Archive for the ‘Security’ Category

Over 900,000 personal records of South Africans leaked online

Barely a year after South Africa’s largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what […]

Spectre comes back to haunt Processor Makers Confirm New Security Flaws, So Update Now

Intel is finally confirming that its computer processors are vulnerable to an additional variant of Spectre, the nasty security vulnerability that affects nearly every CPU currently in devices and in the marketplace. German computing magazine C’t first reported the additional flaws, which can be exploited in a browser setting using a runtime (think Javascript), on […]

Seriously, Cisco? Another hard-coded password? Sheesh

Cisco’s issued 16 patches, the silliest of which is CVE-2018-0222 because it’s a hard-coded password in Switchzilla’s Digital Network Architecture (DNA) Center. “The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software,” Cisco’s admitted. As you’d expect, “An attacker could exploit this vulnerability by […]

Entire Nest ecosystem of smart home devices goes offline

For at least a few hours overnight, owners of Nest products were unable to access their devices via the Nest app or web browsers, according to Nest Support on Twitter. Other devices like Nest Secure and Nest x Yale Locks behaved erratically. The as of yet unexplained issues affected the entire lineup of Nest devices, […]

Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

On April 19, 2018, an industry partner notified NCCIC and the FBI of malicious cyber activity that aligns with the techniques, tactics, and procedures (TTPs) and network indicators listed in this Alert. Specifically, the industry partner reported the actors redirected DNS queries to their own infrastructure by creating GRE tunnels and obtained sensitive information, which […]

Many Satellites run Windows 95 – and are ripe for hacking

Hundreds of multi-ton liabilities—soaring faster than the speed of sound, miles above the surface of the earth—are operating on Windows-95.They’re satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they’re invaluable resources. Even though they’re old, it’s […]

Hackers Steal Data on 14 Million Users From Ride-Hail App Careem

Careem, a ride-hail startup based in Dubai and operating in 14 countries, announced today that hackers stole data belonging to 14 million riders and drivers. The company discovered the breach on January 14 but waited to notify its customers because the investigation was ongoing. “Cybercrime investigations are immensely complicated and take time. We wanted to […]

Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!

The Disaster Formerly Known as Yahoo! has been fined $35m by US financial watchdog, the SEC, for failing to tell anyone about one of the world’s largest ever computer security breaches. Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database – including billions of […]

Cops Around the Country Can Now Unlock iPhones, Records Show

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.   […]

Data exfiltrators send info over PCs’ power supply cables

If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates […]

Under Armour Data Breach: 150 Million MyFitnessPal Accounts Hacked

Under Armour Inc., joining a growing list of corporate victims of hacker attacks, said about 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year. An unauthorized party stole data from the accounts in late February, Under Armour said on Thursday. It became aware of the breach earlier this week […]

Trustwave Global IT Security Report Summarised

Hackers have moved away from simple point-of-sale (POS) terminal attacks to more refined assaults on corporations’ head offices. An annual report from security firm Trustwave out today highlighted increased sophistication of web app hacking and social engineering tactics on the part of miscreants. Half of the incidents investigated involved corporate and internal networks (up from […]

T-Mobile Austria stores passwords as plain text

A customer was questioning if rumors that T-Mobile Austria was storing customer passwords in plain text, leaving the credentials like sitting ducks for hackers. Whoever was manning T-Mobile Austria’s Twitter account confirmed that this was the case, but that there was no need to worry because “our security is amazingly good.” Hello Claudia! The customer […]

NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel […]

Rise in Ransomware Attacks Actually Led to Fewer Exposed Records, IBM Discovers

It seems as if last year’s data breaches were characterized by increased regularity, yet somehow, according to the latest research from IBM Security, fewer records were actually exposed. The year saw a 25 percent dip in exposed records—2.5 billion down from 4 billion the previous year—according to IBM’s latest X-Force report. The cause: Cybercriminals have […]

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

Security researchers have uncovered 1.5 billion business and consumer files exposed online – just a month before Europe’s General Data Protection Regulation comes into force. During the first three months of 2018, threat intel firm Digital Shadows detected 1,550,447,111 publicly available files across open Amazon Simple Storage Service (S3) buckets, rsync, Server Message Block (SMB), […]

Hacker Uses Exploit to Generate Verge Cryptocurrency out of Thin Abir

An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state […]

Secret Service Warns of Chip Card Scheme: replacing the chip and then draining after activation

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates […]

DronesForLess leaks customer purchasing data

The DronesForLess.co.uk site was left wide open by its operators, who failed to protect critical parts of its web infrastructure from curious people, as spotted by Alan at secret-bases.co.uk, who told The Register. We discovered more than 10,000 online purchase receipts had been saved to its web servers without any encryption or even password protection […]

IOS QR ‘bug’ isn’t a bug: trend in pointing out things working as intended as a security advisory continues

So: Oddly enough, if you make a QR code that tells you to go somewhere, the camera will take you to where the QR code tells you to go, even if you tell someone that the QR code goes someplace else. This trend of ‘reporting’ security problems that are not security problems at all is […]

Cisco NFV elastic services controller accepts empty admin password

Cisco’s Elastic Services Controller’s release 3.0.0 software has a critical vulnerability: it accepts an empty admin password. The Controller (ESC) is Cisco’s automation environment for network function virtualisation (NFV), providing VM and service monitors, automated recovery and dynamic scaling. Cisco’s advisory about the flaw explains the bug is in ESC’s Web service portal: “An attacker […]

AI models leak secret data too easily

A paper released on arXiv last week by a team of researchers from the University of California, Berkeley, National University of Singapore, and Google Brain reveals just how vulnerable deep learning is to information leakage. The researchers labelled the problem “unintended memorization” and explained it happens if miscreants can access to the model’s code and […]

Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

Researchers from German security firm Kromtech Security allege that until recently, MBM Company was improperly handling customer details. On February 6, they identified an unsecured Amazon S3 storage bucket, containing a MSSQL database backup file. According to Kromtech Security’s head of communications, Bob Diachenko, further analysis of the file revealed it held the personal information […]

Can AMD Vulnerabilities Be Used to Game the Stock Market?

On Tuesday, a little known security company claimed to have found vulnerabilities and backdoors in some AMD processors. Within some parts of the security community, the story behind the researchers’ discovery quickly became more interesting than the discovery itself. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing […]

Major Survey of IT Pros Reveals Why Everything Gets Hacked All the Damn Time, paying for ransomware is like flipping a coin

More than 1,000 security employees in as many as 17 countries participated in the survey. Most said the biggest hurdle to mounting an adequate defense against cyber threats today is the lack of skilled personnel. (Poor security awareness and an inability to sift through enormous piles of data tied for second place.) The survey, which […]

 
Skip to toolbar