Security

0 Comments
by Lisa Vaas You know what takes 17 minutes? Building a piece of Ikea’s 5-minute furniture. Walking one mile if you’re in decent shape. Making £500k (USD $569,000) if you’re Facebook. The Register crunched the numbers because that sliver of Facebook revenue – £500k (about $640k) – is how much the social media giant has
0 Comments
As the 2018 midterm elections near, many remain concerned about the security of election infrastructure at the national level, though Steve Grobman, CTO at McAfee, said the realistic security risk lies in an attacker tampering with information and targeting individual counties and states. “A realistic attack wouldn’t require mass voting manipulation or the hacking of
0 Comments
Following reports that Chinese spies infiltrated the supply chain of servers assembled by Supermicro Computers Inc., the New York–based CYBERGYM has launched a new infrastructure-security combat training program. Driven by the belief that threats posed by these types of supply chain and infrastructure hacks are significant, CYBERGYM said it developed the training to help organizations
0 Comments
According to the 2019 Global ICS & IIoT Risk Report published by CyberX, cyber-criminals are increasingly targeting the vulnerabilities of industrial control systems (ICSs) and the industrial internet of things (IIoT).  The report reflects the findings from data captured over the past 12 months from more than 850 production ICS networks across all industrial sectors. While the
0 Comments
by John E Dunn Mozilla’s ambition to turn Firefox into the number one privacy browser was never going to be easy to pull off. Too few, or ineffective, controls and privacy becomes a benefit in name only. Too many blunt controls and there is a danger of making websites difficult to use in ways that
0 Comments
Over 80% of security professionals are concerned about the prospect of attackers using artificial intelligence (AI) against their organization, according to new research from Neustar. The global information services provider polled 301 IT and security professionals across EMEA and the US to compile its latest International Cyber Benchmarks Index. It found that although 87% of
0 Comments
by Lisa Vaas Have you recently tried to ditch a mobile app, only to have it keep following you around? If so, you may be a victim of a new crop of uninstall trackers that go beyond letting app developers track bugs and poor user experience: they also let developers track app users “the instant” they
0 Comments
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
0 Comments
Early last week, the Centers for Medicare & Medicaid Services (CMS) announced some suspicious activity in the Federally Facilitated Exchanges (FFE), an agent and broker exchanges portal. On October 13, 2018, a CMS staffer noticed the anomalous activity that resulted in the agency declaring a breach on October 16. An unauthorized user reportedly accessed the
0 Comments
by John E Dunn Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin,
0 Comments
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey
0 Comments
Despite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra. Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and
0 Comments
The personal details of over half a million American voters has been leaked after yet another cloud database misconfiguration, this time by a right-wing fundraising organization. Researchers at UpGuard found a publicly readable Amazon S3 storage bucket at the end of August, belonging to the Tea Party Patriots Citizen Fund (TPPCF). The TPPCF is what’s
0 Comments
Europol and the European Banking Federation have launched a new campaign designed to raise public awareness of growing incidents of financial fraud and data theft, as part of European Cyber Security Month (ECMS). Over the coming week, law enforcers from 28 EU member states as well as Colombia, Liechtenstein, Norway, Switzerland and Ukraine will be
0 Comments
Organizations globally are suffering a crippling cybersecurity workforce “gap” of 2.9 million employees today, putting the majority at greater risk of attack, according to the latest estimates from (ISC)². The global certifications body has introduced a new gap analysis methodology, which explains why the figures are so much higher than the predicted 1.8 million industry shortfall
0 Comments
by John E Dunn Apple’s iOS security team must be starting to feel as if they’re being besieged by security sleuth José Rodríguez. In his latest YouTube proof-of-concept, the Spaniard demonstrates how an attacker with physical access to an Apple device running iOS 12.0.1 (including the latest X and XS models) can gain access to
0 Comments
Global exposure to and losses from tech support scams has dropped over the past two years as consumers become more savvy, although in the UK the number suffering financially increased slightly, according to Microsoft. The computing giant polled over 16,000 internet users in 16 countries worldwide to better understand how trends are evolving. The latest
0 Comments
The US Department of Defense has suffered a major breach of employee’s personal and financial information, according to reports. An unnamed official told AP that the incident may have affected as many as 30,000 civilian and military personnel. A statement seen by the newswire confirmed that the incident had been discovered at the beginning of
0 Comments
by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 8 October 2018 Unpatched routers bad, doubly unpatched routers worse – much, much worse! Attackers use voicemail hack to steal WhatsApp accounts Phantom Secure CEO sold encrypted phones to drug cartels
0 Comments
A new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team. Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the malware’s behavior is similar to that of the current iteration of the
0 Comments
On October 11, 2018, WikiLeaks published AmazonAtlas, a 20-page document from late 2015 containing the addresses and operational details for more than 100 of Amazon’s data centers, one of which indicates an affinity for the comedy of Jerry Seinfeld. In addition to revealing the information about the data centers, located in 15 cities across nine countries,
0 Comments
by John E Dunn Kanye West did something incredibly unwise during his visit to the White House this week that had nothing to do with making the media and a famously impatient President Trump sit through a 10-minute expletive-laced monologue. Pulling out an iPhone XS to show the assembled throng a picture of the hydrogen-powered