Senator calls for US to reject Oracle’s TikTok deal

The Republican Senator for Missouri, Josh Hawley has publicly, called on the Treasury Department to reject Oracle’s proposed partnership with TikTok, saying the arrangement is unacceptable on national security grounds. The deal, announced on Sunday and praised by Treasury Secretary Steve Mnuchin should be rebuilt to “remove any traces of CCP influence,” said Hawley. The Oracle deal differs from the Trump administration’s demands but there has not been outright rejection of the deal in part out of fear of the app being shut down entirely.

(The Verge)

MFA bypass bugs opened Microsoft 365 to attack

Bugs in the multi-factor authentication system used by Microsoft 365 opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The vulnerable protocol, WS-Trust, potentially allows attackers to gain access to mail, files, contacts, as well as production and development environments such as Azure and Visual Studio. Security experts point out that increased reliance on MFA also means the feature has become more attractive for threat actors to exploit as a way into corporate networks.

(ThreatPost)

Ex-Facebook employee reveals extent of bot manipulation intended for political gain

A 6,600-word memo written by former Facebook data scientist Sophie Zhang and obtained by BuzzFeed News, presents examples of nations using or benefiting from fake accounts and coordinated campaigns intended to sway public opinion, and boost or hinder political candidates or outcomes. The countries include Azerbaijan, India, Ukraine, Spain, Brazil, Bolivia, Ecuador and Honduras. In the memo, Ms. Zhang suggests that Facebook ignored or was slow to act on evidence that fake accounts on its platform have been undermining elections and political affairs around the world.

(Buzzfeed News)

Red Ventures acquires CNET from Viacom

The deal will include the CNET tech site, as well as ZDNet, Gamespot, TVGuide, Metacritic and Chowhound. Viacom/CBS had been looking to offload CNET and the other assets for a number of months. CBS had originally acquired CNET alone in 2008 prior to merging with Viacom, and had paid $1.8 billion at the time. This quarter’s significantly discounted price, especially considering the other assets bundled in the sale, signifies the changing value of traditional media and publishing brands especially when going up against Google and Facebook.

(TechCrunch)

Thanks to this week’s sponsor, Dtex Systems

Dtex Systems
Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence.
Learn more and start a free 30-day trial at
dtexsystems.com.

Chinese database details 2.4 million influential people and how to press their buttons

Researchers at Fulbright University Vietnam have revealed a trove of data compiled by a Chinese intelligence company that includes details on 2.4 million high ranking individuals, including home addresses, childrens’ names, political and social affiliations, and facts that could be used to influence them. The researchers state that the file, named the “Overseas Key Information Database” contains information that could not have come from any public source of information and highlights the sophistication of Chinese surveillance.

(The Register)

Netlogon vulnerability: patch before hackers become your admin

A recent vulnerability on Netlogon patched in the Microsoft August Patch Tuesday was declared a nightmare, reaching a CVSSv3 score of 10.0. The vulnerability dubbed as ‘Zerologon,’ allowed attackers to hijack the Windows domain controller through local network access, not via the internet. Once in the target environment, hackers can change the administrator password on any Windows Domain Controller they can reach, which a researcher at Tenable described as “a game over situation for any organization.”

(CISOMag)

Data breach hits 46,000 US Veterans

The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments intended for medical treatment of veterans at community health care providers. The Veterans Affairs office indicates these unauthorized users accessed the application using social engineering techniques and exploiting authentication protocols. The FSC is alerting affected individuals or their next-of-kin, and is offering free access to credit monitoring services to those whose social security numbers may have been compromised.

(InfoSecurity Magazine)

Cryptocurrency heist reveals the risks in using hot wallets

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw hackers access its network and steal funds worth US $5.4 million, most of it in Ether, a cryptocurrency based on Etherium. The funds were stolen from hot wallets, which are permanently attached to an online platform that manages the security. Eterbase solicited the assistance of law enforcement and other crypto exchanges to freeze the stolen funds, but security experts remind investors to consider cold wallets that remain disconnected from the internet until a transaction takes place, as a more secure alternative.

(The Hacker News)