Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Over 300,000 Canadian accountants and related stakeholders have been hit by a breach of a professional member association, it emerged late last week. The Chartered Professional Accountants of Canada (CPA Canada) revealed in a statement that an unauthorized third party had managed to access personal information after compromising the organization’s website. Over 329,000 individuals including
0 Comments
“Systematic design flaws” have been discovered in leading internet-connected doorbell and security cameras by a Florida Institute of Technology student. Blake Janes unearthed vulnerabilities in devices manufactured by Ring, Nest, SimpliSafe, and eight other companies relating to the removal of active user accounts. The flaws allow a shared account to remain in place and continue
0 Comments
by Paul Ducklin Security researchers at WordFence, a company that’s focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data. In a default installation of WordPress, whether you’ve installed it yourself or are using a hosted service, the configuration file wp-config.php should be off limits to outsiders.
0 Comments
The operators of a North Dakota contact tracing app have had a rethink when it comes to sharing users’ data with third-party services.  Care19 was created by ProudCrowd LLC to track the spread of COVID-19 in the Peace Garden State. Following the app’s launch, cybersecurity company Jumbo Privacy discovered that Care19 was sending user data to third-party services. The
0 Comments
The University of Texas at San Antonio (UTSA) is to create and lead a new federal digital research institute that will devise ways to shield America’s manufacturers from cyber-threats.  In addition to assisting US industry in blocking cyber-attacks, the Cybersecurity Manufacturing Innovation Institute (CyManII) will explore how to help manufacturers achieve energy efficiency.  Other areas
0 Comments
The 40-year-old one-time CEO of a Utah tech company is serving a custodial sentence after downloading over 13,000 images of child sexual abuse, bestiality, and rape.  Douglas Eugene Saltsman was sentenced yesterday to 210 days in prison and 48 months of probation by Utah 3rd District Judge Douglas Hogan after being convicted on three felony charges of
0 Comments
Microsoft has warned of a new type of data stealing Java-based ransomware, dubbed PonyFinal. PonyFinal is what Microsoft describes as “human-operated ransomware” — to distinguish it from commoditized variants that are distributed in an automated way by hackers. The tech giant’s Security Intelligence group revealed in a series of tweets this week that the first
0 Comments
by Paul Ducklin If you’re a Naked Security Podcast listener, you’ll have heard Sophos’s own Peter Mackenzie telling some fairly wild ransomware stories. Peter works in the Managed Threat Response (MTR) part of our business – in his own words, if your network’s on fire, he’s one of the people who will rush in to
0 Comments
Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data from Group-IB. The Singapore-based security vendor claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%. As large enterprises became an increasing focus for attacks, ransom
0 Comments
Donald Trump has decided to pick a fight with Twitter after one of his posts on the upcoming election was labelled misleading by the social media platform. The original tweet claimed that Mail-In (postal) ballots during the November Presidential election would be “substantially fraudulent.” The issue has become a partisan one of late, as Democrats
0 Comments
by Paul Ducklin Apple’s latest iOS versions have only been out for a week. The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”. But there’s a jailbreak available already for iOS 13.5, released by
0 Comments
The personal details of over 29 million Indian jobseekers have been posted to a dark web site, free for anyone to access. Cybersecurity firm Cyble, which discovered the trove on an unnamed hacking forum, has in turn added the compromised information to its breach notification site AmIBreached. It claimed to have found the posting during