Unsecured Databases Leak 235 Million Social Media Profiles

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles

Twitter Hack Technique Is Being Replicated for Other Attacks

Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Pirate IPTV Subscription Services Now a $1+ Billion Industry

Digital Citizens Alliance and NAGRA released a joint report revealing that illegal piracy subscription services — Internet Protocol Television (PS IPTV) — are now a $1+ billion industry. “Money for Nothing” describes an ecosystem of retailers and wholesalers enabled by legal businesses and consumed by at least nine million U.S. households. The report also looks into its infrastructure, supply chain, and ad-supported business models. Piracy injures consumers via malware among other risks. Continue reading Pirate IPTV Subscription Services Now a $1+ Billion Industry

FTC to Fine Twitter for Using Consumer Data for Targeted Ads

Twitter revealed that the Federal Trade Commission may hit it with a fine up to $250 million for using consumers’ email addresses and phone numbers — collected for “safety and security” purposes — to target ads, something it said it did “inadvertently” between 2013 and 2019. This is a violation of its 2011 agreement with the FTC, in which Twitter agreed that it would no longer mislead consumers by not disclosing other potential uses. Twitter has already received a draft complaint from the FTC. Continue reading FTC to Fine Twitter for Using Consumer Data for Targeted Ads

Latest Twitter Hack Puts Spotlight on Internal Security Issues

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

On Wednesday, scammers launched one of the most audacious attacks in recent memory, posting messages from the Twitter accounts of Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk that if people sent Bitcoin, the famous person would send back double the money. The first attack targeted high-profile cryptocurrency leaders and companies, but soon broadened to include a list of prominent U.S. politicians and entertainment and tech executives. It appears that an internal Twitter account was involved in the attacks, but it has yet to be determined whether an employee was willfully complicit. Continue reading Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

‘Zoombombing’ on the Rise, Zoom Works to Improve Security

As use of Zoom Video Communications’ conferencing services have soared, the company’s chief executive Eric Yuan has had issues scaling up the popular app. The nine-year-old tool, once a favorite in the business world, is now ubiquitous among a wide swathe of consumers, educators and others. Issues with privacy and hacking have arisen, and Yuan admitted he “messed up” on security, especially with the claim — proven false — that Zoom offered end-to-end encryption. Yuan said the full encryption feature will be available in a few months. Meanwhile, some users are switching to other platforms. Continue reading ‘Zoombombing’ on the Rise, Zoom Works to Improve Security

Intel Issues a Patch to Address Concerns About Chip Security

According to researchers at security firm Positive Technologies, Intel chips that were released during the past five years contain a flaw that may allow hackers to overcome built-in security measures. The flaw is in the Converged Security and Management Engine (CSME), described as a subsystem inside CPUs and chipsets similar to AMD’s Platform Security Processor. Intel has issued a patch, but Positive Technologies said it may not be enough to protect systems containing the flawed products. Intel’s 10th generation processors are reportedly not among those affected. Continue reading Intel Issues a Patch to Address Concerns About Chip Security

Ransomware Attacks Increase and Demand Bigger Payouts

An increasing number of cities, hospitals and businesses are being attacked by ransomware, by which bad actors shut down the victim’s computer network until a ransom is paid. Up until now, these attacks have been hard to measure since many of those impacted quietly paid the ransom without notifying any authorities. Security firm Emsisoft just reported a 41 percent increase in ransomware attacks between 2018 and 2019, with 205,280 businesses and other groups submitting evidence of such intrusions in 2019. Continue reading Ransomware Attacks Increase and Demand Bigger Payouts

Google Bypasses Cloud to Offer AI to Enterprise Customers

AI can enable many important tasks from manufacturing to medicine, but only if the applications are speedy and secure. Communication via the cloud adds latency and risks privacy, which is why Google worked on a solution — dubbed Coral — that avoids centralized data centers. Coral product manager Vikram Tank described Coral as a “platform of [Google] hardware and software components … that help you build devices with local AI — providing hardware acceleration for neural networks … right on the edge device.” Continue reading Google Bypasses Cloud to Offer AI to Enterprise Customers

NSA Discovers Windows Vulnerability — and Tells Microsoft

The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Las Vegas Was a Target of Cyberattack While Hosting CES

Early Tuesday morning, just as CES 2020 was getting underway, the team that monitors computers for Las Vegas detected a potential cyberattack as the city’s systems were reportedly compromised. While city officials tweeted about the breach, the information was light on details regarding which operations had been affected or the extent of the attack. The timing was unfortunate, since the annual CES confab is one of the largest events in Las Vegas. Last year, the show attracted more than 175,000 people and 4,400 exhibitors, including a number of Fortune 500 companies. Continue reading Las Vegas Was a Target of Cyberattack While Hosting CES

CES 2020: Experts Consider Cybersecurity For Smart Cities

The smart city was the topic of a CES conversation moderated by Strategic Cyber Ventures chief executive Hank Thomas, whose expertise was gained in relevant military and government work. Columbus, Ohio won the U.S. Department of Transportation’s first Smart City Challenge, and Smart Columbus director Jordan Davis reported that this win came with $50 million in grant funding, which was matched locally. “There is no clear definition of what a smart city is,” Davis noted. “But seamless connectivity is the ideal.” Continue reading CES 2020: Experts Consider Cybersecurity For Smart Cities

Multiple Bugs Made Zoom Hardware Susceptible to Hackers

In July, security firm Forescout discovered that DTEN touchscreen smart TVs, one of video conference service Zoom’s “certified hardware providers,” can be hacked to allow evildoers to bug conference rooms and capture video feeds and whiteboard notes. A two-week study of the DTEN D5 and D7 connected displays revealed five bugs, three of which have been patched but two of which remain. After Forescout disclosed the flaws to DTEN, it decided to go public to raise awareness of the security threat. Continue reading Multiple Bugs Made Zoom Hardware Susceptible to Hackers

5G Offers Wireless Carriers More Security, Privacy Options

One of the benefits of 5G, expected to be 100 times faster than 4G networks, is the improved protection of sensitive data. Much of the conversation about 5G networks has focused on the security issues related to Chinese vendors of gear used in 5G networks. But Verizon chief information officer Chandra McMahon noted that “security is designed into 5G and there will be additional [security] technical features.” Another advantage is that 5G providers will rely on the cloud, providing more capacity and flexibility. Continue reading 5G Offers Wireless Carriers More Security, Privacy Options

Page 2 of 1012345678910