No one likes being stalked around the Internet by adverts. It’s the uneasy joke you can’t enjoy laughing at. Yet vast people-profiling ad businesses have made pots of money off of an unregulated Internet by putting surveillance at their core. But what ...
Hacker defaced the company's website and sent a mass email to all its customers, alleging unpatched security holes.
A funny thing happened in the second half of 2018. At some moment, all the people active in crypto looked around and realized there weren’t very many of us. The friends we’d convinced during the last holiday season were no longer speaking to us. They ...
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Plus, Safari security foiled by… a finger swipe? Roundup This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…
Killer jailed for life after fitness kit data tips off plod Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
Democrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful.
Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.
Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.
Лучшая защита – нападение? Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
Call Filter service to be made available to all wireless and wired customers with compatible phones in March 2019.
Threatpost editors break down the top headlines from the week ended Jan. 18.
A default configuration allows full admin access to unauthenticated attackers.
Google is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff. The search and mobile giant said it is part of a move to cut down on apps that have access ...
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus.
Twitter has fixed the issue, which has been ongoing since 2014.
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
No customer data visible but hell's bells, Redmond, what have you borked now? Exclusive Alarmed Microsoft support partners can currently view support tickets submitted from all over the world, in what appears to be a very wide-ranging blunder by the Red ...
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBIand some of their peer agencies in the U.K., Australia, and elsewhereargue that the pervasive use of civilian encryption is hampering their ability to solve crimes and th ...
Apps containing the Anubis banking Trojan and an interesting motion sensor have been found in the Google Play store.
Microsoft did not issue official fixes during the recent January Patch Tuesday update window.
We'll know for sure when Huawei reveals a shoe-shaped smartphone Something for the Weekend, Sir? The name's McLeod. Alessandro McLeod. I am a spy for the secret services.…
The Redmond giant is keenly interested in remote code execution and privilege escalation flaws.
Wants to address risks with $161m augmentation project.
Azure DevOps Services invites hackers to test its limits There's more money to be made from bug hunting in Microsoft code after Redmond announced its 10th active bug hunting reward scheme, the Azure DevOps Bounty Program.…
Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are r ...
Open-source CMS gets a pair of critical fixes Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in ca ...
Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder ha ...
Hacker is a 30-year-old Portuguese man. Police haven't released his name, but several news outlets claim he's named Rui Pinto, a man they've identified and have been tracking for years.
Other Australian banks set to follow.
Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.
2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies. According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity ...
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
Some Twitter for Android users had their private tweets exposed to non-followers and search engines.
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who ...
Little-known database management tool allowed hackers to take over sites and inject malicious code that steals payment card details.
We like to think of ourselves as nerds here at TechCrunch, which is why we’re bring you this. During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights u ...
Prof Maureen Baker told tribunal info security and clinical safety are two separate things The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by ...
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Banks in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit.
Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.
Cryptojacking campaign targets Linux servers that haven't had patches for known vulnerabilities applied.
Get up close and personal with the latest tools and techniques for testing (and breaking) everything from HTTPS to deep neural networks to Microsoft Office!
Microsoft wants you to "make Windows even better" by setting up Microsoft Account services on Windows 10 devices.
An Oklahoma Department of Securities server allowed anyone to download government files.
Sometimes it take a small bug in one thing to find something massive elsewhere. During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the en ...
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iO ...
Facebook says Sputnik employees ran hundreds of Facebook pages and accounts, some posing as politicians in other countries.
Now is a good time to get a password manager app Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number of plain text passwords.…
Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools. In a blog post today the company reveals another tranche of Kremlin-linked fake activity — ...
Posted by InfoSec News on Jan 17https://www.gofundme.co
ity-bsdos [I saw this on InfoSec Twitter and figured they're in need a signal boost of their message. Spend enough time in this community, you might have the opportunity in 1 ...
Posted by InfoSec News on Jan 17https://motherboard.vic
ucks-at-cybersecurity By Matthew Gault Motherboard.vice.co
m Jan 15 2019 The Department of Defense is terrible at cybersecurity. That's the assessment ...
