US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill was introduced on Thursday by Senators Ron Wyden, Zoe Lofgren, Pramila Jayapal, Warren Davidson, and Steve Daines. According to a statement on Wyden’s website, the changes
Philip Choo
Corporate data needs to be secure, private and protected. That’s obvious advice, but the steps organizations should take to prevent data security threats and keep their data safe from hackers are much less apparent. This article looks at some of the tactics — both old and new — hackers are using in their attempts to
by Danny Bradbury Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served
Cybercriminals are putting a new twist on an old trick Scammers are combining spoofed company websites and fake job ads to trick unsuspecting job seekers into surrendering their sensitive information and paying fraudulent fees. According to a recent public service announcement by the FBI’s Internet Crime Complaint Center (IC3), fraudsters increasingly post job openings on
Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment? “Decide
London’s Metropolitan Police Service has announced that it will start using live facial recognition (LFR) technology to scan public areas for suspected criminals. After trialing the technology for two years, the Met has said that it will have cameras up and running within a month. The cameras will be linked to a database containing images
by Lisa Vaas New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. Methbot got its name from White Ops,
What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand the common practices, prioritization, and preferences of the organization today in protecting themselves from breaches.
Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC). Safety notices were published yesterday by both the US Food and Drug Administration (FDA) and the US Department of Homeland Security’s Industrial Control Systems—Cyber Emergency Response Team (ICS-CERT) regarding vulnerabilities in certain
by Danny Bradbury The street outside ICANN’s offices in Playa Vista, California, may be a little more crowded than normal. People worried about the .org top-level domain will be there protesting its sale to a private equity firm. They’ll be handing over a petition signed by over 21,000 people to the Internet Corporation for Assigned
The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative
A Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei Burkov admitted operating the Cardplanet website, which sold card data acquired through illegal computer intrusions. Many of the cards offered for sale
A new round of Citrix patches arrived Thursday for the vendor’s Application Delivery Controller and Gateway products as reports of ransomware attacks targeting vulnerable systems emerged. The directory traversal flaw allows an unauthenticated party to perform arbitrary code execution. Originally, the Citrix patches were scheduled for release later this month, but last week the vendor
by John E Dunn Far from protecting the security and privacy of Safari users as advertised, Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave them exposed to a raft of privacy issues, including – ironically – being tracked. That’s the surprising conclusion of a group of Google researchers who this week published a short but
Safari’s anti-tracking feature could apparently give access to users’ browsing habits An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed
Image credit: Times of Israel.Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card
America’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning yesterday after observing an increase in the number of targeted cyber-attacks that utilize Emotet. Emotet functions as a modular botnet that can steal data, send malicious emails, and act as a dropper, downloading and installing a wide range of malware onto a victim’s computer. This sophisticated strain of
by Chester Wisniewski The scene stealer in January’s Patch Tuesday updates from Microsoft was CVE-2020-0601, a very serious vulnerability in the crypt32.dll library used by more recent versions of Windows. The flaw, which also goes by the names Chain of Fools and Curveball, allows an attacker to fool Windows into believing that malicious software and websites
Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection More than 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and Support” (CSS) records on the Internet due to a misconfigured server containing logs of conversations
Brazilian prosecutors have denounced American journalist Glenn Greenwald for his alleged involvement with a cybercrime organization that hacked cell phones to commit bank fraud. Greenwald is best known for a series of reports published from June 2013 by The Guardian newspaper that detailed the global surveillance programs of the United Kingdom and the United States.
by Paul Ducklin Microsoft has today announced a data breach that affected one of its customer databases. The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world. Microsoft didn’t
Some of the most popular dating services may be violating GDPR or other privacy laws Unbeknownst to their users, several popular dating apps, including Tinder, OkCupid and Grindr, share detailed personal data on their users with third parties for advertising purposes, a study conducted by the Norwegian Consumer Council has found. The details spanned the
The iPhone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed sources familiar with digital forensic analysis of the breach, the newspaper claimed that a massive
A leading offshore safety and verification body has reported a rapid rise in the number of ships seeking to gain a cybersecurity classification. Ship classification society Bureau Veritas Marine & Offshore (BV) says it has seen a surge in the number of ships applying for its “Cyber Managed” notation. The notation is based on BV’s rule
By Authentication is the process of proving a user’s or machine’s digital identity. Users are authenticated when they provide some form of credential associated with their user ID. Authentication methods are necessary to protect sensitive data and applications from being accessed by unauthorized users. While authentication is a cybersecurity must, it is also a process
by John E Dunn Citrix has issued its first set of patches fixing a nasty vulnerability that’s been hanging over some of its biggest products. The flaw, identified as CVE-2019-19781 on 17 December 2019, affected Citrix’s Application Delivery Controller (ADC) load and application balancer, and the Citrix Gateway Virtual Private Network (VPN) appliance (previously known
Are you looking to hide in plain sight? Here’s a rundown of three options for becoming invisible online As concern about internet privacy grows and grows, more and more people are actively seeking to browse the web anonymously. There are various ways to avoid being identified or tracked on the internet, although, in fact, “attempt
Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines. Actually, you don’t have to. This actually happened. Pence’s email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How
The USA is considering legislation that would protect local governments by requiring the appointment of a cybersecurity leader for each state. Backers of the Cybersecurity State Coordinator Act of 2020 say the proposed law will improve intelligence sharing between state and federal governments and speed up incident response times in the event of a cyber-attack. Under the
- 1
- 2
- 3
- …
- 129
- Next Page »