On the morning of December 30, the day after Barack Obama imposed sanctions on Russia for interfering in the 2016 US election, Tillmann Werner was sitting down to breakfast in Bonn, Germany. He spread some jam on a slice of rye bread, poured himself a cup of coffee, and settled in to check Twitter at his dining room table.
The news about the sanctions had broken overnight, so Werner, a researcher with the cybersecurity firm CrowdStrike, was still catching up on details. Following a link to an official statement, Werner saw that the White House had targeted a short parade’s worth of Russian names and institutions—two intelligence agencies, four senior intelligence officials, 35 diplomats, three tech companies, two hackers. Most of the details were a blur. Then Werner stopped scrolling. His eyes locked on one name buried among the targets: Evgeniy Mikhailovich Bogachev.
Weeks ahead of the national elections in France, Google and its sister company Jigsaw are helping news sites, NGOs, and other entities involved in the elections process protect themselves against digital threats.
The two companies have packaged a suite of "Protect Your Election" tools, which includes two-step verification and the Password Alert Chrome extension. It also includes access to Project Shield, a layer of defense against DDOS attacks.
"Free and fair elections depend on people having access to the information they need, and around the world the sources of that information are increasingly under attack," said Anne-Gabrielle Dauba-Pantanacce of Google France and Jigsaw's Jamie Albers in a blog post.
Tavis Ormandy, a prolific member of Google's Project Zero initiative, revealed that he discovered a new security issue in LastPass 4.1.42 (and maybe earlier).
Ormandy revealed that he discovered an exploit, but did not reveal it. Project Zero discoveries are reported to the companies who produce the affected products. The companies have 90 days to react, usually by creating a new product version that they make available publicly to all customers.
Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.
Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It's used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.
A researcher has flagged a bug in Google's Nest Cam and Dropcam Pro security cameras that allows an attacker within Bluetooth range to stop either device from recording.
Bluetooth range, of course, is exactly where a burglar would be when planning to ransack a home, and with attack code now publicly available, an intruder could knock Google's security cameras off a wireless network for 90 seconds.
That mightn't sound so severe, but since the camera is designed to only store recorded footage in the cloud, the loss of connectivity means the device loses its surveillance capabilities for this period.