If Vendor insecurity seems to be the new norm then God help all of us

Attackers compromise Twilio's SDK due to misconfigured  AWS S3 buckets left the SDK's path publicly readable and writable for roughly five years. Twilio powers communications for over 40,000 businesses and helps developers add voice, video, messaging, and authentication capabilities. 

The company's customer list includes Twitter, Netflix, Uber, Shopify, Morgan Stanley, Airbnb, Wix, Spotify, Yelp, Hulu, Intuit, ING, eBay, and countless others.

https://www.bleepingcomputer.com/news/security/twilio-exposes-sdk-attackers-inject-it-with-malvertising-code/

Interesting Observations on Hate groups:

 1 - Education plays a MINOR role in determining who does or does not join a hate group. 

2 - The more religious groups on the East Coast, the more hate groups. 

3 - Poverty is a crucial driver. 

https://talglobal.com/knowledge-center/the-map-to-hate-groups/

The Ransomware attack was thwarted but the ransom was paid. Wonder Why?

 By the time the company responded, the unidentifiable hackers already had stolen a data subset. According to the company "We paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,”.  I, wonder what "confirmation" means here (A picture of Mickey Mouse?)

https://www.hackread.com/cloud-hosting-blackbaud-pays-ransom-ransomware-attack/

Our smart phones have multiple privacy settings that can improve security. Here are a few that we could use

https://www.zdnet.com/article/privacy-settings-how-to-secure-your-iphone-and-android-device/

Finally, Nice to see a solution for the Robocall torture - T-Mobile customers (with Magenta and Essentials plans) will also be able to get a free PROXY phone number that can be used when they want to keep their main (personal) phone number private

https://www.bleepingcomputer.com/news/security/t-mobile-announces-free-scam-shield-robocall-and-scam-protection

Fact is stranger than fiction - This critical WORMABLE vulnerability existed for 17 years - SIGRed (CVE-2020-1350) . The Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack.

https://thehackernews.com/2020/07/windows-dns-server-hacking.html

Another good reason to deploy MFA and increase Awareness Training / Phishing exercises - Researchers from Agari who discovered the operation — dubbed Cosmic Lynx — claim that this is the first-ever reported case of a Russian cybercriminal outfit running an organized BEC phishing scam.

https://www.scmagazine.com/home/security-news/cybercrime/bec-scams-grow-in-complexity-as-russian-actors-launch-cosmic-lynx-operation/

Top 3 Threats according to DHS Cybersecurity and Infrastructure Security Agency (CISA)- Backdoors (some have forgotten about it), cryptominers, and ransomware constituted more than 90% of the active signatures detected.

https://www.darkreading.com/vulnerabilities---threats/dhs-shares-data-on-top-cyber-threats-to-federal-agencies/d/d-id/1338261