Security News

Privacy and Security FanaticBy Ms. Smith

IoT search engine ZoomEye cached passwords for tens of thousands of Dahua DVRs

IoT search engine ZoomEye scanned and stored Dahua DVR login credentials for anyone to find. Users should update vulnerable firmware before someone hacks the device.

Privacy and Security FanaticBy Ms. Smith

Lawmakers ask FTC to investigate smart TV privacy concerns

Two senators, alarmed about the potential of smart TVs to spy on users, asked the FTC to investigate the privacy policies and practices of smart TV manufacturers.

The Trusted and Valued Insider (Threat)By Christopher Burgess

Apple insider attempts to take autonomous car secrets to China

Xiaolang Zhang, an Apple hardware engineer, harvested 40 gigs of data about the Apple Car and took a server and circuit boards prior to announcing his intent to join XMotors and return to China.

abstract FinTech image of a dollar sign referencing digital transactions and potentially blockchain

Privacy and Security FanaticBy Ms. Smith

Hackers steal $23.5M in cryptocurrency from 'decentralized' crypto exchange Bancor

Attackers used a compromised wallet to steal three different cryptocurrencies: $12.5 million of ether, $1 million of Pundi X, and $10 million of Bancor Network Tokens.

Privacy and Security FanaticBy Ms. Smith

Microsoft-related bug reports up 121%, virtualization software bugs up 275%

The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.

nycrr cybersecurity gavel regulation compliance law nyc statue of liberty

Duty of care: Why (and how) law firms should up their security game

Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.

Privacy and Security FanaticBy Ms. Smith

Thieves hack Marathon gas station, steal $1,800 of gas

Hackers used a 'remote device' to steal 600 gallons of gas, valued at $1,800, from a prepaid Marathon gas pump in Detroit.

steal theft hacker crime laptop firewall

The Trusted and Valued Insider (Threat)By Christopher Burgess

Sinovel Wind Group found guilty of IP theft, fined $1.5 million

While American Superconductor's data logs and stores were helpful in convicting Sinovel Wind Group of IP theft, a data loss prevention strategy could have identified the thieves' activities sooner.

Privacy and Security FanaticBy Ms. Smith

Polar fitness app exposed personal information of soldiers and spies

Reporters used the Polar fitness app's Explore API to determine GPS location data of sensitive locations, as well as names and addresses of soldiers and spies.

The Trusted and Valued Insider (Threat)By Christopher Burgess

When an insider rides Pegasus into the dark web

An NSO Group employee, who'd worked there for only about 90 days, copied the company's Pegasus software and offered it for sale on the dark web for $50 million.

sparklers fireworks / American flag independence day by 1200x8

Privacy and Security FanaticBy Ms. Smith

Celebrate increased privacy: Supreme Court rules against warrantless location tracking

Celebrate your Fourth Amendment rights, the Supreme Court’s ruling against warrantless location tracking, and the impact that may have on technologies in the future.

Privacy and Security FanaticBy Ms. Smith

Quantum random number generator set to transform internet security

The world’s first practical quantum random number generator (QRNG) will reportedly overcome weaknesses of current encryption, revolutionizing internet security.

Salted Hash- Top security newsBy Steve Ragan

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

video

The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34

In this episode, host Steve Ragan talks with Phil Grimes, Professional Services Lead at RedLegg, about the challenges of educating customers — and building a partnership with them — to create successful red team engagements.

Salted Hash- Top security newsBy Steve Ragan

No data breach at Patreon, but proactive notice caused some concern

Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform. But the proactive letter caused some panic, as more than a few people took it to...

privacy breach - surveilling eye at a digital keyhole in a binary wall

Privacy and Security FanaticBy Ms. Smith

NSA deleting millions of phone call and text records over privacy violations

The NSA blames 'technical irregularities' in the call record data it received from telecoms for the mass purge of over 685 million phone and text message records.

Privacy and Security FanaticBy Ms. Smith

Privacy breach: Home security camera footage sent to wrong person

Home security video from a Swann smart camera was sent to the wrong customer, enabling the person to see and hear activity of a different family.

The Trusted and Valued Insider (Threat)By Christopher Burgess

News

IoT search engine ZoomEye cached passwords for tens of thousands of Dahua DVRs

IoT search engine ZoomEye scanned and stored Dahua DVR login credentials for anyone to find. Users should update vulnerable firmware before someone hacks the device.

Lawmakers ask FTC to investigate smart TV privacy concerns

Two senators, alarmed about the potential of smart TVs to spy on users, asked the FTC to investigate the privacy policies and practices of smart TV manufacturers.

Apple insider attempts to take autonomous car secrets to China

Xiaolang Zhang, an Apple hardware engineer, harvested 40 gigs of data about the Apple Car and took a server and circuit boards prior to announcing his intent to join XMotors and return to China.

Hackers steal $23.5M in cryptocurrency from 'decentralized' crypto exchange Bancor

Attackers used a compromised wallet to steal three different cryptocurrencies: $12.5 million of ether, $1 million of Pundi X, and $10 million of Bancor Network Tokens.

Microsoft-related bug reports up 121%, virtualization software bugs up 275%

The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.

Duty of care: Why (and how) law firms should up their security game

Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.

Thieves hack Marathon gas station, steal $1,800 of gas

Hackers used a 'remote device' to steal 600 gallons of gas, valued at $1,800, from a prepaid Marathon gas pump in Detroit.

Sinovel Wind Group found guilty of IP theft, fined $1.5 million

While American Superconductor's data logs and stores were helpful in convicting Sinovel Wind Group of IP theft, a data loss prevention strategy could have identified the thieves' activities sooner.

Polar fitness app exposed personal information of soldiers and spies

Reporters used the Polar fitness app's Explore API to determine GPS location data of sensitive locations, as well as names and addresses of soldiers and spies.

When an insider rides Pegasus into the dark web

An NSO Group employee, who'd worked there for only about 90 days, copied the company's Pegasus software and offered it for sale on the dark web for $50 million.

Celebrate increased privacy: Supreme Court rules against warrantless location tracking

Celebrate your Fourth Amendment rights, the Supreme Court’s ruling against warrantless location tracking, and the impact that may have on technologies in the future.

Quantum random number generator set to transform internet security

The world’s first practical quantum random number generator (QRNG) will reportedly overcome weaknesses of current encryption, revolutionizing internet security.

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34

In this episode, host Steve Ragan talks with Phil Grimes, Professional Services Lead at RedLegg, about the challenges of educating customers — and building a partnership with them — to create successful red team engagements.

No data breach at Patreon, but proactive notice caused some concern

Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform. But the proactive letter caused some panic, as more than a few people took it to...

NSA deleting millions of phone call and text records over privacy violations

The NSA blames 'technical irregularities' in the call record data it received from telecoms for the mass purge of over 685 million phone and text message records.

Privacy breach: Home security camera footage sent to wrong person

Home security video from a Swann smart camera was sent to the wrong customer, enabling the person to see and hear activity of a different family.

Reality Winner pleads guilty to revealing NSA secrets

Reality Winner, who was charged with giving a classified NSA report to the Intercept, pled guilty to sharing National Defense information.