Penetration testers looking at commercial shipping and oil rigs discovered a litany of security blunders and vulnerabilities – including one set that would have let them take full control of a rig at sea. Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says, reckoned that on the whole, Read more about Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners[…]

Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time, the Telegraph can reveal. Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a Read more about Facebook was repeatedly warned of security flaw that led to biggest data breach in its history[…]

Thousands of images, videos and records pertaining to plastic surgery patients were left on an unsecured database where they could be viewed by anyone with the right IP address, researchers said Friday. The data included about 900,000 records, which researchers say could belong to thousands of different patients. The data was generated at clinics around Read more about Plastic surgery images and invoices leak from unsecured database[…]

Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst Read more about Apple’s Mac computers now outpace Windows in malware and virus[…]

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the flaw, warning that a locally authenticated low-privilege user could exploit Read more about Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool[…]

A software error in Denmark’s government tax portal has accidentally exposed the personal identification (CPR) numbers for 1.26 million Danish citizens, a fifth of the country’s total population. The error lasted for five years (between February 2, 2015, and January 24, 2020) before it was discovered, Danish media reported last week. The software error and Read more about Software error exposes the ID numbers, birthdays and genders for 1.26 million Danish citizens, 1/5th of the population[…]

A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election. The security lapse was tied to a mobile app used by Prime Minister Read more about Israeli Voters: Data of All 6.5 Million Voters Leaked[…]

Personal records, including scans of ID cards and purchase details, for more than 30,000 people were exposed to the public internet from this unsecured cloud silo, we’re told. In addition to full names and pictures of customer ID cards, the 85,000 file collection is said to include email and mailing address, phone numbers, dates of Read more about Sorry to be blunt about this… Open AWS S3 storage bucket just made 30,000 potheads’ privacy go up in smoke[…]

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices. This data can be used Read more about Netgear leaves admin interface’s TLS cert and private key router firmware[…]

Three years ago, Ars declared the SHA1 cryptographic hash algorithm officially dead after researchers performed the world’s first known instance of a fatal exploit known as a “collision” on it. On Tuesday, the dead SHA1 horse got clobbered again as a different team of researchers unveiled a new attack that’s significantly more powerful. The new Read more about PGP keys, software security, and much more threatened by new SHA1 exploit[…]

Security researchers from Sophos say they’ve discovered a new set of “fleeceware” apps that appear to have been downloaded and installed by more than 600 million Android users. The term fleeceware is a recent addition to the cyber-security jargon. It was coined by UK cyber-security firm Sophos last September following an investigation that discovered a Read more about More than 600 million users installed Android ‘fleeceware’ apps from the Play Store – where they don’t cancel your trial after uninstalling[…]

More than 1,000 celebrities, government employees and politicians who have received honours had their home and work addresses posted on a government website, the Guardian can reveal. The accidental disclosure of the tranche of personal details is likely to be considered a significant security breach, particularly as senior police and Ministry of Defence staff were Read more about Government exposes addresses of > 1000 new year honours recipients[…]

Security camera startup Wyze has confirmed it suffered a data leak this month that may have left the personal information of millions of its customers exposed on the internet. No passwords or financial information were exposed, but email addresses, Wi-Fi network IDs and body metrics were left unprotected from Dec. 4 through Dec. 26, the Read more about Wyze data leak may have exposed personal data of millions of users[…]

This week, Twitter confirmed a vulnerability in its Android app that could let hackers see your “nonpublic account information” and commandeer your account to send tweets and direct messages. According to a Twitter Privacy Center blog posted Friday, the (recently patched) security issue could allow hackers to gain control of an account and access data Read more about Twitter Warns Millions of Android App Users to Update Immediately[…]

Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in Read more about Chinese hacker group caught bypassing 2FA[…]

A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication. Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the trove of data is most likely the result of Read more about 267 Million Phone Numbers & Facebook User IDs Exposed Online[…]

The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.” Using the log-in email and password, an intruder could access a Ring customer’s home Read more about A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users – Really, just don’t get one of these things![…]

It’s not so much being watched. It’s that I don’t really know if I’m being watched or not. From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready Read more about We Tested Ring’s Security. It’s Awful[…]

A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won’t be an easy one to solve. This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations Read more about IoT gear is generating easy-to-crack keys because they repeat the key once every 172 times[…]

Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface Read more about New Plundervolt attack impacts Intel CPUs SGX[…]

De persoonsgegevens van mogelijk 29.000 klanten van energiebedrijven Budget Energie en NLE liggen op straat. Naast namen en adressen is er kans dat er ook telefoonnummers en bankrekeningnummers zijn gelekt. De data is niet per ongeluk gelekt, het gaat volgens het bedrijf om een moedwillige diefstal. Moederbedrijf Nuts Groep heeft klanten van Budget Energie en NLE Read more about Budget Energy and NLE leak 29000 customer records – names, adresses, possibly phone numbers and bank accounts[…]

A vulnerability in millions of fully patched Android phones is being actively exploited by malware that’s designed to drain the bank accounts of infected users, researchers said on Monday. The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in Read more about Vulnerability in fully patched Android phones under active attack by bank thieves – watch out for permissions being asked from apps you have installed[…]