Posted by InfoSec News on Jan 17https://www.cyberscoop.
-systems/ By Sean Lyngaas CyberScoop JAN 15, 2019 Security experts have in recent months warned that building-automation lags ...
Posted by InfoSec News on Jan 17https://www.zdnet.com/a
d-security-flaws/ By Catalin Cimpanu ZDNet News January 14, 2019 All SCP (Secure Copy Protocol) implementations from the last 36 years, since 1983, a ...
Posted by InfoSec News on Jan 17https://scroll.in/artic
-and-got-caught By Bhupen Patel Scroll.in January 16, 2019 In early June 2001, I started receiving anonymous calls from someo ...
Posted by InfoSec News on Jan 17https://www.scmp.com/bu
oo-small-be-hacked By Linda Lew South China Morning Post 17 January, 2019 Hacking is on the rise in Hong Kong. But many small ...
Posted by InfoSec News on Jan 17http://english.donga.co
By Kwan-Seok Jang The Dong-A Ilbo January. 15, 2019 It has been turned out that 30 computers installed on the internal system of the Defense Acquisition Program Administratio ...
A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the sou ...
It seems like 2019 is the year to purchase cloud security companies.
Mandates "clear instructions on how to cancel".
Mandates "clear instructions on how to cancel".
No idea who could have been behind this one... The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…
US lawmakers introduce bipartisan Bill that, if passed, would ban the export of US chips and other components to the two Chinese tech companies.
Stricter security requirements.
Researchers dig into vulnerabilities in popular building automation systems, devices.
Lawsuit claims coin thief was part of a gang targeting crypto whales The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…
Fake "Flash Player" extension has been available since February 2018, was installed by roughly 400 users.
Security researcher Troy Hunt has found an 87GB dump of email address and passwords.
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
Scuppered by government shutdown.
Would ban the sale of US chips or other components to companies that violate US sanctions.
New brand name after millions of customer records stolen.
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.
Government says hackers breached 30 computers and stole data from 10.
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
UEFI malware has been in the wild for more than two years The Fancy Bear hacking group's Lojax rootkit is far from a one-off tool, and may have been active in the wild for years before it was first reported.…
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
The threat group also has a new subsidiary, Magecart Group 12.
Cyber attacks are one of the biggest risks facing the world. Our inability to address the underlying issues risks disaster.
A tale of XSS, SQL injection and OAuth implementation Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to ...
Hundreds of online stores confirmed to be impacted, thousands of more under investigation.
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
Whoa - is that an Access 97 iceberg dead ahead? Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows Insider build.…
The database was used for development purposes but the data on offer to the public was valid.
Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he tol ...
With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed. Researchers at Check Point say the three vulnerabilities chained together could have affected any ...
If you are infected with this malware, you might find it is more difficult to eradicate than standard Trojans.
What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karman ...
Check Point recommends that Fortnite players enable two-factor authentication (2FA) for their accounts.
Increased connectivity in society and rapidly evolving threats are leaving the world open to damaging large-scale cyberattacks, warns the World Economic Forum.
Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it ...
History will judge whether Huawei adhered to its claims to not harm the interests of customers, its founder has said.
Researcher to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
Redbanc employee applied for a LinkedIn job and got a call from the world's most active hacker crews.
Ethereum Constantinople Upgrade hits last minute snag that saves many users from catastrophic losses.
Crooks banked $270,000 in just one move, it is claimed A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.
Security hole can be exploited to tamper with journeys A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerab ...
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.
Hacker also participated in the notorious hack of three newswire services in 2014.
While the DoD is in the process of reviewing the $10 billion JEDI cloud contract RFPs (assuming the work continues during the government shutdown), Microsoft continues to build up its federal government security bona fides, regardless. Today the company a ...
After seven years, Metasploit Framework, the popular open-source hacking and security tool, has been given a major update.
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
When it comes to privacy, it's the little things that can lead to big mishaps.
Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.
An unprotected server storing millions of call logs and text messages was left open for months before they were found by a security researcher. If you thought you’d heard this story before, you’re not wrong. Back in November, another massive exposed d ...