On Wednesday, Checkers Drive-In Restaurants alerted customers that it had been dealing with a data security issue involving “malware at certain locations.” On its website, the restaurant group announced that after discovering the issue, it “engaged leading data security experts to conduct an extensive investigation.” Federal law enforcement authorities have also been informed in order

by John E Dunn Popular news aggregation site Flipboard – one billion app downloads from Google Play and counting – has become the latest internet company to admit it has suffered a breach. We’ve covered a lot of data breaches in recent years but this one has one or two wrinkles that are worth highlighting.

An unsecured Elastic database associated with dating apps has been discovered by a security researcher, making easily identifiable data exposed. Jeremiah Fowler, who has been working in the security software industry for over 10 years, found the database that held information about US data app customers, including their sexual preferences, lifestyle choices, and whether they were

by Danny Bradbury There are lots of books on tools and techniques to secure software containers, but what happens when someone discovers a basic architectural flaw? And what do you do when there’s no working patch for it? That’s the situation in the Docker universe this week after Suse developer Aleksa Sarai uncovered a bug

Insight Venture Partners has agreed to acquire a controlling interest in Recorded Future, a threat intelligence company, in addition to the minority stake it already owns. The all-cash transaction puts the value of Recorded Future at more than $780 million.  According to its press release, Recorded Future is the largest privately held threat intelligence software company

by John E Dunn One of computer security’s special frustrations is the phenomenon of malware that keeps re-infecting a system no matter how many times defenders think they’ve cleaned it. This was the puzzle that recently confronted Sophos Support when it was called in to investigate the mystery of an internet-facing Apache Tomcat web server

It’s been a year since the implementation of GDPR, and it seems that businesses are as vulnerable as ever. According to a report by nCipher, 71% of the UK C-suite would be willing to cover up a data breach if they could escape the fines, compared with the 57% of managers and directors. The survey

by Danny Bradbury You’ve all seen the deepfake video of a digital Barack Obama sockpuppet controlled by Jordan Peele, but we bet you haven’t seen an animated video of the Mona Lisa talking before. Well, thanks to the magic of AI, now you can. Deepfake AI produces realistic videos of people doing and saying fictitious

Cryptopia, an exchange that was hacked and subsequently went into liquidation in May, has filed for bankruptcy protection in the United States. Grant Thornton will be handling the preservation of the data stored and hosted on servers with an Arizona-based firm, according to Yahoo News.  The bankruptcy court in the Southern District of New York issued an

by Lisa Vaas Is it true that most people only read the first four lines of email, as this Twitterer suggests? If so, a cynic might assume, as did IT consultant Dave Hall, that the marketing department at a company that’s just suffered a massive data breach likely know that… and, hence, shoehorn in their

Most IT security professionals believe GDPR non-compliance is commonplace, as the landmark data protection legislation turns one tomorrow, according to Infosecurity Europe. Over 6400 industry practitioners responded to a Twitter poll run by the leading cybersecurity event, which runs from June 4-6. Some 68% said they thought many organizations have likely not taken the GDPR

by Lisa Vaas The latest ripple in the years-long, lawsuit-jammed, regulators-aggravating brouhaha known as batterygate: Apple has pledged to warn iPhone owners if an update is likely to slow down their phones. The UK Competition and Markets Authority (CMA) said on Wednesday that Apple has agreed to “notify consumers in a clear manner” if an

Canadian organizations are being warned that they are increasingly becoming the targets of cyber-threats, with researchers discovering nearly 100 malicious email campaigns that have been specifically targeting Canadian audiences, according to new research from Proofpoint. The emails were customized for either Canadian organizations or a more general Canadian audience, a May 23 blog post said.

by John E Dunn Apple thinks it has come up with a way for advertisers to track how well their ads are doing without (*gasp*) compromising user privacy. It sounds like a tall order but according to John Wilander, WebKit engineer and architect of Apple’s Intelligent Tracking Prevention (ITP), a technology called Privacy Preserving Ad

