Tuesday, January 28, 2020

Cardplanet mastermind pleads guilty to credit card fraud

Cardplanet offered refunds on invalid card data, along with a card checking service that ensured a stolen card was still valid.

Tinder to get panic button, catfish-fighting facial recognition

It's both a genius move to protect from assault and fraud and a personal data grab.

Instagram CEO’s homes were targetted by SWATters

Instagram CEO Adam Mosseri's houses were surrounded by SWAT teams after hoax phone calls claimed hostages were being held there.

New York wants to ban taxpayer-funded ransomware payments

One of the proposed bills would set up a $5m fund to help small towns upgrade their systems and bolster their security.

Monday review – the hot 21 stories of the week

From a big Microsoft data breach to the seizing of a stolen-creds site by the FBI - and everything in between. It's weekly roundup time.

Google finds privacy holes in Safari’s ITP anti-tracking system

Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave users exposed to a raft of privacy issues, including - ironically - being tracked.

Protestors petition equity firm over .org buyout

The street outside ICAAN's offices in Playa Vista, California, is likely a little more crowded than normal.

9th Methbot suspect arrested in massive clickfraud ring

How Sergey Denisoff described his early ad-buying ventures: buying BS popup traffic and reselling it to buyers demanding BS traffic.

Privacy watchdog throws wider net to protect children online

A new, comprehensive code will compel online services to put children's health and safety before data-collecting profits.

Looking for silver linings in the CVE-2020-0601 crypto vulnerability

Is there some good news hidden in the story of the CVE-2020-0601 crypto vulnerability?

UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone

Digital forensic evidence points to the phone's massive, months-long data egress having likely been triggered by Pegasus mobile spyware.

Apple allegedly made nice with FBI by dropping iCloud encryption plan

Sources told Reuters that Apple may have been convinced by arguments made during the legal fight over cracking the San Bernardino iPhone.

Sonos’s tone-deaf legacy product policy angers customers

Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up.

FBI issues warning about lucrative fake job scams

What’s the difference between a real job and a fake one found on the internet? The fake ones are suspiciously easy to get interviews for.

Big Microsoft data breach – 250 million records exposed

Microsoft has today announced a data breach that affected one of its customer databases.

Ubisoft sues DDoS-for-hire operators for ruining game play

The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players.

NIST’s new privacy rules – what you need to know

How do you ensure you're compliant with privacy regulations? NIST has released a Privacy Framework to help you get your house in order.

Regus spills data of 900 staff on Trello board set to ‘public’

Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello.

Nobody boogies quite like you

Our unique dancing style can be used by a machine-learning model to ID us, regardless of musical genre. Unless it's Metal. We all headbang.

Citrix ships patches as vulnerable servers come under attack

Citrix has issued its first set of patches fixing a nasty vulnerability that's been hanging over some of its biggest products.
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.