At the Intersection of Technology and Real Life

Facebook Sued Hong Kong Firm for Hacking Users and Ad Fraud Scheme

Michael York Reading, PA Syndicated Stories, The Hacker News

Following its efforts to take legal action against those misusing its social media platform, Facebook has now filed a new lawsuit against a Hong Kong-based advertising company and two Chinese individuals for allegedly abusing its ad platform to distribute malware and Ad fraud. Facebook filed the lawsuit on Thursday in the Northern District of California against ILikeAd Media International

Read the full article here

Latest Headlines

Your Body, Your Self, Your Surgeon, His Instagram

19 January 2021

Social media gave the Real Dr. 6ix a stage on which to show off liposuctions and breast lifts. But when cosmetic surgery becomes entertainment, who owns the story? [...]

Covid, Schools, and the High-Stakes Experiment No One Wanted

18 January 2021

Reopening in the fall was a massive gamble. At one high-poverty elementary school, navigating the risks paid off. [...]

I Am Not a Soldier, but I Have Been Trained to Kill

15 January 2021

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being? [...]

The Case for Cannibalism, or: How to Survive the Donner Party

13 January 2021

Don’t be a young, healthy, single man. That’s our first piece of advice. [...]

The Unsettling Truth About the ‘Mostly Harmless’ Hiker

12 January 2021

His emaciated body was discovered in a tent, just a few miles from a major Florida highway. His identity—and troubled past—were discovered by the internet. [...]

How Many Microcovids Would You Spend on a Burrito?

12 January 2021

Six nerdy roommates used public health data to create an online Covid-risk points system for every activity—and protect their pandemic pod. [...]

The Autonomous-Car Chaos of the 2004 Darpa Grand Challenge

6 January 2021

The self-driving vehicles smashed, burned, flipped, and tipped. But the ambitious race through the Mojave launched an industry. [...]

A 25-Year-Old Bet Comes Due: Has Tech Destroyed Society?

5 January 2021

In 1995, a WIRED cofounder challenged a Luddite-loving doomsayer to a prescient wager on tech and civilization’s fate. Now their judge weighs in. [...]

The F-14 and the Secret History of the First Microprocessor

23 December 2020

In a weird way, I’ve known Ray Holt all my life, but I never knew what he had accomplished—or how his inventions wove their way into my own family. [...]

Some of Our Favorite Longreads of 2020

22 December 2020

It was a brutal year. Take a breath and enjoy some of our favorite in-depth stories. [...]

Beware of active UK NHS COVID-19 vaccination phishing campaign

25 January 2021

A very active phishing campaign is underway pretending to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine. [...]

Windows 10 NTFS corruption bug gets unofficial temporary fix

25 January 2021

Developers have released an unofficial fix for a Windows bug that could lead to the corruption of an NTFS volume by merely viewing a specially crafted file. [...]

Leading crane maker Palfinger hit in global cyberattack

25 January 2021

Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. [...]

ProtonVPN causes Windows BSOD crashes due to antivirus conflicts

25 January 2021

ProtonVPN is working on fixing a bug causing Windows blue screen crashes affecting customers using the latest versions of the company's Windows client software. [...]

Australian securities regulator discloses security breach

25 January 2021

The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach. [...]

Ransomware gang taunts IObit with repeated forum hacks

25 January 2021

A ransomware gang continues to taunt Windows software developer IObit by hacking its forums to display a ransom demand. [...]

Microsoft shares workaround for Windows 10 Conexant driver issues

25 January 2021

Microsoft has shared a workaround for a known issue impacting Windows 10 devices with Conexant ISST audio drivers and causing update errors and issues. [...]

Data breach at Buyucoin crypto exchange leaks user info, trades

24 January 2021

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free. [...]

Another ransomware now uses DDoS attacks to force victims to pay

24 January 2021

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. [...]

Best 3D printers for 2021 - CNET

26 January 2021

These are our favorite 3D printers, as well scanners and laser cutters, for makers and creators in 2021. [...]

