Thursday, July 19, 2018

Airbus UK infosec gros fromage: Yep, we work with arch-rivals Boeing

Says firm's airliners designed with security foremost in mind Airbus's UK infosec chief, Ian Goslin, has said that cyber-attack attribution is a matter for "nation states" – and has questioned whether some critical national infrastructure companies are taking the...

Broker accused of netting $5m on inside info about Lattice Semiconductor

Chinese broker faces prison, if he's ever found in US juristiction An investor from China is being charged with insider trading in the US after using insider information from Lattice Semiconductor to turn a massive profit on Wall Street.…

Who’s leaving buckets open online now? Cybercroooks, election autodialers

Researchers highlight more goof ups from exposed data depots Security company Kromtech has unearthed two more embarrassing (and potentially dangerous) cases of groups leaving mass data caches unguarded on the public internet.…

Hackers demand dosh to not leak stolen Canadian patient, staff records

Thieves turns to media for help blackmail, er, compensation for their, uh, research Hackers say they will leak patient and employee records stolen from a Canadian healthcare provider unless they are paid off.…

So long and thanks for all the fixes: ERPScan left out of credits on Oracle bug-bash list

App security firm sanctioned in US over ties with Russia Oracle fixed 17 flaws in its products found by ERPScan researchers without acknowledging the application security firm, which was recently and controversially sanctioned in the US.…

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

Breach identified potential victims taking part in probe The UK's data watchdog today issued the Independent Inquiry into Child Sexual Abuse (IICSA) a £200,000 penalty after it sent a bulk email to participants that identified possible victims of historical...

Call records breach let users feel like Movistars: With everyone watching who they’re talking to

Enumeration bug potentially allowed users to peek at each others' details Telefonica Spain has inadvertently exposed the personal details of customers of its Movistar division.…

PayPal’s pal Venmo spaffs your pals’ payments – and yours

200 million transactions visible to all, inc. the inside dope on a cannabis seller's annual sales PayPal-owned digital wallet Venmo shares way too much data via its public API, according to Berlin-based researcher Hang Do Thi Duc.…

Microsoft to pay new bounties for identity services holes

If ye can board Microsoft accounts, Azure AD or even OpenID without the skipper knowing, loot be your reward Microsoft’s launched a new bug bounty program, this time for identity services.…

Blood test biz LabCorp pulls plug on systems over hacker fears

US medical testing giant says no evidence of data theft after alarms triggered Medical biz LabCorp shut down some of its systems last week after it detected "suspicious activity" on its network.…

LuminosityLink creepware developer cops plea in Kentucky

Man admits to selling remote access malware for spying A US software developer has admitted to selling and supporting malware, after originally claiming the remote access tool was legitimate admin software.…

Scumbag confesses in court: LuminosityLink creepware was my baby

Man admits to selling remote access malware used by morons for spying A US software developer has admitted to selling and supporting spyware after originally claiming his remote access tool was legitimate admin software.…

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

ES&S admits a handful of systems were shipped with PCAnywhere tool A US voting machine manufacturer has admitted some of its systems sold in the early 2000s had a remote access tool installed.…

Look, what’s that over there? Sophos nips Windows DNS DLL false positive in the bud

Temporary file temporarily shuffled off to quarantine A recently updated Windows library created a false positive problem for some Sophos users on Tuesday after the software wrongly identified it as potentially malign.…

Russia’s national vulnerability database is a bit like the Soviet Union – sparse and slow

By design, though, not... er, general rubbishness Russia's vulnerability database is much thinner than its US or Chinese counterparts, but does contain a surprisingly high percentage of security bugs exploited by its cyber-spies.…

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business accounts worth their weight in gold to scammers Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck.…

Trump wants to work with Russia on infosec. Security experts: lol no

Thanks for Putin that out there Security experts have poured scorn on plans by US president Donald Trump to work more closely with Russia on cybersecurity.…

‘007’ code helps stop Spectre exploits before they exist

Singaporeans boffins offer Spectre-protector as Fortinet ponders Android inoculation Black hats haven't yet found a way to mass-exploit the Spectre vulnerability – but mitigations are already arriving.…

Revealed in detail: World powers stuff spyware kit, how-to guides in dodgy nations’ pockets

And tech industry doesn't get off lightly in civil rights probe The world's most powerful governments are today accused of bankrolling surveillance kit and training for smaller and dubious nations – and the tech industry stands to benefit.…

Irish fella accused of being Silk Road admin ‘Libertas’ hauled to US

Bloke extradited to New York to face charges of serving as drug market's tech support US prosecutors have extradited an Irish man to America, where he will face charges of allegedly helping run the infamous Silk Road drugs e-souk.…

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.