Net neutrality and broadband expansion possible under Biden presidency

Of the many changes expected to come about in a Biden presidency, tech industry watchers are expecting a return to net neutrality and broadband access, reinstating Obama-era rules that allowed the FCC to punish companies that try to block, throttle or force consumers to pay for broadband service. Mr. Biden has also laid out a plan to invest $20 billion in broadband infrastructure, not only to support the tech industry, but as an integral part of his pandemic response plan, supporting remote working, remote learning, distance medicine and access to other technologies.

(Protocol)

Trump lawsuit site to report rejected votes leaked voter data

The website, called DontTouchTheGreenButton.com was launched by the Trump campaign in relation to the recently filed Arizona “rejected votes” lawsuit. The data leaked included voters’ names, addresses, and a unique identifier, however, reports have surfaced of users alleging the website has SQL Injection flaws that make it possible to collect a voter’s SSN and date of birth. The website was in support of a lawsuit filed by Trump’s re-election campaign and the RNC alleging polling officials in Maricopa County had incorrectly rejected in-person votes on Election Day, by misusing a mechanical feature (a green button) on the voting machines.

(Bleeping Computer)

Facebook releases disinformation probation policy

In its latest move to slow the spread of disinformation and attempts to undermine the legitimacy of the U.S. election, Facebook has launched a policy in which any group, public or private, that has too many posts that violate its community standards will be forced into a 60-day probation period in which administrators and moderators will approve each submission manually, with no appeal or override options. Facebook will also shut groups down completely if its moderators repeatedly allow too many offending posts. The change is intended to make the volunteers who run groups more responsible for what happens inside them.

(Washington Post)

Apple patches three actively exploited zero‑day flaws in iOS

The bugs were discovered by Google’s internal Threat Analysis Group, which, as we reported last week, also discovered zero-day flaws in its own products including Chrome for Android. The Apple devices impacted by this outbreak include iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later. The patches have been released and updates are available through automatic and manual options.

(WeLiveSecurity)

Thanks to our sponsor, Blumira

CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira’s cloud SIEM that you can deploy in hours, not weeks or months. That’s Blumira.com.

20 million Bigbasket user records available on the dark web

India’s prominent online grocery store co-founded by the Alibaba Group says the breach, which includes names, email IDs, password hashes, phone numbers, addresses, dates of birth, location, and login IP addresses, occurred on October 14. Cyber intelligence firm Cyble states that the 15 gigabyte package is being offered for sale in a cybercrime marketplace for $40,000. Public disclosure of the breach was made November 7.

(Security Affairs)

Many websites will stop working on older Android versions in 2021

Let’s Encrypt, one of the world’s leading certificate authorities, used by approximately 30% of all web domains uses a root certificate that is included in all browsers and operating systems and has been cross-signed with that used in Windows, macOS, Android, and most other software platforms for years. This relationship expires on September 1st, 2021. This means that Many websites could encounter issues or fail to load if the proper certificates aren’t installed on older Android devices next year. Let’s Encrypt states that the only workaround for legacy Android devices is to install the Firefox browser.

(AndroidPolice)

Yahoo Mail discontinues automatic email forwarding for free users

Verizon, the company that owns Yahoo Mail, cites security concerns, especially spammers, for the closure, which will happen on January 1, 2021. Yahoo Mail users who still want to use automatic email forwarding will have to sign up for Yahoo Mail Pro, which costs $34.99 per year, or $3.49 a month. Hackers who breach email accounts often add their own email addresses as an automatic email forwarding rule to receive carbon copies of all messages a victim receives.

(ZDNet)

Windows 10, iOS, Chrome, and others fall at China’s top hacking contest

Many of today’s top software programs have been hacked using new and never-before-seen exploits at this year’s edition of the Tianfu Cup — China’s largest and most prestigious hacking competition. Fifteen teams of hackers participated. Contestants had three tries of five minutes each to hack into a selected target with an original exploit, winning prize money for each successful hack. Successful exploits were confirmed against iOS 14, Samsung Galaxy S20, Windows 10, Ubuntu, Chrome, Safari, Firefox, Adobe PDF Reader, and others.

(ZDNet)