The best e-reader for 2021 - CNET

26 January 2021

Why read on your phone or tablet when there are great E Ink e-readers out there? Here are our current top picks. [...]

The best gaming laptop deals right now at Amazon, Best Buy and Newegg - CNET

26 January 2021

Notebooks from Alienware, Asus, Dell, HP, MSI and Razer are on sale. [...]

Former ambassador sues Apple and Alphabet to drop Telegram from app stores - CNET

26 January 2021

Like Parler, Telegram is facing allegations of being used to encourage racism and violence. [...]

Best mattresses for back pain in 2021 - CNET

26 January 2021

Waking up with back pain? These mattresses combine comfort and support for a restful night and a pain-free morning [...]

Best kettlebells for 2021: JaxJox, Apex and more - CNET

26 January 2021

Adjustable, coated or a set: Find out which kettlebell is right for you. [...]

The best dog food delivery options for 2021 - CNET

26 January 2021

Our favorite dog (and one cat) food services deliver quality kibble and save you trips to the store. [...]

Skull of rare dinosaur sheds light on creature's bizarre hollow head tube - CNET

26 January 2021

The duck-billed dinosaur Parasaurolophus is best known for the tube that grows out of its head, and the well-preserved skull offers more clues about the crest's evolution. [...]

Samsung Galaxy S21 Ultra to sport low-power OLED display - CNET

26 January 2021

New displays will consume 16% less power, the electronics giant says. [...]

How to watch Triumph unveil the 2021 Speed Triple - Roadshow

26 January 2021

The folks in Hinkley are pulling the sheet off their most powerful naked bike yet, and you can watch as it happens. [...]

Claroty Discloses Multiple Critical Vulns in Vendor Implementations of Key OT Protocol

26 January 2021

Flaws allow denial-of-service attacks and other malicious activity, vendor says. [...]

SonicWall Is Latest Security Vendor to Disclose Cyberattack

25 January 2021

The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products. [...]

Deloitte & Touche Buys Threat-Hunting Firm

25 January 2021

Root9B (R9B) offers threat hunting and other managed security services. [...]

Small Security Teams Have Big Security Fears, CISOs Report

25 January 2021

Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget. [...]

How to Better Secure Your Microsoft 365 Environment

25 January 2021

Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments. [...]

2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021

25 January 2021

As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses. [...]

Comparing Different AI Approaches to Email Security

25 January 2021

Get to know the difference between "supervised" and "unsupervised" machine learning. [...]

Intel Confirms Unauthorized Access of Earnings-Related Data

22 January 2021

News likely contributed to slide of over 9% in chipmaker's stock at one point Friday. [...]

Speed of Digital Transformation May Lead to Greater App Vulnerabilities

22 January 2021

The fastest-moving industries are struggling to produce secure code, according to AppSec experts. [...]

How Cybersecurity Newbs Can Start Out on the Right Foot

22 January 2021

Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls. [...]

SecurityWeek Names Ryan Naraine as Editor-at-Large

19 January 2021

SecurityWeek has named Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team. [...]

Why Cyber Security Should Be at the Top of Your Christmas List

17 December 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function. [...]

United States Federal Government’s Shift to Identity-Centric Security

17 December 2020

Governments are increasingly facing new legislation, standards, frameworks, and policies to protect critical and sensitive information. [...]

How Extreme Weather Will Create Chaos on Infrastructure

21 October 2020

Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. [...]

BSIMM11 Observes the Cutting Edge of Software Security Initiatives

21 October 2020

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI. [...]

Sustaining Video Collaboration Through End-to-End Encryption

21 October 2020

By infusing end-to-end encryption into any video strategy, it ensures not only the sustainability of the channel, but the businesses that rely on it. [...]

Will Robo-Helpers Help Themselves to Your Data?

8 September 2020

Are you sure that your robo-helpers are secure? [...]

Securing the Hybrid Workforce Begins with Three Crucial Steps

2 September 2020

The global shift to a remote workforce has redefined the way organizations structure their business models. [...]

