security

Today, DriveSavers announced a new service that can allegedly unlock and recover data from password protected computers. Devices from Apple, Samsung, Huawei, LG and other running iOS, Android, Windows, or Blackberry are said to be supported. Interestingly, the company claims they don't offer the...

After uncovering some interesting court records, Motherboard wrote up an article on how law enforcement is using "network investigative techniques" to catch cybercriminals. In one particular case, attackers used a fake email address and a bit of social engineering to get a $82,000 check from...

According to a report by the Wall Street Journal, the U.S. government has asked its allies to persuade "wireless and internet providers in these countries to avoid telecommunications equipment from China's Huawei Technologies Co." The same sources also claim the U.S. is considering extra...

The U.S. Postal Service recently fixed a gaping hole in their website's API that would give potential attackers access to package transit information, email addresses, usernames, account numbers, street addresses, phone numbers, and other information tied to USPS accounts. KrebsOnSecurity says...

BetaNews is reporting that Amazon has sent emails to customers to inform them that a technical issue caused their names and email addresses to be revealed. Affected customers do not have to take action as the issue was taken care of. In response to our request for a statement Amazon's PR...

Dropbox has multiple security teams to make sure that your data is secure and safe. They also conduct red team training exercises where the red team takes on the role of an attacker, and the other teams have to respond to the threat. During a recent offensive training exercise with Syndis; a...

Yesterday, Adobe pushed out an emergency update to Flash. According to Adobe, the "critical" vulnerability could lead to arbitrary code execution, putting any browser that autoruns flash plugins at serious risk. In a deviation from their usual policy of issuing security updates on patch Tuesday...

Even though Google is rejecting and removing Play Store apps at a furious pace, some malware is still getting through with relative ease. Forbes reports that more than 560,000 users have downloaded at least one of 13 malicious apps from a developer called "Luiz O Pinto." These apps masqueraded...

According to a report by the Silent Partner Group of Companies, data centers eat about 2% of humanity's global energy production, and that rising figure is starting to create security and logistical issues. The release points to brief AWS power outages in March and May of this year that knocked...

The BBC reports that Vision Direct, a European contact lens store, suffered a data breach that exposed the financial info of over 6,600 customers, as well as other personal data of 9,700 more customers. Some of the leaked data includes credit card numbers, expiration dates and CVV codes...

Motherboard uploaded a video showing how Kevin Mitnick managed to obtain a Motorola cell phone's source code with a couple of phone calls. And, just for fun, he hacked Motorola's network afterwards, and obtained older versions of the source code as well. This just goes to show that, no matter...

Back in 2015, the White House Office of Personnel Management was hit by a big hack, and the government response was pretty slow. The Government Accountability Office, which recently released a scathing report on the security of U.S. weapon systems, issued several recommendations after the hack...

The BBC reports that a location tracking watch "worn by thousands of children" can be easily infiltrated by anyone with internet access. While the BBC report calls it "easy to hack", and is light on technical details, the security researcher's own words make it sound even worse. Ken Muro said...

Researcher Artem Moskowsky found a bug in Steam that let users download "previously-generated CD keys for a game which they would not normally have access." The bug was submitted to Valve on August 7, quickly fixed on August 10, and publicly disclosed on October 31. Valve was quick to point out...

If your PSN, 2K or Windows Live account info got leaked in 2014, you may finally be getting justice. Notorious hacker Derptroll has just plead guilty to denial of service attack charges. Among other things, 23 year old Utah resident Austin Thompson was responsible for taking Steam, Origin and...

Amid a number of recent security and privacy scandals, tech-related privacy issues are getting more attention than usual. Intel itself doesn't mine as much data as Google, Facebook, Amazon and others do, but they do sell the hardware to do it, hence they have a stake in the issue. Intel told...

Researchers from The University of California, Riverside, published a paper detailing how an Nvidia GPU can be used to orchestrate a variety of attacks. In one attack, the researchers fed GPU memory allocation and performance counter data to a "machine learning based classifier," which...

HSBC bank was reportedly hit by a credential stuffing attack, which allowed attackers to gain access to "full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement...

According to a BBC report, scammers who hacked their way into several high profile Twitter accounts used Musk's likeness to scam people out of some Bitcoin. High profile accounts like Matlan, Pathe UK, and Pantheon Books had their handles and profile images changed to resemble Elon Musk or...

Researchers from Radboud University in the Netherlands found severe security vulnerabilities in several popular, self-encrypting SSDs from Samsung and Crucial. These SSDs can encrypt and decrypt data coming in and out on the fly, which is seen as a "hardware encyption" option in Bitlocker on...

