Nearly 20,000 Orange modems are being targeted thanks to a vulnerability leaking their SSID and Wi-Fi passwords, researchers at Bad Packets have warned. The firm’s honeypots first picked up the attack traffic targeting Orange Livebox ADSL modems. After conducting a simple Shodan search, chief research officer, Troy Mursch found 19,490 such devices leaking their Wi-Fi credentials
by Maria Varmazis Intrusions into your Twitter account might range from mild annoyance, to a serious PR fail, to an international political gaffe. Regardless of how you use it, there’s no need to make it easier for someone who wants to hijack your Twitter account. It’s quite easy to improve the security of your Twitter
The personal data of more than half a million staff and students of San Diego high schools from the past decade is now likely in the hands of hackers, it has emerged. A statement from the San Diego Unified School District on Friday revealed that unauthorized access was achieved by a simple phishing campaign which compromised
by Lisa Vaas About 11,000 passengers are crammed into Gatwick Airport, their flights grounded since last night as a drone operator repeatedly flew two unmanned aerial vehicles (UAVs) close to the runway. Flights can’t take off or land until it’s safe to do so, and that can’t happen until police find the operator. Gatwick, a
The UK government has launched a new cybersecurity skills strategy designed to reduce industry shortages, and a new independent body to help shape the future of the profession. The Initial National Cyber Security Skills Strategy sets out not only to recruit more skilled professionals into the industry but also raise the awareness levels of the
by John E Dunn Microsoft has found itself fixing a lot of zero-day flaws recently, including CVE-2018-8611, (patched this month), and November’s CVE-2018-8589 and CVE-2018-8589. Now it has released an emergency patch for a remote code execution (RCE) zero-day vulnerability in Internet Explorer’s Jscript scripting engine affecting all versions of Windows, including Windows 10. Identified
In response to the issues of data privacy questions that have erupted in the aftermath of the Facebook-Cambridge Analytical scandal, a startup, FigLeaf, co-founded by CEO Slava Kolomeichuk and CRO Yuriy Dvoinos, is developing an app that will help users understand how their personal information has been affected. The new app is slated for use
by Lisa Vaas Apple apparently didn’t learn much from Bono-gate – when it foisted a U2 album onto users’ devices without so much as a by-your-leave – because it’s gone and done it again. This time, it’s been spamming users with promotions for its Carpool Karaoke show, among other push notifications, in spite of its TV
Southern University celebrated a first in its history with the graduation of Davonne Franklin, 22, a member of the Army National Guard who was the school’s first ever cybersecurity graduate. Franklin enrolled in the ROTC and attended Southern University after graduating from McKinley High in Baton Rouge. When he completed his basic training, he returned
by Lisa Vaas Nagging text messages help smokers to quit, Chinese researchers have found. In a clinical trial carried out across various cities and provinces in China, they pulled in 1,369 people (mostly men) who agreed to join a smoking-cessation program. Then, they divided them into three groups: subjects who received five text messages/day, those
All those who have relied upon the e-commerce giant Amazon to order their holiday gifts should heed caution when receiving order confirmation emails, as EdgeWave reportedly discovered a new and highly sophisticated malspam campaign sending fake Amazon order confirmation messages. The messages are reportedly quite convincing, and include subject lines that read “Your Amazon.com order,” ”Amazon
by Danny Bradbury Microsoft will install non-security patches on Windows machines in advance of Patch Tuesday, if users select a new and not particularly descriptive option in Windows Update, it was revealed last week. The company explained the new ‘Check for Updates’ box in Windows 10 in a recent blog post, but left some concerned that
Efforts to take down multiple domains that offered distributed denial-of-services (DDoSs) for hire were successful and resulted in another announcement from the Justice Department (DOJ), which yesterday declared that it had seized 15 internet domains, as well as filed criminal charges against three defendants who facilitated the computer attack platforms. According to a DOJ news release
by John E Dunn The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA). The latest is from campaign group Amnesty International, which said it had detected two campaigns sending bogus account alerts targeting around 1,000 human rights defenders
Researchers have discovered a kernel-based vulnerability in a driver bundled with IBM Trusteer Rapport for MacOS, according to a recently published advisory from Trustwave. If exploited, the vulnerability could elevate privileges on the local machine, allowing an attacker to subvert or disable Trusteer altogether. According to Trustwave, its researchers worked with IBM throughout the disclosure process.