A New Strategy for DDoS Protection: Log Analysis on Steroids

26 August 2020

Incorporating a data lake philosophy into your security strategy is like putting log analysis on steroids. [...]

COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider

26 August 2020

Despite the COVID-19 pandemic, companies are obligated to comply with many laws governing data security and privacy [...]

Google: North Korean hackers have targeted security researchers via social media

26 January 2021

Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media. [...]

Time to Walk is Apple’s latest Fitness Plus feature that breaks away from staring at a screen

25 January 2021

Go on a walk and listen to stories from celebrities. [...]

Brazilian government advances process to sell state-owned tech firms

25 January 2021

A consortium of companies including Accenture will be studying alternatives to sell Dataprev and Serpro [...]

First commercial autonomous bus services hit Singapore roads

25 January 2021

Country's first commercial driverless bus services will run two routes at Singapore Science Park 2 and Jurong Island over a three-month pilot, during which data will be collected to assess the viability of the on-demand service as well as passenger safety and service reliability. [...]

Browser makers launch new project for writing documentation for Web APIs

25 January 2021

Founding members include the W3C, Google, Microsoft, Mozilla, Samsung Coil, and Igalia [...]

Microsoft's head of Corporate Strategy Kurt DelBene to leave Microsoft in June

25 January 2021

Microsoft's Kurt DelBene is retiring from the company at the end of its current fiscal year and won't be replaced. [...]

Pressure rises on IT executives to get their digital acts together

25 January 2021

The majority of IT leaders in a recent survey are concerned about being left behind. Can microservices, containers, and service meshes pave the way to digital transformation quickly and safely? [...]

Thinkware F200 Pro dash cam review: Unobtrusive camera with driving alerts and superb night vision

25 January 2021

The Thinkware F200 Pro is a really nice unobtrusive dash cam that will alert you to potential dangers, keep your speed as it should be and warn you if your attention starts to wander. [...]

Dutch COVID-19 patient data sold on the criminal underground

25 January 2021

Two individuals have been arrested in the Netherlands last week for selling data from Dutch COVID-19 systems on Telegram, Snapchat and Wickr. [...]

That cute robot cop can instantly work out who you are

25 January 2021

They look so friendly, as they roll along your shopping mall. Some, though, are concerned about what robot cops are really up to. [...]

Credential Stuffing: AI’s Role in Slaying a Hydra

25 January 2021

One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have […] The post Credential Stuffing: AI’s Role in Slaying a Hydra appeared first on Security Intelligence. [...]

For Attackers, Home is Where the Hideout Is

19 January 2021

Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” […] The post For Attackers, Home is Where the Hideout Is appeared first on Security Intelligence. [...]

QR Code Security: What You Need to Know Today

19 January 2021

QR codes are very common today, enough so that attackers are discovering ways of using them for profit. How can QR codes be used this way, and what can you do to boost QR code security and protect against these scams? What Are QR Codes Used For? QR codes — short for “quick response codes” […] The post QR Code Security: What You Need to Know Today appeared first on Security Intelligence. [...]

Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget

15 January 2021

As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are […] The post Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget appeared first on Security Intelligence. [...]

Hybrid Cloud Adoption Brings Security on the Go

15 January 2021

Hybrid cloud environments are a common sight in today’s digital world. IBM’s Assembling Your Cloud Orchestra report found 85% of organizations already utilize a hybrid cloud and 98% anticipate having one in place within three years. This type of cloud environment allows for more agile business processes, a novel infrastructure and produces potential new revenue […] The post Hybrid Cloud Adoption Brings Security on the Go appeared first on Security Intelligence. [...]

Misconfigurations: A Hidden but Preventable Threat to Cloud Data

15 January 2021

Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that […] The post Misconfigurations: A Hidden but Preventable Threat to Cloud Data appeared first on Security Intelligence. [...]

5 Cybersecurity Best Practices For Planning Ahead

14 January 2021

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a […] The post 5 Cybersecurity Best Practices For Planning Ahead appeared first on Security Intelligence. [...]

