After the Thanksgiving holiday, we'll be rolling out a new format for our email. We've redesigned it the better to avoid falling into spam traps, or becoming inadvertently enmeshed in the array of anti-phishing measures increasingly deployed. You've seen some of these changes already with our addition of inline links to our summary. When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Amazon warns, reassures customers over breach. Facebook fixes configuration error. Tessa88 fingered. Magecart gangwar. Spies.
Amazon has experienced a so-far unspecified breach. The online retailer has emailed many customers (but not all) to say that their name and email address had been exposed “due to a technical error.” The email, genuine despite its phishy appearance, doesn’t say what happened, or where, or why, but reassures recipients that everything’s fine and there’s no need to change passwords (Ars Technica).
Facebook has cleared up yesterday’s outages, which it attributes to server configuration errors (CNET).
Recorded Future says it’s cleared up the mystery of “Tessa88,” the hitherto unidentified cybercriminal who in 2016 sold MySpace, Badoo, LinkedIn, QIP, Rambler, VKontakte, Mobango, and Twitter databases. The security firm has concluded that Tessa88 is one Maksim Vladimirovich Donakov, of Penza, Russia. Tessa88, whose activities were bracketed with “Peace_of_mind’s,” claimed to be a broker or middleman as opposed to a hacker (ZDNet).
Competing gangs are struggling for Magecart supremacy on an infected e-commerce site (Ars Technica).
Espionage in cyberspace continues at its customary tempo and customary actors. Australia, however, is thought to be seeing an increase in the attention being paid to its corporate intellectual property by China’s Ministry of State Security (CNBC). And observers continue mulling Cozy Bear’s virtuoso return to phishing for access (Threatpost, Forbes).
Those of you in the furry community, you know who you are. But a breach in “High Tail Hall” suggests that about half-a-million of you will eventually be known to everyone else as well. The BBC and Mr. Cluley seem au courant on the incident.
Today's issue includes events affecting Afghanistan, Australia, China, European Union, Republic of Korea, NATO/OTAN, Russia, Saudi Arabia, United Kingdom, United Nations, and United States.
A quick note: we'll be observing Thanksgiving this week, so there will be no Daily News Briefing, Daily Podcast, or Hacking Humans on Thursday or Friday, and no Research Saturday or Week that Was this Saturday. Everything returns to normal next week. In the meantime, enjoy the holiday, and see you as usual on Monday.
We're asking knowledgeable security insiders like you to take a short survey. In return, we're offering all qualified respondents a chance to enter a drawing to win one of three gift cards valued at $50 each. Join other cybersecurity leaders and share your viewpoints. Click here to take the survey.