by Paul Ducklin The Naked Security Podcast rings out 2018 with a look at the big issues of the past year. With Anna Brading, Paul Ducklin and Matthew Boddy. This week’s links: Huge Marriott breach Big Facebook breach Cambridge Analytica’s secret coding sauce Iranian hackers charged over SamSam ransomware After SamSam comes the Ryuk ransomware
The agency at the helm of Singapore’s digital services, the Government Technology Agency of Singapore (GovTech Singapore), announced that Singapore will be working with security researchers over the course of three weeks on a bug bounty program intended to further protect Singapore citizens and help secure public-facing government systems. Singapore has established multiple cyber initiatives
by Danny Bradbury Teenage hackers have been making a fortune from selling stolen accounts for the popular online game Fortnite, it emerged this week. Players have been reporting stolen accounts for a while, but this week the extent of the “Fortnite cracking” problem was revealed. The BBC interviewed one Slovenian teenager who said he had
In the aftermath of an extensive New York Times investigation into Facebook’s data privacy regulations and whether the company violated the privacy and public policy regulations of the Federal Trade Commission, Sen. Amy Klobuchar (Minn.) said that it is time for her colleagues to step up. During an NPR interview, Sen. Klobuchar talked about commonsense
by Danny Bradbury Facebook hit back at press reports this week that highlighted a deep network of privileged data-sharing partnerships between the social media company and other large organisations. The bi-lateral relationships saw companies including Amazon, Netflix, Microsoft and Spotify exchange user data that helped both them and Facebook extend their reach by learning more
An active email campaign is reportedly targeting banking and financial services employees in the US and UK using popular cloud services to host the malicious payload, according to a blog posted today by Menlo Security. The campaign targets endpoints, including PCs, and attackers are reportedly using two types of payloads – VBScripts and JAR files
by Lisa Vaas A new form of insider threat has been discovered, with evidence of a threat actor attempting to burgle a homeowner via illicit snack delivery orders placed on her Amazon Alexa smart speaker. According to the UK’s National Animal Welfare Trust, the culprit goes by the handle of “Rocco,” a fugitive African Grey
Supporters of YouTube sensation PewDiePie have been at it again, this time defacing a Wall Street Journal web page in another bid to boost his subscribers. The page itself, originally sponsored by a technology giant, was apparently fixed promptly by the newspaper’s IT team, but can be viewed here. It references the WSJ’s 2017 investigation
by Lisa Vaas A bug in Facebook’s photo API may have exposed up to 6.8 million users’ photos to app developers, the company announced on Friday. Facebook said that normally, when a user gives permission for an app to get at their Facebook photos, the developers are only supposed to get access to photos that are
Printers around the world appear to have been hijacked again with a message to subscribe to a popular YouTube vlogger, and improve their cybersecurity. Those behind the attack are thought to be the same ones that managed to get a message in support of social media star PewDiePie printed out on 50,000 machines last month.
by Lisa Vaas Oh, those incorrigible password abusers. After all these years of being shamed (if they cared or were paying attention), they’re still using “123456” as a password. This year, according to SplashData’s annual worst password list, that stale cracker came in at No. 1. Again. “password” was the No. 2 dust bunny to
Law enforcement agencies across the country spent the better part of yesterday evening investigating a slew of bomb threats delivered by email to businesses and universities across the US and Canada. The hoax email warning that an explosive device was in the recipient’s place of work evoked fear among many Americans yesterday, according to KrebsonSecurity.
by Lisa Vaas Facebook filed a patent, titled “Offline Trajectories,” last week in which it proposes predicting users’ “location trajectories” – in other words, where we’re likely headed. Knowing when we’re about to hurtle into a no-WiFi-connection limbo means Facebook can “prefill” our phones with content and ads. It knows enough to know a lot more
An unprotected ElasticSearch server led to a potentially massive data leak for a popular avatar app maker, Boomoji. The app, which is based in China and has 5.3 million users across the globe, allows iOS and Android users to create 3D avatars. The personal data of its entire user base was exposed after Boomoji reportedly left
by Danny Bradbury Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too. Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site.