Preparing a Client Environment for Threat Management

14 January 2021

A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups providing threat management to their internal teams. The challenge has largely been in making sure the proposed program and the suite of solutions find and call […] The post Preparing a Client Environment for Threat Management appeared first on Security Intelligence. [...]

Social Engineering And Social Media: How to Stop Oversharing

13 January 2021

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering. While employees clicking on phishing links still […] The post Social Engineering And Social Media: How to Stop Oversharing appeared first on Security Intelligence. [...]

Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management

12 January 2021

There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can […] The post Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management appeared first on Security Intelligence. [...]

Google Warning: North Korean Gov Hackers Targeting Security Researchers

26 January 2021

Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers. read more [...]

South Carolina County Suffers Weekend Cyberattack

26 January 2021

A coastal South Carolina county says hackers broke into its computer network over the weekend. A statement from Georgetown County’s local government Monday said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted. read more [...]

Phishers Target C-Suite with Fake Office 365 Password Expiration Reports

25 January 2021

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro. read more [...]

Passwordless Authentication Provider Axiad Raises $20 Million

25 January 2021

Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm Invictus Growth Partners. read more [...]

Clothing Brand Bonobos Notifies Users of Data Breach

25 January 2021

Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised. read more [...]

Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

25 January 2021

American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems. read more [...]

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability

25 January 2021

One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface. read more [...]

Russian Hack of US Agencies Exposed Supply Chain Weaknesses

25 January 2021

The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department. read more [...]

Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product

25 January 2021

Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon. read more [...]

Illinois Court Exposes More Than 323,000 Sensitive Records

25 January 2021

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court read more [...]

Blackberry and Baidu deepen autonomous, connected car partnership

26 January 2021

Blackberry and Chinese search engine giant Baidu have agreed to expand a partnership that aims to give automakers the tools they need to launch next-generation connected and autonomous vehicles in China. Under the deal, Baidu’s high-definition maps will be integrated into Blackberry’s QNX Neutrino Real-Time Operating System. The embedded system will be mass produced in […] [...]

President Joe Biden commits to replacing entire federal fleet with electric vehicles

26 January 2021

President Joe Biden said Monday the U.S. government would replace the entire federal fleet of cars, trucks and SUVs with electric vehicles manufactured in the United States, a commitment tied to a broader campaign promise to create 1 million new jobs in the American auto industry and supply chains. The commitment, if it bears out, […] [...]

Facebook News launches in the UK, the first international market for its curated news portal

26 January 2021

As the United Kingdom prepares to sharpen its focus on how it regulates big tech companies, Facebook is taking a big step up in the role it plays in presenting media to the U.K. public, and into how it works with the country’s media industry. Today it is launching Facebook News in the U.K., Facebook’s […] [...]

Debunk, don’t ‘prebunk,’ and other psychology lessons for social media moderation

25 January 2021

If social networks and other platforms are to get a handle on disinformation, it’s not enough to know what it is — you have to know how people react to it. Researchers at MIT and Cornell have some surprising but subtle findings that may affect how Twitter and Facebook should go about treating this problematic […] [...]

Daily Crunch: Twitter unveils Birdwatch

25 January 2021

Twitter pilots a new tool to fight disinformation, Apple brings celebrity-guided walks to the Apple Watch and Clubhouses raises funding. This is your Daily Crunch for January 25, 2021. The big story: Twitter unveils Birdwatch Twitter launched a new product today that it says will offer “a community-based approach to misinformation.” With Birdwatch, users will […] [...]

Smart lock maker Latch teams with real estate firm to go public via SPAC

25 January 2021

This week, Latch becomes the latest company to join the SPAC parade. Founded in 2014, the New York-based company came out of stealth two years later, launching a smart lock system. Though, like many companies primarily known for hardware solutions, Latch says it’s more, offering a connected security software platform for owners of apartment buildings. […] [...]

Fintechs could see $100 billion of liquidity in 2021

25 January 2021

We believe one of the most important trends to gain traction in the last three years to be point-of-sale financing, now referred to as Buy Now Pay Later (BNPL). [...]

