Security

0 Comments
Nearly 20,000 Orange modems are being targeted thanks to a vulnerability leaking their SSID and Wi-Fi passwords, researchers at Bad Packets have warned. The firm’s honeypots first picked up the attack traffic targeting Orange Livebox ADSL modems. After conducting a simple Shodan search, chief research officer, Troy Mursch found 19,490 such devices leaking their Wi-Fi credentials
0 Comments
by Maria Varmazis Intrusions into your Twitter account might range from mild annoyance, to a serious PR fail, to an international political gaffe. Regardless of how you use it, there’s no need to make it easier for someone who wants to hijack your Twitter account. It’s quite easy to improve the security of your Twitter
0 Comments
The personal data of more than half a million staff and students of San Diego high schools from the past decade is now likely in the hands of hackers, it has emerged. A statement from the San Diego Unified School District on Friday revealed that unauthorized access was achieved by a simple phishing campaign which compromised
0 Comments
by Lisa Vaas About 11,000 passengers are crammed into Gatwick Airport, their flights grounded since last night as a drone operator repeatedly flew two unmanned aerial vehicles (UAVs) close to the runway. Flights can’t take off or land until it’s safe to do so, and that can’t happen until police find the operator. Gatwick, a
0 Comments
The UK government has launched a new cybersecurity skills strategy designed to reduce industry shortages, and a new independent body to help shape the future of the profession. The Initial National Cyber Security Skills Strategy sets out not only to recruit more skilled professionals into the industry but also raise the awareness levels of the
0 Comments
by John E Dunn Microsoft has found itself fixing a lot of zero-day flaws recently, including CVE-2018-8611, (patched this month), and November’s CVE-2018-8589 and CVE-2018-8589. Now it has released an emergency patch for a remote code execution (RCE) zero-day vulnerability in Internet Explorer’s Jscript scripting engine affecting all versions of Windows, including Windows 10. Identified
0 Comments
In response to the issues of data privacy questions that have erupted in the aftermath of the Facebook-Cambridge Analytical scandal, a startup, FigLeaf, co-founded by CEO Slava Kolomeichuk and CRO Yuriy Dvoinos, is developing an app that will help users understand how their personal information has been affected. The new app is slated for use
0 Comments
Southern University celebrated a first in its history with the graduation of Davonne Franklin, 22, a member of the Army National Guard who was the school’s first ever cybersecurity graduate. Franklin enrolled in the ROTC and attended Southern University after graduating from McKinley High in Baton Rouge. When he completed his basic training, he returned
0 Comments
by Lisa Vaas Nagging text messages help smokers to quit, Chinese researchers have found. In a clinical trial carried out across various cities and provinces in China, they pulled in 1,369 people (mostly men) who agreed to join a smoking-cessation program. Then, they divided them into three groups: subjects who received five text messages/day, those
0 Comments
All those who have relied upon the e-commerce giant Amazon to order their holiday gifts should heed caution when receiving order confirmation emails, as EdgeWave reportedly discovered a new and highly sophisticated malspam campaign sending fake Amazon order confirmation messages.   The messages are reportedly quite convincing, and include subject lines that read “Your Amazon.com order,” ”Amazon
0 Comments
Efforts to take down multiple domains that offered distributed denial-of-services (DDoSs) for hire were successful and resulted in another announcement from the Justice Department (DOJ), which yesterday declared that it had seized 15 internet domains, as well as filed criminal charges against three defendants who facilitated the computer attack platforms. According to a DOJ news release
0 Comments
by John E Dunn The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA). The latest is from campaign group Amnesty International, which said it had detected two campaigns sending bogus account alerts targeting around 1,000 human rights defenders
0 Comments
Researchers have discovered a kernel-based vulnerability in a driver bundled with IBM Trusteer Rapport for MacOS, according to a recently published advisory from Trustwave. If exploited, the vulnerability could elevate privileges on the local machine, allowing an attacker to subvert or disable Trusteer altogether. According to Trustwave, its researchers worked with IBM throughout the disclosure process.
0 Comments
The agency at the helm of Singapore’s digital services, the Government Technology Agency of Singapore (GovTech Singapore), announced that Singapore will be working with security researchers over the course of three weeks on a bug bounty program intended to further protect Singapore citizens and help secure public-facing government systems. Singapore has established multiple cyber initiatives
0 Comments
In the aftermath of an extensive New York Times investigation into Facebook’s data privacy regulations and whether the company violated the privacy and public policy regulations of the Federal Trade Commission, Sen. Amy Klobuchar (Minn.) said that it is time for her colleagues to step up. During an NPR interview, Sen. Klobuchar talked about commonsense
0 Comments
by Danny Bradbury Facebook hit back at press reports this week that highlighted a deep network of privileged data-sharing partnerships between the social media company and other large organisations. The bi-lateral relationships saw companies including Amazon, Netflix, Microsoft and Spotify exchange user data that helped both them and Facebook extend their reach by learning more
0 Comments
An active email campaign is reportedly targeting banking and financial services employees in the US and UK using popular cloud services to host the malicious payload, according to a blog posted today by Menlo Security. The campaign targets endpoints, including PCs, and attackers are reportedly using two types of payloads – VBScripts and JAR files
0 Comments
Supporters of YouTube sensation PewDiePie have been at it again, this time defacing a Wall Street Journal web page in another bid to boost his subscribers. The page itself, originally sponsored by a technology giant, was apparently fixed promptly by the newspaper’s IT team, but can be viewed here. It references the WSJ’s 2017 investigation
0 Comments
Printers around the world appear to have been hijacked again with a message to subscribe to a popular YouTube vlogger, and improve their cybersecurity. Those behind the attack are thought to be the same ones that managed to get a message in support of social media star PewDiePie printed out on 50,000 machines last month.
0 Comments
Law enforcement agencies across the country spent the better part of yesterday evening investigating a slew of bomb threats delivered by email to businesses and universities across the US and Canada. The hoax email warning that an explosive device was in the recipient’s place of work evoked fear among many Americans yesterday, according to KrebsonSecurity.
0 Comments
by Lisa Vaas Facebook filed a patent, titled “Offline Trajectories,” last week in which it proposes predicting users’ “location trajectories” – in other words, where we’re likely headed. Knowing when we’re about to hurtle into a no-WiFi-connection limbo means Facebook can “prefill” our phones with content and ads. It knows enough to know a lot more
0 Comments
An unprotected ElasticSearch server led to a potentially massive data leak for a popular avatar app maker, Boomoji. The app, which is based in China and has 5.3 million users across the globe, allows iOS and Android users to create 3D avatars. The personal data of its entire user base was exposed after Boomoji reportedly left
0 Comments
by Danny Bradbury Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too. Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site.