From Security Weekly Wiki
Revision as of 20:47, 6 August 2020 by Lee Neely (talk | contribs) (→‎Articles)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


  1. Iranian Hacker Group Becomes First Known APT to Weaponize DNS-over-HTTPS (DoH) "Oilrig" (APT34) group is the first to leverage DNS-over-HTTPS (DoH) to silently exfiltrate sensitive data from targeted networks. Using a new utility dubbed "DNSExfiltrator" and began using it as part of its intrusions into hacked networks.
  2. NSA Warns that Mobile Device Location Services Constantly Compromise Spies and Soldiers NSA has issued a new guide titled "Limiting Location Data Exposure" that provides advice for properly securing fitness trackers, smartphones, and tables that "store and share device geolocation data by design" and create a security risk for those working in defense and national security.
  3. Flaw in Popular NodeJS 'express-fileupload' Module Allows DoS Attacks and Code Injection
  4. Vermont Taxpayers Warned of Data Leak Over the Past Three Years Vermont Department of Taxes is warning taxpayers who filed property tax returns via its online filing site between Feb. 1, 2017, and July 2, 2020, that their personal information may have been leaked due to vulnerability in the system.
  5. EU Sanctions China, Russia, and North Korea for Past Hacks EU imposed first-of-their kind economic sanctions consisting of a travel ban and an asset freeze against China, North Korea, and Russia for conducting past cyber attacks that targeted EU business and citizens. Also a prohibition on EU citizens doing business with the three businesses and six individuals on the sanction list.
  6. Smart locks can be opened with nothing more than a MAC address In the case of the U-Tec $139.99 UltraLoq, marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Tripwire researchers have disclosed a misconfiguration error and other security issues that leaked data and allowed attackers to steal unlock tokens with nothing more than a MAC address.