Walking with Dolly

25 January 2021

A walk is, more often than not, a solitary experience. As far as the age of COVID-19 is concerned, that’s probably more bug than feature. It’s a way to escape the confines of a shutdown for a few glorious moments, to get some air and, for better or worse, reflect on the day that’s passed […] [...]

Facebook will give academic researchers access to 2020 election ad targeting data

25 January 2021

Starting next month, Facebook will open up academic access to a dataset of 1.3 million political and social issue ads, including those that ran between August 3 and November 3, 2020 — Election Day in the U.S. Facebook’s Ad Library, launched in 2019, offers a searchable database of all ads running on Facebook and Instagram. […] [...]

Qualtrics raises IPO pricing ahead of debut

25 January 2021

This morning, Qualtrics, a software company that tracks customer and employee sentiment, filed a new S-1 document. The new filing raises Qualtrics’ expected IPO price range, providing the Utah-based unicorn with a higher potential valuation in its impending debut. Qualtrics previously sold to SAP for $8 billion while on the path to going public; after […] [...]

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

25 January 2021

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted [...]

Beware — A New Wormable Android Malware Spreading Through WhatsApp

25 January 2021

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said. The link to the fake [...]

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

25 January 2021

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat [...]

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

23 January 2021

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw [...]

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

24 January 2021

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end [...]

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

25 January 2021

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide [...]

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

22 January 2021

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary [...]

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

22 January 2021

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that [...]

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

21 January 2021

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the [...]

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

22 January 2021

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow [...]

Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos

22 January 2021

In this episode of the podcast (#200), sponsored by Digicert: John Jackson, founder of the group Sakura Samurai talks to us about his quest to make hacking groups cool again. Also: we talk with Avesta Hojjati of the firm Digicert about the challenge of managing a growing population of digital certificates and how automation may be an answer. The...Read the whole entry... » Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskEpisode 198: Must Hear Interviews from 2020DHS Looking Into Cyber Risk from TCL Smart TVs [...]

Researchers Test UN’s Cybersecurity, Find Data on 100k

11 January 2021

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday. The post Researchers Test UN’s Cybersecurity, Find Data on 100k appeared first...Read the whole entry... »Related StoriesPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan HuntEpisode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity [...]

Episode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity

8 January 2021

In this episode of the podcast (#199), sponsored by LastPass, we talk with Shareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. In our second segment, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security LessonsEpisode 194: What Happened To All The Election Hacks? [...]

Episode 198: Must Hear Interviews from 2020

31 December 2020

Trying times have a way of peeling back the curtains and seeing our world with new eyes. We The post Episode 198: Must Hear Interviews from 2020 appeared first on The Security Ledger. Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Update: Neopets Is Still A Thing And Its Exposing Sensitive Data

28 December 2020

Neopets, the virtual pets website has exposed a wide range of sensitive data online including information that might be used to identify site users, security researchers report. The post Update: Neopets Is Still A Thing And Its Exposing Sensitive Data appeared first on The Security Ledger. Related StoriesAmid Security Concerns: to Zoom or not to Zoom?Researchers Test UN’s Cybersecurity, Find Data on 100kEpisode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT [...]

Update: DHS Looking Into Cyber Risk from TCL Smart TVs

22 December 2020

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post Update: DHS Looking Into Cyber Risk from TCL Smart TVs appeared first on The Security...Read the whole entry... »Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVs [...]

Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

18 December 2020

In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! appeared first on The Security Ledger. Related StoriesEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 194: What Happened To All The Election Hacks?Episode 196: Building the Case Against Sandworm with Cisco Talos [...]

Episode 196: Building the Case Against Sandworm with Cisco Talos

10 December 2020

Cisco's Matt Olney, the Director of Talos Threat Intelligence and Interdiction and Craig Williams, the Talos Director of Outreach about the case against The post Episode 196: Building the Case Against Sandworm with Cisco Talos appeared first on The Security Ledger. Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 194: What Happened To All The Election Hacks?Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons [...]