While affirming Equifax’s senior unsecured rating at Baa1 and short-term rating at Prime-2, Moody’s Investor Services downgraded the company’s outlook from stable to negative due to the 2017 cyber-attack. “The outlook revision to negative reflects weaker operating performance and credit metrics than originally expected following the cybersecurity breach in 2017,” the May 17 rating action

by Paul Ducklin If crooks want to sneak into your system, they have quite a few choices. They could do some serious hacking, using vulnerabilities and exploits to bypass the security checks you already have in place and tricking your servers into running software they’re not supposed to. Or they could find out how to

In response to news that multiple Snapchat employees abused their privileged access to spy on users, reported by Motherboard, the social media platform said the allegations are false. “Two former employees said multiple Snap employees abused their access to Snapchat user data several years ago. Those sources, as well as an additional two former employees,

by Danny Bradbury Can you call malware art? That’s the question up for debate this week as Chinese Internet artist Guo O Dong puts a laptop hosting a collection of viruses up for auction. Well-heeled patrons certainly seem to think it’s art – bidding had reached a cool $1.2m at the time of writing. Dong

LinkedIn users noticed on Tuesday that attempts to access the site from their desktop or laptop computer were met with an alert warning that the connection was not secure – the result of LinkedIn’s failure to renew the TLS certificate for its lnkd.in URL shortener, according to Computer Business Review (CBR). It turned out that the company

by Lisa Vaas Oops, Google said on Tuesday: you know that domain administrator’s tool to reset passwords in the G Suite enterprise product? The one we implemented back in 2005, as in, 14 years ago? We goofed, Google said. The company’s been storing copies of unhashed passwords – as in, plaintext, unencrypted passwords – all

Fraud attacks from mobile apps spiked by 300% in the first quarter of 2019, according to new researcher from RSA. Published today, the Fraud Attack Trends: Q1 2019 report found that the total fraud attacks from rogue mobile applications on January 1 was 10,390 but had jumped to 41,313 by March 31. Rogue mobile apps are

by Danny Bradbury A security researcher has discovered a massive cache of data for millions of Instagram accounts, publicly accessible for everyone to see. The account included sensitive information that would be useful to cyberstalkers, among others. A security researcher calling themselves anurag sen on Twitter discovered the database hosted on Amazon Web Services. It

Chinese-made drones may be sending sensitive flight data to their manufacturers in China, according an alert issued by the US Department of Homeland Security (DHS), CNN reported on May 20. In a copy of the alert obtained by CNN, DHS said, “The United States government has strong concerns about any technology product that takes American data

by John E Dunn Some of Europe’s biggest ISPs and mobile operators stand accused of using Deep Packet Inspection (DPI) technology to quietly undermine net neutrality rules and user privacy. News of the troubling allegation first reached the public domain earlier this year in an analysis by German organisation epicenter.works. It claimed it had detected

Complying with a request by US authorities, Ecuadorian officials are preparing to hand over documents that are reportedly the entire legal defense against Julian Assange, compiled during the time he has been living in the Ecuadorian embassy in London, according to WikiLeaks. “On Monday Ecuador will perform a puppet show at the embassy of Ecuador

by John E Dunn A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back after the American Registry for Internet Numbers (ARIN) won a landmark judgment against it. The dispute began in late 2018 when ARIN, which allocates IPv4 addresses in the US, Canada and parts of the Caribbean

The city of Baltimore’s computer systems have remained down since a ransomware attack hit more than a week ago, but the city says it will not pay the ransom despite today’s final 10-day deadline, according to copy of the ransom note obtained by the Baltimore Sun. The May 7 note warned that if the ransom were

by John E Dunn Arrests in Europe and the US appear to have ended the cybercrime careers of the gang behind the GozNym banking malware. According to Europol, which coordinated the pursuit of 10 people in Ukraine, Moldova, Georgia, Bulgaria, Germany and the US, GozNym stole $100 million by infecting 41,000 devices around the world

A recent survey found that to gain counterintelligence the vast majority of organizations would allow an attacker to take decoy files rather than stop an attack in progress, according to the latest International Cyber Benchmark Index from the Neustar International Security Council (NISC). A reported one in five companies are currently employing forensic investigations, as

by Lisa Vaas Six people have been indicted for allegedly being SIM card swappers who stole victims’ identities and their cryptocurrency, and three mobile phone company employees have been indicted for allegedly accepting bribes to help them steal subscribers’ identities. On Thursday, federal prosecutors in the US Attorney’s Office for the Eastern District of Michigan