Trending Now
LATEST
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app
Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets
Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions.
The developers behind the malicious browser have so far stolen at least $40,000 in...
UC Browser potentially endangers 500 million users
The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk.
UC Browser, which
is available from the Google Play store, was found by Zscaler ThreatLabZ...
US stopped using floppy disks to manage nuclear weapons arsenal
US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef
It's likely the diamondback squid. There's a video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see...
Why Technologists Need to Get Involved in Public Policy
Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy."
In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has...
Why compliance concerns are pushing more big companies to the cloud
Cloud migration is accelerating as companies face compliance, security, and control concerns.
Tor Weaponized to Steal Bitcoin
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
Phishing scam targets users of Stripe payment processing service
Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data.
The attackers employ two...
In A Crowded Endpoint Security Market, Consolidation Is Underway
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
What is a Zero Day Vulnerability?
Find out what a Zero Day Vulnerability is and if there's anything you can do to protect yourself against them.
Checklist 159: What That and Tencent Will Get You
This week on the Checklist, we’ll look at a troubling connection between Apple and the Chinese government. We’ll revisit the issue of IoT security (spoiler: It’s not getting any safer out there). And we’ll round out the list with...
US Girl Scouts Launch First National Cybersecurity Challenge
US Girl Scouts Launch First National Cybersecurity ChallengeGirls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow.
Over 3,000 girls have signed up to practice their cybersecurity skills by solving a...
2.8 million CyberLink customer records exposed by unprotected database
A third-party
MongoDB database containing 2.8 million CyberLink customer records and information
was left unprotected exposing the data of several hundred thousand of the tech
company’s customers.
The database
was found by the security firm Comparitech working with security researcher Bob
Diachenko. The initial finding...
Identity Analytics and the ‘2019 Gartner Magic Quadrant for Identity Governance and Administration’
Identity governance and administration (IGA) is a strategic component of identity and access management (IAM). It is designed to help manage digital identities and entitlements across multiple systems and applications. IGA tools are paramount to achieving compliance, as they...
Italians Rocked by Ransomware
Italians Rocked by RansomwareItaly is experiencing a rash of ransomware attacks that play dark German rock music while encrypting victims' files.
The musical ransomware, called FTCode, was detected by security analysts at AppRiver in malicious email campaigns directed at Italian Office 365...
Introducing the ElectionGuard Bounty program
Announcing the new ElectionGuard Bounty program
The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center.
Free decrypter released for STOP ransomware, today’s most popular ransomware strain
New free decrypter can help victims decrypt 148 of the 160 versions of the STOP ransomware.
Baltimore Doubles Up on Cyber-Insurance Following Ransomware Attack
Baltimore Doubles Up on Cyber-Insurance Following Ransomware AttackFive months on from a ransomware attack that brought the city to its knees, Baltimore has purchased cyber-insurance for the first time.
On May 7, Baltimore became the second US city to fall...
CenturyLink Customer Data Exposed
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
Samsung to patch S10 fingerprint sensor bug next week
Samsung promises software patch next week; recommends not using custom screen covers in the meantime.
CBP mulls facial recognition tech for body cams
The U.S. Customs and Border Patrol (CBP) is considering using facial recognition in body cameras that agents will wear in the future, sending out a request for information (RFI) on biometric options that can be used to verify identity.
This...
Glitching: The Hardware Attack that can Disrupt Secure Software
Glitching is difficult, complex, and dangerous. It's one of the reasons that physical security should be part of your cybersecurity planning, particularly as the IoT expands.
Phishy text message tries to steal your cellphone account
Which sort of company is most likely to contact you via SMS? Why, your mobile phone provider, of course!
LEADERS
Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef
It's likely the diamondback squid. There's a video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Why Technologists Need to Get Involved in Public Policy
Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy."
In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has...
Adding a Hardware Backdoor to a Networked Computer
Interesting proof of concept:
At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals,...
Weekly Update 161
NDC Sydney; Removing the Padlock Icon from Chrome; Hack to the Future; Project Svalbard is Still in Progress; Sponsored by Varonis
https://www.troyhunt.com/weekly-update-161/
About that “Any fingerprint can unlock your Samsung Galaxy S10” report
Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…