Often politicians, researchers, corporate entities and citizens discuss the human toll of social media hacks and fierce debates ensue from those crimes, pertaining to what private account data is worth. Hackers in Russia have attached a price tag of 10 cents per account as they attempt to sell...

AMD CEO and President Dr. Lisa Su has been appointed as Chair of GSA Board of Directors and ARM CEO Simon Segars has been appointed Vice Chair of the global semiconductor organization. The GSA seeks to expand its scope of interest to include systems, software, solutions and services. The...

A recent post on the Google Security Blog says that the internet giant will require that users enable JavaScript to use the Google sign-in page. This will allow Google to run a risk assessment and only allow a sign-in if nothing looks suspicious. The blog post also discusses new Google account...

Techxplore reports that researchers from UC San Diego and Stanford found a new technique to expose a victim's browser history. According to the researchers, the attack works in recent version of Chrome, Edge, Firefox, and a number of other browsers. "History Sniffing" attacks work by probing the...

The Digital Millennium Copyright Act is often criticized for its overreaching potential for abuse, but fortunately, "Section 1201" allows lawmakers to change or renew specific exemptions every three years. Motherboard reports that the feds just renewed an exemption that protects security...

Howdy! I am on an adventure to disable SNMPv1 (unless required by vendor) and configure SNMPv2c/3 (only highest and most secure possible) on 100-300 clients or 20k-100k devices that are SNMP capable. This includes ensuring devices do not use default SNMP strings and credentials. Does anyone...

According to a report published by researchers Chris C. Demchak and Yuval Shavitt, China Telecom is redirecting sensitive internet traffic between the U.S. and other countries through China. China itself only has 3 major access nodes that connect to other countries, leaving China's network...

TechCrunch reports that Quantum Xchange made a deal with Zayo to use 800km of existing fiber optic cable for the U.S's first quantum network. The fiber stretches between Boston and Washington D.C, and will use quantum key distribution for secure end-to-end encryption. High profile investors seem...

Cathay Pacific Airways has announced that a 'data security event' occurred (hack) in March and 9.4 million people are affected. The airline says that there is no evidence that personal information has been misused and reassured passengers that the flight operations are on a separate system...

According to a contract obtained by The Verge, Google is forcing Android device makers to issue security patches for at least 2 years after their products hit the market. "At least four security updates" must be provided within a year of the phone's launch, while requirements for subsequent...

Apple has successfully blocked the "GrayKey" hack that allowed law enforcement and governments around the world unfettered access to passcodes on Apple devices running iOS. Devices running iOS 12 and above can only have metadata such as file structure and unencrypted files accessed by Grayshift...

Reuters reports that Supermicro is looking for spy chips on their motherboards. In a letter to customers, the manufacturer denies the allegations Bloomberg made over two weeks ago, claiming that such a device would be "technically implausible." There are safeguards in Supermicro's supply chain...

A UK Tesla Model S was hacked and stolen in just under three minutes. The car jackers used a tablet to find the distant key fob's signal. Once that got the car open, they struggled trying to unplug the car's charger for about a minute, jumped inside, disabled Tesla's Remote Access system, and...

A report by The Information claims that Facebook is looking for a cybersecurity firm to buy. According to four anonymous insiders, Facebook approached multiple companies with talks about an acquisition, but the report didn't mention any companies by name. Facebook suffered from a big security...

Researchers at MIT have built a new security measure on top of Intel's Cache Allocation Technology. Dynamically Allocated Way Guard, or DAWG, is built to isolate programs from each other without the performance overhead of Intel's CAT. The technology only requires "minor modifications to the...

New York City has begun experimenting with allowing robots to patrol areas. Rosie the robot has 5 cameras, thermal imaging, artificial intelligence, self-driving car technology, analytics and is directly connected to law enforcement. Her job is to observe people walking on the streets, record...

Following an independent investigation by security experts, and an FDA review, Medtronic disabled software updates for the Medtronic CareLink and CareLink Encore Programmer models 2090 and 29901, which are used in pacemakers, implantable defibrillators, cardiac resynchronization devices, and...

Facebook has issued a new statement about the recent "View As" hack of the company where up to 90 million customers were affected. Now Facebook is certain that only 30 million users had their personal information exposed to the hackers. This personal information includes Facebook Messenger...

Another day, another massive user data leak, this time from FitMetrix. The fitness company, which makes software for institutions like Crossfit and SoulCycle, reportedly hosted user data on AWS instances, but forgot to use a password to secure that data. Security researcher Bob Diachenko claims...

Swiss security researchers exposed gaps in the 5G AKA standard. Using a security protocol verification tool called Tamarin, the researchers ran the new wireless communication standard through a series of tests. Ralf Sasse, a senior scientist at ETH in Zurich, said their research "showed that the...