Episode 195: Cyber Monday Super Deals Carry Cyber Risk

3 December 2020

While many organizations think the notion of keyboards, monitors and other hardware "spying" on them as the stuff of "James Bond" movies, Yossi Appleboum of Sepio Systems says that the threat is real - and much more common that either companies or consumers are aware. The post Episode 195: Cyber Monday Super Deals Carry Cyber Risk appeared first...Read the whole entry... » Related StoriesDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 198: Must Hear Interviews from 2020TV Maker TCL Denies Back Door, Promises Better Process [...]

Containers Complicate Compliance (And What To Do About It)

30 November 2020

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose....Read the whole entry... »Related StoriesResearchers Test UN’s Cybersecurity, Find Data on 100kEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Facebook users’ phone numbers are for sale through a Telegram bot

26 January 2021

Illustration by Alex Castro / The Verge Someone has gotten their hands on a database full of Facebook users’ phone numbers, and is now selling that data using a Telegram bot, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019. With many databases, some amount of technical skill is required to find any useful data. And there often has to be an interaction between the person… [...]

Rejoice! Amazon’s new app logo isn’t another icon in a white box

26 January 2021

Image: Apple’s App Store It looks like Amazon is rolling a new app icon on iOS, and unlike countless other recent app redesigns, it isn’t just a logo dropped inside a white background! Rejoice! The new icon cleverly takes cues from perhaps Amazon’s most recognizable “product” — its shipping boxes and their bright blue tape. Here it is — in the app’s listing on Apple’s UK App Store. (There are a few other reports of others seeing the icon on their devices as well.) Whoever worked on this new app design, which will be instantly recognizable on your home screen,… [...]

Warning Signal: the messaging app’s new features are causing internal turmoil

26 January 2021

Illustration by Alex Castro / The Verge The fast-growing encrypted messaging app is making itself increasingly vulnerable to abuse. Current and former employees are sounding the alarm. Continue reading… [...]

Grindr fined $11.7 million for illegally sharing private user information with advertisers

26 January 2021

Grindr will be fined 100 million Norwegian kroner, or about $11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers, according to The New York Times. Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including users’ locations and information about the device they were using, with advertisers. (One of those advertisers was MoPub, Twitter’s mobile ads company.) Associating that information with an individual could potentially indicate that person’s sexual orientation without their consent, and now, the Norwegian Data Protection Authority is taking action against Grindr… [...]

Facebook’s News tab comes to UK in first launch outside of the US

26 January 2021

Illustration by Alex Castro / The Verge Facebook’s News tab will go live in the UK on January 26th in its first launch outside the US. The company says the section will offer a mix of curated and personalized news stories, but for select publishers the bigger news is that it will see Facebook paying them to license their content. Although Facebook declined to give information on the amount it expects to pay publishers, a spokesperson said the company plans to invest “substantial” amounts over a number of years. These payments are expected to mainly go to publishers whose content… [...]

Amnesty International calls for a ban on facial recognition in New York City

26 January 2021

Illustration by Alex Castro / The Verge Amnesty International has launched a new campaign against facial recognition titled Ban The Scan — and is launching with a demand for New York City to halt police and government use of the technology. Amnesty argues facial recognition is incompatible with basic privacy rights, and will exacerbate structural racism in policing tactics. “New Yorkers should be able to go out about their daily lives without being tracked by facial recognition,” said Matt Mahmoudi, an AI and human rights researcher with Amnesty. “Other major cities across the US have already banned facial recognition, and… [...]

Apple has a new head of hardware engineering in latest executive shuffle

25 January 2021

John Ternus, Apple’s new senior vice president of hardware engineering | Photo: Apple Apple’s hardware team is getting its biggest shakeup in nearly a decade, as Dan Riccio — who served as the company’s senior vice president of hardware engineering since 2012 — transitions to “a new role” at the company. He’ll be replaced as Apple’s head hardware engineer by John Ternus, who led the hardware team designing the iPhone 12 and 12 Pro, in addition to working on Apple’s M1 chips. Ternus has been vice president of hardware engineering at Apple since 2013. The role of senior vice president… [...]

