New Zealand Herald)
Researchers from the Singapore University of Technology and Design say that vulnerabilities collectively referred to as BrakTooth affect Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors.
The researchers discovered that more than 1,400 product listings are affected by BrakTooth. The list includes but is not limited to smartphones, infotainment systems, laptop and desktop systems, audio devices (speakers, headphones), home entertainment systems, keyboards. toys, and industrial equipment (e.g., programmable logic controllers - PLCs) (Ionut Ilascu / Bleeping Computer)