XKCD's security meltdowns for the coming year

Over at XKCD, Randall Munroe's predicted the Critical Vulnerabilities and Exposures for 2018, with some pretty solid predictions (especially under the tooltip, which finally reveals a secret that many of us have kept mum about for literal decades -- damn you, Munroe!). Read the rest

Once again, a stalkerware company's had its servers pwned and wiped by a hacker who thinks they're selling an immoral product

It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them. Read the rest

Dissidents are getting destroyed by information attacks and tech isn't doing enough to help

A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

IBM Security survey finds users value "security" over "convenience"

IBM Security's 2018 survey of 4,000 adults worldwide found that for the first time in the history of their research, the majority of users say that they'd take extra steps in the name of "security" even if it meant that their usage would be less "convenient." Read the rest

Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest

Dozens of White House officials & Trump appointees never got security clearance — like Jared Kushner, Rob Porter

Some 30 to 40 White House officials and Trump administration political appointees are operating more than a year into the Trump regime without full security clearances. One of them is Jared Kushner. Until recently, another was noted wife-basher Rob Porter.

Read the rest

Leaked Equifax documents provided to US Senate reveal that they dumped all our drivers' licenses, too, but Equifax says it's OK, so...

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

Modechai Guri: the guy who gets data out of airgapped computers

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems. Read the rest

British court rules that the inhumane conditions in American prisons mean UK hacking suspect can't be legally extradited

Lauri Love is a British man on the autism spectrum who also has depression and severe eczema, who was facing extradition to America on charges of hacking US military and private agencies. Read the rest

The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk. Read the rest

The latest IoT botnet displays evidence of a halfway clever botmaster

The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket. Read the rest

OK, panic again: patching Spectre and Meltdown has been a disaster

When the news of two showstopping bugs in virtually every computer in use today broke, it was scary stuff -- experts predicted that mitigating these bugs would be difficult and impose severe performance penalties on patched systems; a week later, Google released research suggesting that the fear was misplaced, and that patching would be an orderly and relatively painless process. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Wanna buy a baby's Social Security number? Reports of infants' SSNs for sale on dark web

Dastardly cybercriminals. Is there nothing they won't do?

Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

More posts