Thursday, August 22, 2019
SC Magazine

MoviePass database exposes 161 million records

An exposed database on a MoviePass subdomain housing 161 million records was left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service’s customers.  The database, which included expiration dates, names and addresses on some users as...
SC Magazine

Capital One hacker to ask for release on bail

The person behind the massive Capital One data breach that exposed more than 100 million records will go before a federal judge on Friday and ask to be released on bail. The transgender Paige Thompson, who identifies as female, is expected to say...
SC Magazine

Instagram asks security researchers to check out ‘Checkout’ feature

Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app. CNN this week reported that Facebook-owned Instagram...
SC Magazine

Nowhere to turn for middle market companies decimated by cybercrime

Middle-market companies are facing the bleak reality that they must increasingly combat cyber threats on their own – with little help and fewer resources than their larger counterparts. Many are finding that they are prime targets ready for ambush by cybercriminals. Because...
SC Magazine

iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices

Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605,...
SC Magazine

Fake VPN and office software websites spread Bolij.2 banking trojan

Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers. Launched on Aug. 8, the fake NordVPN site,...
SC Magazine

One million Luscious porn site accounts compromised

Researchers at VPNMentor were able to access almost more than one million user accounts associated with the pornographic website Luscious. VPNMentor’s Noam Rotem and Ran Locar found 1.195 million records associated with the one million registered site users containing a variety of...
SC Magazine

Vulnerabilities seen on Google Nest Cam IQ Indoor camera

Cisco Talos has uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera that can enable a denial of service situation or enable code execution for an unauthorized user. Version 4620002 camera is affected by the vulnerabilities and Cisco Talos has revealed and worked with...
SC Magazine

Mobile Device Security for Blue Collar Workers

From blue-collar to new-collar When we picture the typical technology worker, many of us naturally think of an office worker who spends most of their day chained to a desk, sitting in a home office or getting WiFi at a Starbucks. But that...
SC Magazine

First half 2019 sees 4,000 data breaches exposing 4B records

The number of data breaches reported and records exposed both increased by more than 50 percent during the first half of 2019 compared to the same period in 2018. The 2019 MidYear QuickView Data Breach Report by Risk Based Security found that...
SC Magazine

U.S. renews temporary license allowing companies to sell to Huawei, adds 45 to blacklist

The Commerce Department Tuesday renewed a temporary license that allows U.S. companies to sell their products to Huawei but blacklisted exporting products to 45 companies associated with the Chinese technology firm. Commerce Secretary Wilbur Ross justified the 90-day renewal in a release, saying that...
SC Magazine

Delta sues AI vendor over 2017 breach exposing info on 825K

After information on 825,000 Delta Airlines customers was exposed and potentially stolen by at least one hacker in 2017, the airline has filed suit against chatbot vendor 7.ai, claiming poor security led to the breach. Delta also took aim at the vendor for waiting...
SC Magazine

Virginia State Police recoup $300K stolen in BEC scam

The Virginia State Police were able to recover just over half of the $600,000 that was stolen from Spotsylvania County in a business email compromise scheme. The state police, working with other in and out-of-state law enforcement agencies were able to track down...
SC Magazine

CyberRisk Alliance acquires Cybersecurity Collaborative establishing its Peer Council Business Platform

New York, NY, August 19, 2019 — CyberRisk Alliance (“CRA”), a business intelligence company serving the cybersecurity and information risk management marketplace, has acquired Cybersecurity Collaborative, a peer council platform for Chief Information Security Officers (CISOs) and other senior-level security executives from Stuart...
SC Magazine

First Look: Corelight Sensor

One of the biggest security challenges companies  face is organizing mountains of network data in a format that makes it actionable for security teams; the large volumes and unstructured format also makes it difficult for SIEMs to interpret.    The interesting part...
SecurityWeek

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more
SecurityWeek

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
ZDNet

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.