Tuesday, March 31, 2020

Marriott International confirms data breach of up to 5.2 million guests

Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people. The hotel chain says it uses an application to help provide services to its guests. Beginning mid-January this year, the login...

Patch now! Critical flaw found in OpenWrt router software

OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.

Dharma ransomware source code on sale for $2,000

The source code for ransomware-as-a-service strain Dharma has been put up for sale by hackers.

Data on almost every citizen of Georgia posted on hacker forum

Where did it all come from? 4.9m records were posted on a hacking forum - and the country only has an estimated population of 3.7m.

Researchers speed the death of ‘bad’ data in the race against good

They have a way to inject 'good' data - i.e., accurate COVID-19 news or security patches - to outpace the spread of fake news or malware.

“Instant bank fraud” warning spread on WhatsApp is a hoax

No, we don't know why people start hoaxes like this. You can do your bit by not forwarding them, not even "just in case".

5 tips for keeping your data safe this World Backup Day

The only backup you will ever regret... is the one you didn't make

No, Houseparty hasn’t hacked your phone and stolen your bank details

There's one thing missing in all the claims that deleting the Houseparty app will "unhack" you - evidence"

How to stay on top of coronavirus scams – and all the others too

The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too...

Apple’s iOS 13.4 hit by VPN bypass vulnerability

It’s less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.

Chrome may bring back ‘www’ with option to show full URLs

Google's doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a site's security.

Should governments track your location to fight COVID-19?

Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.

Google sent ~40K warnings to targets of state-backed attackers in 2019

Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.

Monday review – the hot 22 stories of the week

From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.

Android apps are snooping on your installed software

Android apps are snooping on other software on your device - and that could tell shady advertising companies more about you than you'd like.

Firefox 76 will have option to enforce HTTPS-only connections

The aim is to block the browser from reaching the small number of sites that cling to HTTP, closing security risks.

Thousands of Dark Web sites deleted in attack on free hosting service

It's the second time that the popular Daniel's Hosting platform was attacked in 16 months. This time, 7,600 Dark Web sites were obliterated.

FBI takes down hacker platform Deer.io

The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services,...

S2 Ep32: ZoomBombing, Android malware and the WhatsApp Martinelli hoax – Naked Security Podcast

Join Sophos experts for the latest cybersecurity news and advice.

Watch out! Scummy scammers target home deliveries

Anxiously waiting for a home delivery? Don't be tricked by a message that says there's a problem with your address...

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...