MoviePass database exposes 161 million records
An exposed database on a MoviePass subdomain
housing 161 million records was left unsecured and exposed credit card and
customer card information on at least 60,000 of the ticket service’s
customers.
The database, which included expiration dates,
names and addresses on some users as...
Capital One hacker to ask for release on bail
The person behind the massive Capital One data breach that
exposed more than 100 million records will go before a federal judge on Friday
and ask to be released on bail.
The transgender Paige Thompson, who identifies as female, is
expected to say...
Instagram asks security researchers to check out ‘Checkout’ feature
Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app.
CNN this week reported that Facebook-owned Instagram...
Nowhere to turn for middle market companies decimated by cybercrime
Middle-market companies are facing the bleak reality that
they must increasingly combat cyber threats on their own – with little help and
fewer resources than their larger counterparts. Many are finding that they are prime
targets ready for ambush by cybercriminals. Because...
iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices
Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system.
The unpatched vulnerability is CVE-2019-8605,...
Fake VPN and office software websites spread Bolij.2 banking trojan
Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers.
Launched on Aug. 8, the fake NordVPN site,...
One million Luscious porn site accounts compromised
Researchers
at VPNMentor were able to access almost more than one million user accounts associated
with the pornographic website Luscious.
VPNMentor’s Noam Rotem and Ran Locar found 1.195 million records associated with the one million registered site users containing a variety of...
Vulnerabilities seen on Google Nest Cam IQ Indoor camera
Cisco Talos
has uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera that
can enable a denial of service situation or enable code execution for an
unauthorized user.
Version 4620002
camera is affected by the vulnerabilities
and Cisco Talos has revealed and worked with...
Mobile Device Security for Blue Collar Workers
From blue-collar to new-collar
When we picture the typical technology
worker, many of us naturally think of an office worker who spends most of their
day chained to a desk, sitting in a home office or getting WiFi at a Starbucks.
But that...
First half 2019 sees 4,000 data breaches exposing 4B records
The number of data breaches reported and records exposed
both increased by more than 50 percent during the first half of 2019 compared
to the same period in 2018.
The 2019 MidYear QuickView Data Breach Report by Risk Based Security found that...
U.S. renews temporary license allowing companies to sell to Huawei, adds 45 to blacklist
The Commerce Department Tuesday renewed a temporary license that
allows U.S. companies to sell their products to Huawei but blacklisted
exporting products to 45 companies associated with the Chinese technology firm.
Commerce
Secretary Wilbur Ross justified the 90-day renewal in a release,
saying that...
Delta sues AI vendor over 2017 breach exposing info on 825K
After information on 825,000 Delta Airlines customers was
exposed and potentially stolen by at least one hacker in 2017, the airline has
filed suit against chatbot vendor 7.ai, claiming poor security led to the
breach.
Delta
also took aim at the vendor for waiting...
Virginia State Police recoup $300K stolen in BEC scam
The Virginia State Police were able to recover just over
half of the $600,000 that was stolen from Spotsylvania County in a business
email compromise scheme.
The state police, working with other in and out-of-state law
enforcement agencies were able to track down...
CyberRisk Alliance acquires Cybersecurity Collaborative establishing its Peer Council Business Platform
New York, NY, August 19, 2019 — CyberRisk Alliance (“CRA”),
a business intelligence company serving the cybersecurity and information risk
management marketplace, has acquired Cybersecurity Collaborative, a peer
council platform for Chief Information Security Officers (CISOs) and other
senior-level security executives from Stuart...
First Look: Corelight Sensor
One of the biggest security challenges companies face is organizing mountains of network data in
a format that makes it actionable for security teams; the large volumes and
unstructured format also makes it difficult for SIEMs to interpret.
The interesting part...
Ready or Not, Here Comes FIDO: How to Prepare for Success
Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication”
read more
Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report
Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons.
read more
The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI
Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
A botnet has been cannibalizing other hackers’ web shells for more than a year
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
