Friday, March 22, 2019
Internet Storm Center Infocon Status

LATEST

IDG Contributor Network: Facebook stashing plain text passwords is a wake-up call to improve GRC

As details emerged of how Facebook captured hundreds of millions of plain text passwords and stored them on internal company servers, my entire IT career flashed before my eyes. While it is criminal that there is apparently no adult...

Sacked IT guy annihilates 23 of his ex-employer’s AWS servers

He was fired after four weeks, ripped off the credentials of former colleague "Speedy", and will be mulling it all over for two years in jail.

UK E-commerce Fraud Soars 27% in 2018

UK E-commerce Fraud Soars 27% in 2018UK e-commerce fraud hit nearly £400m in 2018, accounting for the vast majority (78%) of all card not present (CNP) fraud and fueled by an ongoing epidemic in data breaches and social engineering,...
SC Magazine

Top five application security pitfalls to avoid

What are the common perils and pitfalls CISOs should consider when investing in corporate application security and Application Security Testing (AST)? Spending without holistic application inventory Shadow and legacy web-based systems, abandoned web services and APIs, expired SSL certificates, and unprotected cloud storage (e.g....
The Hacker News

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity...

Spycam sex videos of 1,600 motel guests sold to paying subscribers

1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.
The Hacker News

Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter...
Tripwire

NC County Government Suffers Third Ransomware Infection in 6 Years

A county government in North Carolina has suffered a ransomware infection for the third time in the past six years. According to a statement published on its website, the Orange County government observed on 18 March that a virus...

Scammer pleads guilty to fleecing Facebook and Google of $121m

Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?
Bruce Schneier

Enigma, Typex, and Bombe Simulators

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article.

Researchers Raise Privacy Alarm Over Medicine Apps

Researchers Raise Privacy Alarm Over Medicine Apps Researchers have raised serious privacy concerns over the use of medical apps in the Google Play store after noting that the majority share user data with third parties. Published in The BMJ this...
SecurityWeek

Observations From RSA Conference 2019

The RSA Conference is one of the premier events in the cybersecurity world. At times, it can be an overwhelming experience for vendors and attendees alike because of its massive scale and fast pace; however, it’s also a great...
ZDNet

Critical flaw revealed in Facebook Fizz TLS project

The DoS vulnerability is trivially easy to trigger.

Man Pleads Guilty to $3m Tech Support Scam

Man Pleads Guilty to $3m Tech Support Scam A North Carolina man has pleaded guilty to his part in a global tech support scam conspiracy which netted over $3 million in profits from unsuspected computer users. Bishap Mittal, 24, from...

Whip your information security into shape with ISO 27001

Every company has sensitive data that needs to be protected. Securing information properly is a challenge that requires careful management of people and assets through the application of clear policies and procedures. Unfortunately, many businesses lack the expertise needed...

Magecart payment card skimmer gang returns stronger than ever

Hackers are using increasingly sophisticated techniques to hide malicious code on e-commerce websites with the goal of stealing payment card details. Known as web skimmers, these malicious scripts have led to major breaches at online retailers over the past...
The Hacker News

Microsoft Announces Windows Defender ATP Antivirus for Mac

Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well—and to...
The Register

Hey, what’s Mandarin for ‘WTF is going on?’ Nokia phones caught spewing device IDs to China, software blunder blamed

Maker insists the privacy cock-up has been fixed, mostly An undisclosed number of Nokia 7 Plus smartphones have been caught sending their identification numbers to a domain owned by a Chinese telecom firm.…
SecurityWeek

Researchers Earn $270,000 for Firefox, Edge Hacks at Pwn2Own 2019

White hat hackers earned a total of $270,000 on the second day of the Pwn2Own hacking competition for demonstrating exploits against the Mozilla Firefox and Microsoft Edge web browsers. read more
ZDNet

Microsoft tech support scammer pleads guilty to defrauding victims of $3 million

Suspect admits role in criminal operation within a week after being arrested.
The Register

Don’t have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)

US govt sounds alarm over wireless comms, caveats apply Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain...
The Register

‘Sharing of user data is routine, yet far from transparent’ is probably what you don’t want to hear about medical apps. But 2019 is gonna 2019

Study found Android software slinging deets all over the place Folks using healthcare-related Android apps: after you've handed over your private details to that software, do you know where it is sending your data? If you don't, nobody should...
The Register

‘Sharing of user data is routine, yet far from transparent’ is not what you want to hear about medical apps. But 2019 is gonna 2019

Study finds Android software slinging deets all over the place Folks using healthcare-related Android apps: after you've handed over your private details to that software, do you know where it is sending your data? If you don't, nobody should...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

Thousands of new API or cryptographic keys leak via GitHub projects every day.
557FollowersFollow

LEADERS

Bruce Schneier

Enigma, Typex, and Bombe Simulators

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article.

Some 2000 Facebook staff had access to millions of Facebook users’ passwords… stored in plaintext

Stretching back as far as 2012, Facebook has been storing the passwords of hundreds of millions of users unencrypted, in plaintext. And those passwords were searchable by Facebook staff…
Brian Krebs

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so...

Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy! All this and much more is discussed...
Bruce Schneier

First Look Media Shutting Down Access to Snowden NSA Archives

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014,...