Security

0 Comments
Hotel chain Marriott has confirmed widespread reports of a significant data breach with the sensitive details of 500 million customers possibly compromised. In an online statement, the company said: “On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security
0 Comments
by Lisa Vaas A popular massage-booking app has spilled the beans on 309,000 customer profiles, including comments from their masseurs or masseuses on how creepy their customers are. The app’s wide-open, no-password-required database was discovered by researcher Oliver Hough, who tipped off TechCrunch. Hough said in a tweet on Tuesday that the breach was caused
0 Comments
Two Iranian men have been indicted for a string of ransomware attacks over the past three years, causing $30m in losses to over 200 organizations, mainly in the US. Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of operating the infamous SamSam ransomware variant which targeted notable organizations including the Hollywood
0 Comments
The US authorities are claiming victory after dismantling two global cybercrime rings and indicting eight men on charges connected with running a major ad fraud operation. Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko were charged with wire fraud, computer intrusion, aggravated identity theft, money laundering
0 Comments
‘Tis the season for cyber-scams, according to the new Holiday Threat Report from Carbon Black. The report compared cyber-attack data over the last two years and found that once cyber-attacks spike on Cyber Monday, they will likely remain elevated throughout the holiday season. The holiday season of 2016 saw a 20.5% surge in attempted attacks, but
0 Comments
Law enforcement agencies across the EU have successfully shut down more than 33,600 internet domains distributing counterfeit or stolen items, according to a press release published today by Europol. Europol announced that its Intellectual Property Crime Coordinated Coalition (IPC3) seized 33,654 domain names that had been selling contraband, including counterfeit pharmaceuticals, pirated films, television shows,
0 Comments
Facebook has again made headlines after the UK Parliament leveraged its legal right to demand documents alleged to include confidential email exchanges between top executives, as well as correspondences with CEO Mark Zuckerberg, according to The Guardian. The documents are believed to contain the details of Facebook’s data and privacy controls prior to the Cambridge Analytica
0 Comments
Uber has been hit with a £385,000 fine by the UK’s data protection regulator after a notorious breach in October/November 2016 which affected over 2.7 million customers and drivers. The Information Commissioner’s Office (ICO) branded the incident the result of “a series of avoidable data security flaws.” The hackers managed to obtain username and password combinations previously
0 Comments
The Cyber Security Challenge has named 19-year-old Edinburgh Napier University student Charlie Hosier as its 2018 champion. The winner was announced at a dinner event held in central London at the culmination of Cyber Security Challenge’s 2018 masterclass, which saw 42 contestants participate in the three-day event at Barclays HQ. This year’s cryptofactor challenge saw teams tasked
0 Comments
Microsoft has revealed the causes of a major global incident last week that led to large numbers of Azure, Office 365, Dynamics and other Microsoft users being unable to log-in to their services. The 14-hour outage affected Microsoft Azure AD Multi-Factor Authentication (MFA) services, but “gaps in telemetry and monitoring” for these delayed attempts to
0 Comments
by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 19 November 2018 Mozilla’s IoT gift guide ranks gadgets from secure to shoddy Has that website been pwned? Firefox Monitor will tell you Did a copy-paste error reveal the US’s secret
0 Comments
by John E Dunn One of Intel’s fixes for the Spectre variant 2 chip flaw (CVE- 2017-5715) appears to have taken a big bite out of the performance of the latest Linux kernel. The mitigation in question is the Single Thread Indirect Branch Predictors (STIBP), one of three that Intel proposed not long after details of
0 Comments
Police in Ukraine have arrested a man who allegedly used a notorious Remote Access Trojan (RAT) to target thousands of users around the world. A statement from the Ukrainian National Police on Friday said that cyber specialists on the force cuffed a 42-year-old man from Lviv on suspicion of using the DarkComet malware. He’s said
0 Comments
A German privacy regulator has issued its first GDPR fine after a hacker stole unencrypted data on hundreds of thousands of customers of a local chat app. The Baden-Württemberg Data Protection Authority (LfDI) fined Knuddels just €20,000 ($22,700) despite the firm having stored user passwords and emails in plain text. As a result, hackers were
0 Comments
Security experts have lined up to warn consumers of a deluge of phishing and gift card scams as Cyber Monday kicks off today. The US online sales blitz has also become something of a staple across some European countries, especially in the UK where it’s predicted that sales today will take total online spending for
0 Comments
A Manhattan man is alleged to have stolen $1m in cryptocurrency from a Silicon Valley executive in a classic SIM swapping attack. Nicholas Truglia, 21, allegedly targeted several victims including Saswata Basu, CEO of blockchain service 0Chain Myles Danielsen, vice-president of Hall Capital Partners and Gabrielle Katsnelson, co-founder of startup SMBX. He was apparently able to hijack all of
0 Comments
The advanced persistent threat (APT) group GreyEnergy has been targeting industrial networks across Ukraine and Eastern Europe for years, and according to analysis of the group’s activity, the attacks begin with a malicious document sent in a phishing email. Nozomi Networks performed analysis on the GreyEnergy advanced ICS malware and found that the tools and tactics used by
0 Comments
A self-proclaimed leader in enabling operational intelligence, OSIsoft, maker of PI system software, announced an ongoing investigation into a data breach that likely compromised all domain accounts. On 16 November, the company reported that it was experiencing a security incident that potentially affected everyone from employees and interns to consultants and contractors. Attackers reportedly stole credentials and
0 Comments
In advance of a meeting between US President Donald Trump and China’s President Xi Jinping, a US government report made claims that China had increased hacking attempts in an effort to steal American technology and shows no sign of stopping or slowing its cyber-theft practices, according to the Associated Press. The report from the Office of
0 Comments
by John E Dunn Are Ethereum’s new-fangled smart contracts the ultimate point of the blockchain or a risky experiment whose vulnerabilities presage trouble? Right now, few doubt that smart contracts – instruction workflows in a language called Solidity that automate complex, profitable processes on Ethereum – require close scrutiny. The latest security flaw was discovered by smart
0 Comments
Amazon is remaining tight-lipped after sending an email to an unknown number of customers revealing that a ‘technical error’ disclosed their email address. There has been no further information from the online giant about the incident except to confirm that it had been fixed and that all affected customers had been informed. The email itself,