You are here
Home > News

Text message database reportedly leaked password resets

I use Google Authenticator and Authy for two-factor authentication rather than SMS. This is why...: A massive database managing millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes. Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text mes

Security Teams Struggle with Container Security Strategy

Many sysadmins have just got to grips with old-school virtualisation so expecting maturity in protecting containers is naive...: [...] Ultimately, Bouchard says, containers aren't necessarily any different than any other asset enterprises must protect. "We're not talking about reinventing security," he says, explaining that all the basic principles, such as the rule of least privilege, threat monitoring, and vulnerability scanning, all still apply. However, security profe

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

The simple rule is "If it looks to good to be true, it's almost always a scam"...: A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam. Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercrim...

More Spectre/Meltdown-Like Attacks

Bruce Schneier expresses surprise that we haven't seen more attacks yet, but warns that they're coming...: Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers have been building insecure hardware for 20 years. What's surprising is that it took 20 years t

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Events like this make us more secure...: Three major mobile phone models – the Samsung Galaxy S9, iPhone X and the Xiaomi Mi6 – failed to survive the hacker onslaught at this year’s Pwn2Own Tokyo 2018. In all, 18 exploits, with some attacks chaining together as many as five exploits, were used to own the three phones and earn hacker teams a collective $325,000 in prize money. On day one of the two-day hacking contest, team Fluoroacetate (Amat Cama and Richard Zhu) used

Small-Time Cybercriminals Landing Steady Low Blows

Criminality is now embedded in digital life. Being aware of the range of crime is a vital first step in protecting your business...: [...] At the high end, sophisticated financially motivated cybercrime gangs have recently begun using tactics that were once associated only with nation-state backed actors to plunder organizations around the world. Though relatively small in number, these organized crime gangs are responsible for a bulk of the cybercrime-related damage that bu

Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed

Patch now...: Microsoft today released patches for 63 vulnerabilities as part of its November Patch Tuesday update. Twelve of the bugs were deemed Critical, two were publicly known at the time of release, and one is reportedly under active attack. The bug being exploited is CVE-2018-8589, a Windows Win32k elevation of privilege vulnerability. It was reported by researchers as Kaspersky Labs, a sign attackers are using it in malware, notes Dustin Childs of Trend Micro's Ze...

The insider threat and data protection

Lots to learn from this case. Here's Denton's take on the background and verdict...: If we were to hazard a guess at what furrows the brows of Data Protection Officers (DPOs) when considering data breach risk, following the Court of Appeal's judgment in WM Morrison Supermarkets Plc v. Various Claimants[2018] EWCA Civ 2339, the "insider threat" should be at the forefront of our minds. Below, we offer our views on the Morrisons case and some practical tips on how to mitigat

Judge Says “Alexa, Please Testify in a Double Murder Case”: eDiscovery Trends

Just a reminder...check what's listening. Alexa, Siri, Goggle, your TV...: The occurrence of Internet of Things (IoT) devices in criminal cases is becoming more and more frequent.  Just last month, we covered a case where data from a Fitbit led to the arrest of a murder suspect (we covered another case like it last year as well).  Now, an Amazon Echo may have key evidence in a double murder committed last year. According to Time (Judge Says Amazon Must Hand Over Echo Reco