Easy Shield business risk control, the weekly newsletter reported notable security technologies and events, including, but not limited to, content security, mobile security, business security and network security to help businesses be vigilant, avoid these like a real little big, healthy development of the business impact Security Risk.
1, pass the dark net sale of 1.8 million members Suning data
June 18, at 7 pm, the Southern Metropolis Daily reported that someone posted net sale in the dark Suning membership data, involving 1.8 million Suning users, priced at $ 100, contains information phone number, password, name, ××× number, etc. . For the above incident, Su Ning said, verification, not Suning user data via the net exposure of the sample data. It also said that regardless of the sale of personal information or fabricate rumors damage the reputation of Suning have broken the law and even constitute a crime.
2, the company claimed that Israel can extract data from any iOS device
According to foreign media reports, Israeli mobile device forensics Cellebrite claims that the company can unlock any iOS device, including devices running the latest mobile operating system iOS 12.3 in. On Android devices, the company said, all of Samsung's flagship devices can perform similar operations, can also extract data unallocated, even to collect information about deleted items.
3, Jingdong financial, Zhaopin and other cable of 24 gauge APP traced right
June 10 to 17, Beijing News reporter in accordance with the "Information Specifications" classification selected 50 models commonly used APP, actual measurement of its scope and authority to collect the information requested, found that if in strict accordance with the "Information Specifications" plan given the scope of information gathering, which has 50 APP 24 APP requested authority is out of range, such as Zhaopin asked for a camera, location, contacts, permissions, lily marriage rights to collect the address book.
4, Linux TCP Denial of Service vulnerability exposed
Netflix engineers found a number of vulnerabilities in the TCP network Linux and FreeBSD kernel. Vulnerability to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) related to the most serious vulnerabilities dubbed SACK Panic, the Linux kernel allow remote trigger a kernel panic.
5, CBP subcontractors materially data breaches
Quoted the US Cable News Network (CNN) reported that the US Customs and Border Protection (CBP) employed by subcontractors Perceptics materially data breaches, after already leaked data analysis found that at least 50,000 US license plate number sales data is in the dark online. More importantly, CBP has never been revealed to CNN authorized to retain such owner information.
6, the Ministry of Industry "network vulnerability management regulations (draft)"
To implement the "××× Network Security Act" to enhance network security vulnerability management, the Ministry of Industry and Information Technology together with relevant departments to draft a "network vulnerability management regulations (draft)" (see Annex), intends to normative documents form issued now open for comments.
7, micro-letter security team: with plug-in, on penalties
June 18, micro letter to the Security Center announced that, for the explicit use of plug-in functions account is confirmed, micro-letter security team will make a limiting function until restrict login and other penalties; for repeated violations, they will be aggravating the gradient principles . (Lei Feng network)
8, May 2019 | monthly analysis of DDoS *** Resource Report
According to sample monitoring data CNCERT, 2019 May, using the launch control broiler end DDoS *** there are 257, of which, 37 control terminals located in the territory of our country, 220 are located outside the control terminal. Located outside of the control terminal by national or regional distribution, the largest proportion of the United States, accounting for 45.9%, followed by Canada and Hong Kong, China!
9, infected with virus spread through Taobao shop to steal user information online
Recently, some users for help, said Taobao company called "CF game stand-alone agency" after the shop to buy the game, download the runtime, leading to computer viruses. It is understood that the shop sold the poison games "Cross Fire (CF)" stand-alone, network game originally, was artificially cracked adapted into a single game, and put Taobao sell.
According to engineers to analyze, due to the break of the game environment is infected, resulting in the entire game archive carry the virus, and purchased and installed by the user and continue to spread the infection. Even more serious is that the shop in the other game is also very likely infected with the virus. (CnBeta)
10, Nanjing proposed desecration of the martyrs as serious acts of dishonesty
Credit Nanjing Office published the "Nanjing Social Credit Regulations (draft)" (doc), public comments, views as of the date of July 17. Article 34 of the desecration of the martyrs, harm the state and national dignity, hurt the feelings of the people's behavior as serious acts of dishonesty. (Technology Walker)
11, Google consider migrating all children video to YouTube Kids application
Bloomberg reported citing the US Federal Trade Commission (FTC) is investigating whether Google's YouTube in violation of the provisions of the Children collect data and advertise. Specifically including whether minors illegally collect and disclose information to others without parental permission. YouTube has been controversial because children content. The company employs specialized staff to watch and review video of children, remove harmful content, and launched a children's apps, more secure.
12, photographed the industrial chain exposure: your private life, probably tens of thousands of people are being onlookers
You probably never thought, when outside their own travel, tourism-friendly hotel is actually a live studio. The protagonist, is yourself. Your every move in the room, are panoramic view of a small camera. Manufacturing sale from videotaping equipment, to collect video, and then sell spread, in fact, hidden in the middle is more than just a hidden camera, but a complete candid black interests of the chain.
After getting candid ×××, only changed hands a sell on the Internet, you can profit from it. Who was caught videotaping revealed, each camera can be shared with 100 people watching, and there are live, playback, and download and view functions. Candid account of each watch sold to the agent ranging from 100-300 yuan per month price, the agent then sold at prices ranging from 200-400 yuan to the lower-level agents or users. After the covert video download individual agent will return the camera is stored in the network disk, through micro letter, QQ network disk account in order to sell ranging from 20-60 per price. (Technology Walker)