Addressing Pakistan’s National Assembly, Ghulam Sarwar Khan said 262 pilots in the country ‘did not take the exam themselves’ and had paid someone else to sit it on their behalf. Pakistan has 860 active pilots serving its domestic airlines — including the country’s Pakistan International Airlines (PIA) flagship — as well as a number of foreign carriers, Khan said. PIA has grounded all its pilots who hold fake licenses, effective immediately.

…

Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities. The company did not disclose the target or the origin of the attack.

…

The developers of a privacy-focused operating system championed by Edward Snowden are scrambling to find out the details of a hack that the FBI used—and Facebook paid for—to unmask a child predator. Last week, Motherboard revealed that Facebook had paid six figures to a cybersecurity firm to develop a hacking tool that the company then handed to the FBI in 2017. At the time, Facebook and law enforcement had spent years tracking a California man, who went by the name of Brian Kil online.

…

Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls. For years, a California man systematically harassed and terrorized young girls using chat apps, email, and Facebook. He extorted them for their nude pictures and videos, and threatened to kill and rape them.

He also sent graphic and specific threats to carry out mass shootings and bombings at the girls’ schools if they didn’t send him sexually explicit photos and videos. Buster Hernandez, who was known as “Brian Kil” online, was such a persistent threat and was so adept at hiding his real identity that Facebook took the unprecedented step of helping the FBI hack him to gather evidence that led to his arrest and conviction, Motherboard has learned. Facebook worked with a third-party company to develop the exploit and did not directly hand the exploit to the FBI; it is unclear whether the FBI even knew that Facebook was involved in developing the exploit.

…

Matt Hancock has had another app catastrophe. England’s planned contact tracing app, which has been trialled on the Isle of Wight and downloaded by tens of thousands of people, has been ditched in favour of a system developed by Google and Apple. The reversal, first reported by the BBC and later confirmed by the government, follows months of delays for the home-brewed app and difficulties surrounding its implementation.

…

An activist group has published on Friday 296 GB of data they claim have been stolen from US law enforcement agencies and fusion centers. The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.

…

Honda’s global operations have been hit with a ransomware attack and the Japanese automaker is still working to get everything back online. The company said Tuesday that it had to temporarily shut down some production facilities, and its customer and financial services operations are closed. At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable.

…

Honda has said it is dealing with a cyber-attack that is impacting its operations around the world. It added that the problem was affecting its ability to access its computer servers, use email and otherwise make use of its internal systems. The firm – which makes motorcycles, cars, generators and lawn mowers, among other products – said one of its internal servers was attacked externally.

…

The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder. REvil, otherwise known asSodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services,spam,exploits, andhacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers.

…

A picture may be worth a thousand words, but apparently one image is worth potentially thousands of headaches for Android users recently. The noted tech information leaker Ice Universe this weekend posted a warning about an image that if set as wallpaper will soft-brick Samsung and Google Pixel phones. Soft-bricking triggers Android devices to continuously loop an action or freeze the unit.

This generally requires a factory reset. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe’s Twitter thread, the problem lies in the way color space is handled by the Android OS.

…

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities. The multimedia investigation by the Organized Crime and Corruption Reporting Project (OCCRP) and several international journalism partners detailed the activities of the so-called Riviera Maya crime gang, allegedly a mafia-like group of Romanians who until very recently ran their own ATM company in Mexico called “Intacash” and installed sophisticated electronic card skimming devices inside at least 100 cash machines throughout Mexico. According to the OCCRP, Riviera Maya’s skimming devices allowed thieves to clone the cards, which were used to withdraw funds from ATMs in other countries — often halfway around the world in places like India, Indonesia, and Taiwan.

…

Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose, California, alleges that Google compiles user data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads, according to a report in Reuters. Google uses this data to learn about private browsing habits of Chrome users, ranging from seemingly innocuous data that can be used for ad-targeting—such as information about hobbies, interests and favorite foods—to the “most intimate and potentially embarrassing things” that people may search for online, according to the complaint.

…

A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic missile defense system in Colorado, to a role as a sub-contractor for Northrup Grumman. In the latter capacity it provides engineering support, repair and maintenance for ground subsystems components involved in the Minuteman III intercontinental ballistic missile (ICBM) program.

…

The flaw, tracked as CVE-2020-12493, is an “improper access control” issue that could allow hackers to grant root access to the device without access control via network. The flaw could be exploited by low-skilled attackers, it was rated with a CVSS score of 10 and affects all OS versions starting with G4 SWARCO of CPU LS4000. ProtectEM researchers reported the vulnerability to the vendor in July 2019, which released a patch in April.

…

Earlier this year, Bleeping Computer reported how invite links to private groups of messaging apps like WhatsApp and Telegram were visible on Google, letting anyone join the groups. This week, security researcher Athul Jayaram highlighted an issue with WhatsApp’s “wa.me” domain “leaking” contact phone numbers on Google. As stated by Jayaram and confirmed by BleepingComputer, there is no “robots.txt” file on “wa.me” or “api.whatsapp.com” domains that instructs search engines not to crawl phone numbers on the website.

…

In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not. For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.

…

Security firm Pen Test Partners ordered the 5GBioShield, and found that it’s just a cheap unbranded USB stick likely made in Shenzhen, China. PCMag editors select and review products independently. We may earn affiliate commissions from buying links, which help support our testing.

Learn more. No, 5G won’t give you coronavirus. But that isn’t stopping scammers from trying to exploit misguided fears about the technology.

…

When visiting the eBay.com site, a script will run that performs a localport scan of your computer todetect remote support and remote management applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site.

…

Temperature-scanning $7,000 helmets can catch people running a fever. But experts are skeptical about how helpful temperature scanning will really be. Chinese police, health staff, and transport workers have been using smart helmets to monitor people for high temperatures in the fight against COVID-19.

…

At least two people had seizures after viewing malicious tweets featuring flashing gifs that deliberately targeted the Epilepsy Society. Thames Valley police said it was investigating the tweets as a hate incident, after at least 200 seemingly coordinated messages were sent to the charity and its supporters in recent days. A number of other people including children were traumatised by the tweets, the charity said, stressing that the images could trigger seizures in which teeth and bones are broken and might even be fatal.

…