slh @slh@infosec.exchange

Google+ hit by second API bug impacting 52.5 million users | ZDNet

Google moves Google+ sunset date forward, from August 2019 to April 2019.

https://www.zdnet.com/article/google-hit-by-second-api-bug-impacting-52-5-million-users/

Le Japon va interdire l'accès des équipements télécoms des groupes chinois Huawei Technologies et ZTE à ses marchés publics. Cette initiative est destinée à se prémunir des cyberattaques et du vol d'informations. Selon le journal « Yomiuri », le premier à rapporter l'information, le gouvernement japonais pourrait prendre sa décision dès lundi.

http://m.rfi.fr/asie-pacifique/20181207-chinois-huawei-zte-prives-marches-publics-japon

La version alpha de Qwant Maps est en ligne. Vous pouvez tester le concurrent made in France de Google Maps.

https://www.presse-citron.net/vous-pouvez-maintenant-tester-le-concurrent-francais-de-google-maps-en-alpha/amp/

Microsoft is building a Chromium-powered web browser that will replace Edge on Windows 10

https://www.windowscentral.com/microsoft-building-chromium-powered-web-browser-windows-10

New Linux crypto-miner steals your root password and disables your antivirus

Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks.

https://www.zdnet.com/google-amp/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/

Amazon inadvertent disclosure of names and email addresses

Amazon inadvertent disclosure names and email addresses to other Amazon users was not a data breach according to the company

https://tamebay.com/2018/11/amazon-data-breach-reveals-names-email-addresses.html

Instagram Critical Bug Leaked User's Password Via its Data Download Tool

Instagram introduced Download Your Data option last April, to let the user's know what are the data collected. The feature included for GDPR compliance.

https://gbhackers.com/instagram-critical-bug-leaked/amp/

#IoT #botnet infects 100,000 routers to send Hotmail, Outlook, and Yahoo #spam

A new botnet made up of roughly 100,000 home routers has silently grown over the past two months. According to current evidence, the botnet's operators appear to use the infected routers to connect to webmail services and are most likely sending out massive email spam campaigns.

https://www.zdnet.com/google-amp/article/iot-botnet-infects-100000-routers-to-send-hotmail-outlook-and-yahoo-spam/

Eurostar hacked; customers asked to reset passwords

The company immediately notified the customers stating that it had identified multiple attempts to access eurostar.com accounts using users’ email addresses and passwords and instructed customers to immediately reset their login credentials and passwords.

https://www.cisomag.com/eurostar-hacked-customers-asked-to-reset-passwords/

#redhat #ibm

Google launches reCAPTCHA v3 that detects bad traffic without user interaction

reCAPTCHA v3 assigns incoming site visitors a risk score and lets webmasters takes custom actions based on this score.

https://www.zdnet.com/article/google-launches-recaptcha-v3-that-detects-bad-traffic-without-user-interaction/

IBM to acquire Red Hat for $34 billion | ZDNet

This deal is the biggest Linux and open-source acquisition ever.

https://www.zdnet.com/google-amp/article/ibm-acquires-red-hat/

HOW MUCH BIG TECH SPENDS LOBBYING IN THE EU

Estimate of the costs related to activities covered by the transparency register in 2017:

https://infogram.com/how-much-big-tech-spends-lobbying-the-eu-1h7v4pkgn9nj6k0

Un panorama de « profils métiers » dans le domaine de la sécurité du numérique, a été élaboré par un groupe de travail composé de représentants de l’enseignement supérieur, du monde industriel, notamment du Syntec Numérique et de l’Agence nationale de la sécurité des systèmes d’information (ANSSI).

https://www.ssi.gouv.fr/actualite/decouvrez-la-diversite-des-metiers-de-la-securite-numerique-avec-le-panorama-de-lanssi/

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html?m=1

How to Build a Portable #RaspberryPi Zero W Pocket Projector

https://blog.hackster.io/how-to-build-a-portable-raspberry-pi-zero-w-pocket-projector-b338f24c5628

https://infosec.exchange/media/8SFiQJIrUUCP4ZjaO_k

#DIY

No.1 Adware Removal Tool On #Apple #AppStore Caught Spying On #Mac Users.
A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China.

https://amp.thehackernews.com/thn/2018/09/mac-adware-removal-tool.html

https://infosec.exchange/media/786BXDZc6hr2PrJkZd0

#spyware

#ZeroPhone, an #opensource #Linux powered $50 #smartphone, is being launched on Crowd Supply. It's described as having, "no carrier locks, bloated apps, or data mining, and it doesn't depend on big companies." It's based on #RaspberryPi Zero and #Arduino.

https://www.crowdsupply.com/arsenijs/zerophone

https://infosec.exchange/media/AzlSM_KKo_rKURKT-88

#BlackBerry Limited announced that its QNX software is now embedded in more than 120 million cars.
Automotive OEMs and tier ones use BlackBerry QNX technology in the advanced driver assistance systems, digital instrument clusters, connectivity modules, handsfree systems, and infotainment systems that appear in car brands, including Audi, BMW, Ford, GM, Honda, Hyundai, Jaguar Land Rover, KIA, Maserati, Mercedes-Benz, Porsche, Toyota and Volkswagen.

https://globenewswire.com/news-release/2018/06/06/1517725/0/en/BlackBerry-QNX-Technology-Now-Embedded-in-More-Than-120-Million-Vehicles-on-the-Road-Today.html

#Cryptomining scripts will be blocked in upcoming versions of #Firefox browser.

https://www.hackread.com/cryptomining-scripts-blocked-in-firefox-browser/

https://infosec.exchange/media/m3qBatzyu1ABoMk0Pxg