Biden wants to replace government fleet with electric vehicles

25 January 2021

President Joe Biden will start the process of phasing out the federal government’s use of gas-powered vehicles and replacing them with ones that run on electricity. The announcement is the fulfillment of a promise Biden made on the campaign trail to swap government fleet vehicles with American-made EVs. “The federal government also owns an enormous fleet of vehicles, which we’re going to replace with clean electric vehicles made right here in America, by American workers,” Biden said during a briefing Monday announcing his “Buy American” executive order. Pres. Biden: "The federal government also owns an enormous fleet of vehicles, which… [...]

Amazon’s Alexa can now act on its own hunches to turn off lights and more

25 January 2021

Photo by Dan Seifert / The Verge Amazon is enabling a new feature today that allows Alexa to proactively complete tasks around the house, such as turning off lights, based on your habits and frequent requests. Alexa has been able to sense these habits and ask about them since 2018 — the company calls them “hunches” — but before this update, Alexa would ask permission before acting on something like lowering the thermostat before you went to bed. If the new proactive hunches are enabled, though, Alexa will skip asking for permission for a task and just do it. While… [...]

Nerf’s new blasters curve their shots a la Angelina Jolie in Wanted

25 January 2021

Nerf’s got a new trick up its sleeve: Hasbro’s latest foam-flinging sidearms can curve their shots, possibly letting you hit targets you can’t even see. (Think Angelina Jolie or James McAvoy in Wanted but with bouncy balls instead of bullets.) That’s because each of Nerf’s three new Rival Curve blasters has an adjustable barrel you can twist to change the angle of your shot: left or right to shoot around corners, up to shoot straight, or down to lob balls over cover. Feeling skeptical? I would also be looking at this CG, especially considering MythBusters all but proved you can’t… [...]

Apple’s Newest Fitness Feature: Celeb-Hosted Outdoor Walks

25 January 2021

The company's latest subscription product combines outdoor fitness with podcasting, though you'll need an Apple Watch to enjoy it. [...]

Could Bobbie Hold 2 Spaceships Together in The Expanse?

25 January 2021

This scenario is very similar to a classic physics problem—but with more Martian armor. [...]

The Wilds Is Lost With Whip-Smart Teen Drama

25 January 2021

Like its spiritual predecessor, Amazon’s new show is full of secrets. Unlike it, the series doesn’t get bogged down in solving mysteries. [...]

Vizio's Rotating Soundbar Fills the Room With Great Surround

25 January 2021

The flagship (and expensive) Elevate has rotating drivers for when you play Dolby Atmos-supported movies or shows. [...]

Stop Ignoring the Evidence on Covid-19 Treatments

25 January 2021

The studies are in, and for many patients convalescent plasma should be out. So why do doctors having such a hard time letting go? [...]

New Algorithms Could Reduce Racial Disparities in Health Care

25 January 2021

Machine learning programs trained with patients’ own reports find problems that doctors miss—especially in Black people. [...]

Sun-Loving Bacteria May Be Accelerating Glacial Melting

25 January 2021

Scientists find that cyanobacteria cause sediments on glaciers to clump, thus absorbing more sunlight. It's not great news for fans of lower sea levels. [...]

The Truth About North Korea’s Ultra-Lockdown Against Covid-19

24 January 2021

The country has turned inward more than ever, leaving the true impact of the pandemic a mystery. [...]

A Beginner’s Guide for Working Out at Home

24 January 2021

You can start by doing a few push-ups in your pajamas. Also, Chris Hemsworth has a workout app. [...]

The Secret Ingredient That Powers Supernovas

24 January 2021

Three-dimensional computer simulations have solved the mystery of why doomed stars explode at all. [...]

Facebook Sued Hong Kong Firm for Hacking Users and Ad Fraud Scheme

Related Posts

Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Enterprise Credentials Publicly Exposed by Cybercriminals