Original title: FreeBuf Morning Post | Serious security vulnerabilities in WordPress plug-ins affect 320000 websites; Hackers sold 49 million user records of American data broker LimeLeads; Australian bank P&N Bank data leakage
[Global developments] 1. Data leakage and user balance exposure of Australia Bank P&N Bank
P&N Bank encountered a network attack during the server upgrade. Now they are notifying customers of a data disclosure event, including the user's personal identity information (PII) and sensitive account information. [Foreign magazine - read the original text]
2. Hackers sold 49 million user records of American data broker LimeLeads
The 49 million user records of LimeLeads were sold on a hacker forum. These data have been published on the Elastic search server, including the full name, job title, user email, employer/company name, company address, phone number, website URL, total revenue of the company and the estimated number of employees of the company. [Foreign magazine - read the original text]
3. Foreign media comment on Russia's attack on Burisma: the evidence is not completely reliable
The New York Times and network security company Area1 reported a new round of hacker attacks launched by Russian intelligence agencies against the Ukrainian natural gas company Burisma. Although the report paints a frightening picture, the evidence is not as conclusive as it seems. Although there is strong evidence that Burisma has successfully become the target of phishing activities, it is difficult to determine who is behind this activity. There are indeed indications that Russia's GRU intelligence agency may be involved, but the evidence is mostly indirect. [Read the original text]
4. Trump accused Apple of helping you so much that even a suspect's mobile phone wouldn't unlock it
Yesterday, US President Trump sent an article on Twitter to bombard Apple. Trump said that the US government helped Apple on trade and many other issues, but Apple refused to unlock the killer's mobile phone. [Read the original text]
5. Chuan Cook is setting up a senior advisory team to be responsible for the legal issues of decryption equipment with the US government
It is reported that Apple CEO Tim Cook is setting up an expert group to defend the company's encryption policy in view of the imminent legal confrontation with the US Department of Justice (DOJ). The New York Times quoted people familiar with the matter as saying that Cook has privately formed a senior advisory team, which will be responsible for considering Apple's legal options to publicly ease concerns about its unwillingness to crack the iPhone's built-in encryption technology. [Read the original text]
6. The US senator proposed a subsidy plan of more than 1 billion dollars to strengthen 5G construction to suppress Huawei
A bipartisan group of U.S. senators on Tuesday proposed legislation to help fund U.S. companies to develop safer 5G equipment. The bill will use the US wireless auction to fund a subsidy plan, which will be used to strengthen the research and development of 5G equipment. [Read the original text]
[Security Event] 1. Serious security vulnerabilities in WordPress plug-ins affect 320000 websites
Two WordPress plug-ins, InfiniteWP and WP Time Capsule, have serious security vulnerabilities, which are expected to affect 320000 websites. The firewall will not work and needs to be updated immediately. [Foreign magazine - read the original text]
2. "Microsoft Super Vulnerability"? Official Reply on CVE-2020-0601
In the January patch update list regularly released by Microsoft, a vulnerability has attracted great attention: a verification bypass vulnerability in CryptoAPI.dll elliptic curve cryptography (ECC) certificate CVE-2020-0601. Interestingly, after Microsoft's announcement, the US National Security Agency (NSA) also issued an early warning notice about CVE-2020-0601 vulnerability. According to the notice, NSA was the first to independently discover this vulnerability and report it to Microsoft (Microsoft thanked NSA in the report). [Read the original text]
3. Google hopes to gradually stop supporting third-party cookies for Chrome within two years
Google (GOOG) on Tuesday sounded the death knell for the most intrusive Internet tracker, saying that its Chrome browser would phase out cross site cookies that have supported digital advertising for 25 years. Following the recent ban of Apple, Microsoft and Mozilla, Google said that it would also disable so-called third-party cookies. These online trackers track Internet users across websites, sometimes tracking their browsing for several months in a row. [Read the original text]
4. Researchers have found 17 Google Play applications that use power consumption ads to bombard users
Researchers said that developers used various tricks to plant more than a dozen applications in Google Play and bombard users with advertisements. In order to hide, these applications will wait for 48 hours first, display ads 4 hours later, display ads at random intervals, and divide their code into multiple files. It is reported that Bitextender has found 17 such applications, with a total of 550000 installed. [Foreign magazine - read the original text]
5. The use of data of financial institutions whose apps were called by several banks needs to be standardized
Recently, the National Computer Virus Emergency Response Center found through Internet monitoring in the "Net 2020" special action that the apps of Minsheng Bank, Industrial Bank and other banks were listed in the harmful list because they "did not explicitly apply for all privacy rights to users, suspected of privacy non-compliance". [Read the original text]
6. Data shows that 1.08 billion fraud calls were intercepted nationwide in 2019
A few days ago, the Ministry of Industry and Information Technology announced the prevention and treatment of telecom network fraud in 2019. The data shows that in 2019, 10 800 million times, and 88. 8% of fraud numbers in key areas were closed 80000. The Ministry of Industry and Information Technology said that anti fraud should adhere to "technology based network", "number based network", "strict network management" and "collaborative network", clarify "two task lists" and focus on six tasks. [Read the original text]
[High quality article] 1. Preliminary analysis of Iranian hacker organizations
At present, many news websites are focusing on Iran's network security capabilities. Some institutions and security experts believe that the Iranian government may infiltrate network security and warn to improve the level of network security defense. This article mainly shares a study on some major threat organizations in Iran based on MITER ATT&CK and Malmedia. [Foreign magazine - read the original text]
2. The United States: the rising path of an information power
From the historical context of the development of American intelligence work, the transformation of war demand and foreign strategy has provided the basic impetus for the development of American intelligence work, and the innovation of the American intelligence community in the fields of information system, information technology, information theory and information culture has provided the basic guarantee for the development of intelligence work. [Read the original text]
3. Powershell practical thinking of penetration skills
I have heard that powershell is a powerful shell, like bash in Linux, and supports it NET, operating Windows services by command. It is now more widely used in penetration testing and other aspects. It can also avoid anti virus detection by executing commands without writing to disks. [Read the original text]
*The content of this article is collected from media and publications around the world. The producer is responsible for its integrity, but not for its authenticity and effectiveness.
*The content marked as [Foreign Journal] is mainly from media and publications in English speaking countries. Some content can only be read after registering a free account. Go back to Sohu to see more
Editor in charge:
