by Paul Ducklin Facebook has just admitted to years of problems with password hygiene by leaking plaintext passwords into logfiles by mistake. Watch this special edition of Naked Security Live… …we answer the questions lots of people have been asking us since we first wrote about this issue: What happened? Was this a blunder or
admin
Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your
The social network says that the passwords were never exposed externally and that it found no abuse of the glitch Facebook has fixed a bug that caused that the passwords of many of its users were stored in plain text and were visible for the social network’s employees. “As part of a routine security review
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart
Tesla CEO Elon Musk argued Friday that his Twitter use did not violate a settlement agreement with the U.S. Securities and Exchange Commission and that the agency’s request to have him held in contempt is based on a “radical interpretation” of the order, according to court papers filed in Manhattan federal court. The SEC has asked
Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines. What a Friday. This afternoon (mere hours after we released our regularly scheduled episode no less!), both Pinterest and Zoom dropped their public S-1 filings. So we rolled up our proverbial sleeves and ran through the numbers. If
According to the 2019 State of the Call Center Authentication report from TRUSTID, a Neustar company, one of the most exploited areas in a company’s security chain is the call center. Companies may be investing more in their cybersecurity defenses, but fraudsters are evolving in their tactics. As such, they’ve discovered that by targeting call
by Paul Ducklin A security researcher in New Zealand just showed that it’s possible to wire up a low-cost data sniffer to the security chip in a Microsoft Surface laptop… …and read out the decryption key used by BitLocker, the software that is there to keep the data on your hard disk safe. That has
Post GDPR, there is still a lot of complexity in data privacy and data residency requirements. Depending on where they are located, what industry they are in, and how diverse their customer base is, companies are requiring a high degree of flexibility in the tools they use for web security. While most web security products
Our penchant for plugging in random memory sticks isn’t the only trouble with our USB hygiene, a study shows Many computer users don’t take enough precautions when disposing of their USB sticks, leaving a trove of what is often sensitive information about themselves for the drives’ new owners, a study has shown. Researchers from the
Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data
Keatz, one of a growing number of so-called “cloud kitchens” — delivery only restaurant brands running on the rails of Deliveroo and UberEats — has raised €12 million in new funding. Backing the round are existing investors Project A Ventures, Atlantic Labs, UStart, Kfund and JME Ventures, who are joined by RTP Global. It adds
European governments have been bringing the hammer down on tech in recent months, slapping record fines and stiff regulations on the largest imports out of Silicon Valley. Despite pleas from the world’s leading companies and Europe’s eroding trust in government, European citizens’ staunch support for regulation of new technologies points to an operating environment that
The UK’s Police Federation of England and Whales (PFEW) was the victim of a malware attack, according to two different tweets posted by the National Cyber Security Center (NCSC) UK and the PFEW. According to the Police Federation, the attack on the PFEW, which represents 119,000 police officers across the 43 forces in England and
by John E Dunn A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot. BitLocker is the full volume encryption system that has been shipped with higher-end versions of Windows since Vista, which
By: Sheetal, Application Developer & Majy, IT Support McAfee offers a new program that offers professionals who dedicated extended time to their families the chance to reignite their passion for the technology industry and relaunch their careers. Sometimes, it’s necessary to put your career on hold to raise kids, care for loved ones or serve
More tips for detecting and avoiding sextortion scams Vox Emptoris: “Voice of the Customer” In my previous post, we examined a particular example of a sextortion scam, showing several indications that it was not a threat to be taken seriously. But that kind of analysis – point-by-point deconstruction – is relatively hard work, and perhaps not
Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to “illegally” tie its proprietary apps and
The growth of Airbnb — and likewise other platforms like Booking.com, VRBO and Homeaway for listing and renting short-term accommodation in private homes — has spawned an ecosystem of other businesses and services, from those who make money renting their homes, to cleaning companies that make properties “Airbnb-ready”, to those who help design listings that
Microsoft has rolled out a patch that will warn Windows 7 users that security updates will soon come to an end. The patch rolled out Wednesday warning users of the impending deadline, January 14, 2020, when the software giant will no longer roll out fixes for security flaws and vulnerabilities. The deadline comes some 10
It’s an acronym that cries out for wordplay (SOAR above the hackers… SOAR into greater security…). But security orchestration, automation and response is a serious answer to a perilous threat environment. SOAR products collect threat information and respond to evidence of low-level threats without human intervention. They identify, prioritize and automate a security team’s incident
Security professionals who attended RSA 2019 believe that the world is in the midst of cyber-war, according to a survey conducted by Venafi. While 87% of the 517 IT security professionals surveyed believe that cyber-war is a current reality rather than a future threat, 72% of respondents said that nation-states should be able to “hack back”
by Paul Ducklin In this Naked Security podcast, we explain how to handle sextortion, look at techniques for getting rid of malvertising, and discuss the things that make randomness hard. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s stories: “FINAL WARNING” email – have they really hacked your webcam? New scam
Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most
ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar This article will first describe how the OceanLotus group (also known as APT32 and APT-C-00) recently used one of the publicly available exploits for CVE-2017-11882, a memory corruption vulnerability present in Microsoft Office software, and how
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing
Tandem Bank, the U.K. challenger bank, is launching a new savings account powered by its “Autosavings” feature designed to make it easier to save. Paying 0.5 percent interest, the Tandem Autosavings account is effectively a flexible savings bank account built on top of Tandem’s existing bank account aggregation app and the various credit cards it
When Salesforce bought Quip in 2016 for $750 million, it was fair to wonder what it planned to do with it. While company founder Bret Taylor has moved up the ladder to Chief Product Officer, Quip remained a stand-alone product. Today that changed when the company announced it was embedding Quip directly into its sales
Editor’s note: In 2013, Michael Cobb wrote how sad it was that the same handful of web application vulnerabilities… still vexed information security professionals. It’s even sadder that, six years later, these same flaws continue to stymie efforts to educate developers and mitigate vulnerabilities in web applications. OWASP revised its list of vulnerabilities in 2017.
Protecting consumer privacy has become a top priority for legislators as candidates launch their 2020 campaigns and try to win over voters. According to research findings revealed in the new CCPA and GDPR Compliance Report, however, US companies haven’t made privacy regulations a top priority. The online survey, conducted by TrustArc, reflects responses from 250
- 1
- 2
- 3
- …
- 61
- Next Page »