Unrestrained Mass Spying Is Not a Good Thing, EU's Top Court Says

Sex toy security flaw can permanently trap penises, Chrome has a bunch of new security features, Chowbus suffers a strange security breach, Researchers garner $370,00-plus in Azure challenge

The European Union’s top court, the Court of Justice, ruled that unrestrained mass surveillance of phone and Internet data is unlawful. The ruling is the result of four cases brought by privacy rights advocacy groups in France, Belgium, and Britain. The court did leave room for allowing some mass surveillance where a “serious threat for national security” is involved. (Mathieu Rosemain / Reuters)

Related: Sputnik NewsRT NewsSecurityWeekNDTVThe New DailyDAILYSABAHNatasha Lomas – TechCrunch, MediaNama: Digital Media in IndiaThe Register, Telecompaper

Security Flaw in Sex Toy Could Have Permanently Locked Penises

A major security flaw in one popular sex toy could have been catastrophic for tens of thousands of users, researchers at Pen Test Partners report. The Qiui Cellmate internet-connected chastity lock could have allowed anyone to permanently lock in the user’s penis. The chamber lock works using a mobile app for which the API was left open and without a password. (Zack Whittaker / ZDNet)

Related: The SunBusiness Insider, Gizmodo AustraliaInputNewsweekPen Test PartnersTechCrunchThe Verge, Internet of Dongs, The SunBusiness InsiderInputDaily MailSlashdot

Google Introduces New Security Features in Chrome 86

Google is introducing a host of new features in Chrome 86, including improved password protection for Android and iOS. One interesting new feature: To speed the ability to change passwords after Chrome’s built-in password manager tells users they need to do so, Chrome will now save users’ time by taking them directly to well-known change password pages. (Andy Walker / Android Authority)

Related: AndroidHeadlines.comCyberArkxda-developersAndroid AuthorityPocketnowGoogle Online Security BlogTechWorm, Dark Reading: Mobile

Food Delivery Service Chowbus Suffered Strange Data Breach With Attackers Sending Emails to Customers

Chicago-based Asian food delivery service Chowbus said it experienced a data breach after users reported getting access to a massive database with email addresses, phone numbers, and mailing addresses of customers. Users began receiving emails early Monday morning labeled “Chowbus data” that directed them to download company databases containing contact information for restaurants and customers. The emails were seemingly sent from a company account containing links to addresses for about 4,300 restaurants, and names, email addresses, phone numbers, and mailing addresses for hundreds of thousands of customers. Chowbus said no customers’ credit card data had been accessed. (Katie Surma / Chicago Tribune)

Related: PYMNTS.comCyberscoop

Microsoft Awarded Over $370,000 to Researchers as Part of Azure Sphere Security Challange

Microsoft awarded $374,300 to the global research community as part of its Azure Sphere Security Research Challenge. During the challenge, 70 researchers from 21 countries surfaced 20 critical or important severity security vulnerabilities. (Sergiu Gatlan / Bleeping Computer)

Related: Bleeping Computer, PetriHealthITSecurityMicrosoft Security Response CenterTalos IntelMicrosoft Malware Protection CenterMcAfee BlogsTechNet BlogsCisco Blog

U.N. Maritime Organization Suffered Cyberattack Against IT Systems

The United Nations International Maritime Organization (UN IMO) disclosed a security breach it discovered last Thursday that it said was a “sophisticated cyberattack” against its IT systems. The incident impacted the IMO public website and other web-based services, all of which were restored by the next day. (Catalin Cimpanu / ZDNet)

Related: SecurityWeekCybertech,  DataBreaches.netHomeland Security Today

Other Infosec News

  • Many victims of ransomware aren't reporting attacks to police, making it harder to measure the level of crime, and to tackle the gangs involved, Europol's Internet Organised Crime Threat Assessment 2020 says. The report says that victims are reluctant to approach the police because they are concerned with maintaining business continuity and limiting reputational damage. (Danny Palmer / ZDNet)

    Related: ZDNet, Infosecurity Magazine

  • Sources tell The Register that Jersey-headquartered insurance company Ardonagh Group, the UK’s second-largest privately owned insurance broker, has suffered a potential ransomware infection, with the company forced to suspend 200 internal accounts with admin privileges. The company confirmed a cybersecurity incident but did not confirm it was ransomware. (Gareth Corfield / The Register)

  • New cryptojacking malware from TeamTNT called Black-T has been discovered by Palo Alto Network’s Unit 42. Although TeamTNT is known for targeting of Amazon Web Services (AWS) credentials, Black-T has added new capabilities including sophisticated network scanners, the targeting of competitor XMR mining tools on the network, and the use of password scrapers. (Becky Bracken / Threatpost)

    Related: Infosecurity Magazine

  • Hackers targeted approximately 20 Israeli cryptocurrency executives in early September demanding payments after hacking into their phones and stealing their identities. All of the victims were clients of Israeli telecom giant Partner and many of the executives had their Telegram, or GMail or Yahoo mail accounts breached. The attacks are likely to be state-sponsored. (Amitai Ziv / Haaretz)

    Related: DataBreaches.net

  • DHS’s Cybersecurity and Infrastructure Security Agency sent out an advisory saying that it had seen increased involving indicators of Emotet malware. The Trickbot banking trojan and the Ryuk ransomware are two of the more common follow-ons to Emotet infections. (Dan Goodin / Ars Technica)

    Related: Security Affairs

  • Ransomware attacks increased sharply over the past months compared to the first six months of 2020, researchers from Check Point and IBM Security X-Force Incident Response said. Ransomware attacks increased by 50% at a global level in the third quarter of 2020. Ryuk and Maze were the most prevalent threats. (Ionut Ilascu / Bleeping Computer)

    Related: Check Point

The Latest in Cybersecurity Mergers and Acquisitions

Baltimore, MD-based digital risk protection platform provider ZeroFox has acquired managed threat intelligence security provider Cyveillance from LookingGlass Cyber Solutions. The terms of the deal were not disclosed. LookingGlass purchased Cyveillance in December 2015 for $35 million and then relaunched the brand in May 2020. (MSSP Alert)

Related: FinSMEs

Shameless Plug: If you missed my latest column on the FBI’s new cybersecurity strategy in CSO Online, check it out here.

Photo by Guillaume Périgois on Unsplash