Cyber Security Headlines – October 22, 2020

DOJ official accuses China of protecting cybercriminals

John Demers, the assistant attorney general for national security, says that China has created a “safe haven” for cybercriminals as long as they’re also helping out the Chinese government. Demers also alleges that Chinese government-sponsored espionage leverages front companies to hide its tracks. China’s tactics are similar to those seen in Russia and Iran. (CyberScoop)

Once again, Oracle releases enormous security update 

For the second quarter in a row, Oracle patched more than 400 vulnerabilities across 29 product sets. Many of the vulnerabilities can be remotely exploited, and most of them are rated as critical, making it extremely important that organizations using Oracle technology apply the patches as soon as possible. (Dark Reading)

NSA warns of top vulnerabilities exploited by China 

A new report from the NSA warns organizations that it’s time to patch up, in order to slow China’s cybercriminal roll. The top 25 vulnerabilities to prevent Chinese state-sponsored hackers have patches, but organizations may not have yet applied them. (ZDNet)

Threatening emails to voters included suspicious ‘hacking’ video

Some Democratic voters in states including Alaska, Arizona, and Florida have received an email threatening them to change party affiliation and vote for Trump, “or else.” The emails, which also allege to have hacked voter databases, were spoofed to appear to have come from the violent, far-right group The Proud Boys. The group has denied any knowledge of the emails. (Vice)

Thanks to our episode sponsor, SecureLayer7

Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:  SecureLayer7.net

What does the GRU indictment really mean? 

Despite the horrible, real-world impact of Russian hacking since 2015, Monday’s indictments are more show than substance. And worse, they communicate American weakness. That’s Harvard law professor and Lawfare cofounder Jack Goldsmith’s take on the Justice Department charges against six officers in Russia’s military intelligence agency. The DOJ, he says, is admitting its inability to stop Russian hacking. (Lawfare)

The police can break into your phone (probably)

Law enforcement agencies can almost certainly access photos, videos, emails, and other data you’ve stored on your smartphone, says a new report. At least 2,000 law enforcement agencies in the United States have been empowered by hacking tools, legal disputes, and poor public understanding of how data is protected to search phones. (New York Times)

Is Trickbot going down?

The for-hire botnet that’s been causing havoc across the Internet since 2016 is dormant but far from dead, say experts following Microsoft’s effort to disrupt Trickbot’s servers. The challenge, they say, is an old one: As one network of servers goes down, Trickbot’s masters are able to quickly spin up a new one. (Ars Technica)

PayPal opens up to the other kind of crypto

PayPal will start letting its users keep Bitcoin and other cryptocurrencies in its online wallet, and use them for purchases at the more than 26 million merchants in its network. The feature is expected to roll out in the next few weeks, with some experts predicting that it will help normalize the use of cryptocurrency. (Reuters)