Tuesday, September 25, 2018
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
ZDNet

Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users

Domain registrar bungle takes down the website of one of the world's largest companies.
ZDNet

SHEIN fashion retailer announces breach affecting 6.42 million users

Hack took place somewhere in June, but the company only discovered the breach in late August.
ZDNet

US ISP RCN stores customer passwords in cleartext

Company is investigating the issue with customer support representatives having access to users' passwords in cleartext.
ZDNet

Apple MacOS Mojave zero-day privacy bypass vulnerability revealed

The latest update of the Mac operating system is expected to hit today -- potentially alongside a zero-day bug which circumvents OS privacy controls.
ZDNet

Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack

Microsoft was paid $703,697 to help Pennsylvania Senate Democrats rebuild IT systems after 2017 ransomware incident.
ZDNet

Freelance workers targeted in new malware campaign

Malicious macros are being spread in a campaign targeting job seekers on freelance and casual work platforms.
ZDNet

Woman pleads guilty to hacking police surveillance cameras

A chase around Europe led to the extradition of a 28-year-old who infected police equipment with ransomware days before Trump's inauguration.
ZDNet

Adwind Trojan circumvents antivirus software to infect your PC

A spam campaign spreading the RAT uses a number of tricks to fool signature-based antivirus solutions.
ZDNet

Western Digital resolves year-old password bypass bug in My Cloud NAS devices

The vulnerability can be exploited to give unauthenticated hackers full access to a device.
ZDNet

Google secretly logs users into Chrome whenever they log into a Google site

Browser maker faces backlash for failing to inform users about Chrome Sync behavioral change.
ZDNet

Firefox bug crashes your browser and sometimes your PC

Bug affects Firefox on Mac, Linux, and Windows, but not Android.
ZDNet

Wendy’s faces lawsuit for unlawfully collecting employee fingerprints

Restaurant chain faces class-action lawsuit in Illinois for breaking BIPA state law.
ZDNet

Hacker gets a whopping 14 years in prison for running Scan4You service

Ruslan Bondars run a "VirusTotal-for-crooks" operation from 2009 to 2017.
ZDNet

Twitter notifies developers about API bug that shared DMs with wrong devs

Twitter said the API bug was active between May 2017 and early September 2018, for nearly 16 months.
ZDNet

New Virobot ransomware will also log keystrokes, add PC to a spam botnet

Virobot will use locally installed Outlook instances to spam other users and spread a copy of itself.
ZDNet

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new "evil cursor" Chrome bug.
ZDNet

Cisco releases fixes for remote code execution flaws in Webex Network Recording Player

The bugs could be weaponized to hijack vulnerable software and cause untold damage to victim machines.
ZDNet

Google Zero Day team discloses unpatched Microsoft Jet RCE vulnerability

Exploit of the security flaw can lead to the remote execution of malicious code.
ZDNet

AdGuard resets all user passwords after credential stuffing attack

Attackers gained access to some AdGuard accounts but company can't tell how many.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...