This Version of Metacurity is on Hiatus While We Move to a New Format

While Metacurity has been a wonderful challenge over the past five years, it makes no financial sense in its current format. Therefore, we are going on hiatus until after Labor Day to create a new newsletter version of Metacurity. We are also going to set up an automated page, behind a paywall, that is lightly edited, with no original summaries, updated once per day, offering the same curated and clustered cybersecurity news developments you’ve come to expect from the site. Thanks to our smart and steady readers out there and sign up for our updates. Read more about this development here.
http://dlvr.it/RdMLDC

Online Exam Proctoring Company ProctorU Has Confirmed Data Breach, 440,000 People Allegedly Affected

Online exam proctoring solution ProctorU has confirmed a data breach after a threat actor released a stolen database of user records on a hacker forum. Last month, Bleeping Computer reported that a known data breach seller had leaked 18 company’s databases for free on a hacker forum. One of the leaked databases was for Proctoru.com and contains user records for 444,000 people allegedly registered at the online proctoring service. The database contains email addresses, full names, addresses, phone numbers, hashed passwords, the affiliated organization, and other information. Some of the colleges and universities that may be impacted are North Virginia Community College, UCLA, Princeton, University of Texas, Harvard, Yale, Syracuse University, Columbia, UC Davis, and many more.
http://dlvr.it/RdK1G2

Chinese Government is Blocking Encrypted HTTPS Connections That Use TLS 1.3 and ESNI

Since the end of July, the Chinese government has deployed an update to its national censorship tool, the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using interception-proof protocols and technologies, according to a joint report published this week by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report. Chinese officials are only targeting HTTPS traffic that is set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication).
http://dlvr.it/RdJHrz

Small Government Contractor Anomaly Six Can Track Movements of Hundreds of Millions of Mobile Phones Worldwide, Draw Location Data From More Than 500 Apps

A small U.S. company called Anomaly Six LLC with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones worldwide, according to interviews and documents reviewed by The Wall Street Journal. In its marketing material, Anomaly said it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps.
http://dlvr.it/RdG6n4

Hackers Deface Tens of Reddit Channels to Show Pro-Trump Messages, NFL, Disneyland, Boston Celtics Channels Affected

A massive hack hit Reddit after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The Reddit channels defaced include those for NFL, many TV shows, The Pirate Bay, Disneyland, Disney’s Avengers, Boston Celtics, several city channels, and more. The channels have combined tens of millions of subscribers. Although Reddit hasn’t issued any details on the hack, the massive scale of the incident suggests that the intruder(s) might have gained access to a high-privileged moderator or admin account. Channel owners who are having problems have been asked to report problems in a Reddit ModSupport thread. The Reddit hack also comes after Reddit banned r/The_Donald, a channel for Donald Trump supporters.
http://dlvr.it/RdCfBY

Troy Hunt Open Sources 'Have I Been Pwned,' Asks the Community to Help Support the Effort

On the heels of an aborted merger and acquisition initiative, highly respected cybersecurity expert Troy Hunt has decided open source his ground-breaking Have I Been Pwned code base. He said he is turning over the code to the public “for the betterment of the project and frankly for the betterment of everyone who uses it.” He said the project solely depends on him and is asking the community to help support the effort.
http://dlvr.it/RdCf64

Researchers Who Intercepted Signals of Eighteen Satellites Says Satellite Communications Put Millions of People at Risk

Satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced Oxford Ph.D. candidate James Pavur showed. Pavur intercepted the signals of 18 satellites beaming Internet data to people, ships, and planes in a 100 million-square-kilometer swath that stretches from the United States, Caribbean, China, and India. Pavur said current solutions such as VPNs are ineffective for satellite communications and that he is presenting his findings so that the community can devise solutions.
http://dlvr.it/RdCB4M

Twitter Delicious Facebook Digg Stumbleupon Favorites More