![](\"https:\/\/media.wired.com\/photos\/5db36d510da2b80009c7fb48\/master\/pass\/Security_rudy..._-1155546169.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Sat, 26 Oct 2019 13:31:02 +0000<\/strong><\/p>\n A UN phishing attack, Adobe accounts exposed, and more of the week's top security news.<\/p>\n This week, Republicans stormed a sensitive compartmented information facility<\/a> in a show of\u2026 something? Unclear. But they definitely created a national security issue by bringing their smartphones along with them and refusing to give them up. So, yes, that was the low point. But there were also highs!<\/p>\n Microsoft has a new plan to protect firmware in Windows PCs from hacks, called \u201csecured-core PCs.\u201d A county in Georgia had a plan to use license plate detectors to reduce crime<\/a>, but experts aren\u2019t convinced it worked as advertised. And Russians have rapidly evolved their plans to execute so-called false flag hacks<\/a>, making their attacks look like another sophisticated adversary pulled them off. Fancy Bear! They\u2019re they mask-wearing Scooby-Doo<\/em> villain of cyberwar.<\/p>\n Elsewhere, we took a look at why two-factor authentication isn\u2019t always the answer<\/a>\u2014even though it\u2019s still essential in certain situations<\/a>. We talked you through making your social media posts private<\/a> when you want them to be. And we detailed how a fleet of click fraud apps snuck past Apple\u2019s vaunted App Store defenses<\/a>.<\/p>\n We also explored technology\u2019s role in the ongoing Hong Kong protests<\/a>\u2014on both sides\u2014and ran through some quality password manager options<\/a>.<\/p>\n Lastly, set aside some time this weekend to read this in-depth profile of secretary of state Mike Pompeo<\/a>, who finds himself at\u2014or at least near\u2014the center of the increasingly alarming Ukraine investigation. It\u2019s a doozy.<\/p>\n And there's more! Every Saturday we round up the security and privacy stories that we didn\u2019t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.<\/p>\n Please go read this NBC News story<\/a>. Truly, you won't regret it. Because it relates the tale of how Rudy Giuliani\u2014lawyer to an embattled president, unlikely proprietor of a cybersecurity firm<\/a>\u2014managed to butt-dial NBC News reporter Rich Shapiro not once, but twice in the last several weeks. The substance of the three-minute voicemails Giuliani inadvertently left seems inconclusive, although the most recent does include Giuliani's extremely relatable lament that "the problem is we need some money." And sure butt-dialing is a universal experience. But for someone in the middle of, let's conservatively say, several legally dubious narratives to take so little care with his outgoing communications is quite something! Especially given that this seems to be at least a semi-regular occurrence:<\/p>\n https:\/\/twitter.com\/jdawsey1\/status\/1187814073175564289<\/a><\/p>\n Giuliani may be as divisive a character as exists in American politics today, but in the annals of butt-dialing, mark him down as a legend.<\/p>\n The latest entrant in the never-ending parade of exposed data appears to be Adobe Creative Cloud. A security researcher discovered 7.5 million records sitting in an Elastisearch database that was easily accessible online. Adobe reportedly secured the database the same day it was discovered, October 19. No payment information leaked out, and there's no indication that it had been compromised by bad actors. But it still included details like email accounts, what Adobe products in use, member IDs, and when the account was created.<\/p>\n Speaking of scourges, a phishing campaign has hit the Red Cross, UNICEF, the UN, and more. It's unclear who's behind the attack, but its goal appears to be breaking into Microsoft and Okta accounts. The scam set up a series of convincing fake websites, and would capture username and password data as entered in real-time. It's not unusual that these groups would be targeted, but the sophistication of the campaign is both impressive and worrying.<\/p>\n Dimitrios Vastakis was the branch chief of White House computer network defense until he resigned earlier this month. And when he did, Axios reports, he left behind a resignation letter that called out just how irresponsible the White House's attitude toward cybersecurity has become. Experienced cybersecurity professionals are being forced out, the letter says, which ultimately makes White House cybersecurity less safe. That's especially concerning given the apparent lack of care given by President Donald Trump<\/a> in the first place, and the prior elimination of important strategic cybersecurity roles<\/a>. In other words, don't be surprised if a big White House hack happens\u2014or if it already has.<\/p>\n