Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: Protection

Zoom Fixes Flaw Opening Meetings to Hackers

Zoom Fixes Flaw Opening Meetings to Hackers

Zoom has patched a flaw that could have allowed attackers to guess a meeting ID and enter a meeting. NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting password” by default, which is a password assigned to Zoom attendees Read more…


Adobe fixes critical flaws in Media Encoder and After Effects

by John E Dunn After fixing a fat pile of critical security flaws as part of last week’s Patch Tuesday update, Adobe has come back with two more that need urgent attention. This is what’s called an out of band update, which means that a vulnerability is too risky or likely to be exploited to leave to the next scheduled update. The first is in the Windows and macOS versions of the After Effects graphics Read more…


Microsoft Leaves 250M Customer Service Records Open to the Web

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan. Every year, millions of people make New Year’s resolutions to “get healthy.” Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. Read more…


Nearly half of hospital Windows systems still vulnerable to RDP bugs

by Danny Bradbury Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The report, called 2020 Vision: A Review of Major IT & Cyber Security Issues Affecting Healthcare, comes from CyberMDX, which provides cybersecurity systems for hospitals. It says that 22% of a typical hospital’s Windows devices are exposed to BlueKeep. The proportion of Windows Read more…


US charges four Chinese military members with Equifax hack

by Lisa Vaas The US has charged the Chinese military with plundering Equifax in 2017. The Justice Department (DOJ) on Monday released a nine-count indictment that accused four members of the People’s Liberation Army (PLA) of being hackers behind the breach, which was one of the largest in US history. The breach exposed millions of names and dates of birth, taxpayer ID numbers, physical addresses, and other personal information that could lead to identity theft Read more…


Threat actors attempt to capitalize on coronavirus outbreak

By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Using the news to try and increase clicks and drive traffic is nothing new for malicious actors. We commonly see actors leveraging current news stories or events to try and increase the likelihood of infection. The biggest Read more…


1.7M Nedbank Customers Affected via Third-Party Breach

A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. Nedbank, one of South Africa’s largest financial institutions, last week disclosed a security incident affecting the personal data of 1.7 million past and current customers. The breach started with a “data security issue” at Computer Facilities, a third-party marketing contractor Nedbank was using to send SMS and email marketing information, the bank said in a statement. Read more…


Google Sets Record High in Bug-Bounty Payouts

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


New Bill Proposes NSA Surveillance Reforms

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


Wawa Breach May Have Affected More Than 30 Million Customers

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Affected via Third-Party Breach Firmware Weaknesses Can Turn Computer Subsystems Read more…


Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Microsoft Leaves 250M Customer Service Records Open to the Web Wawa Breach May Have Affected More Than 30 Million Customers US charges Read more…


Google forced to reveal anonymous reviewer’s details

by Danny Bradbury It’s a small business’s worst nightmare: someone leaves a review on a popular site trashing your company, and they do it anonymously. That’s what happened to Mark Kabbabe, who runs a tooth whitening business in Melbourne, Australia. Last week, a court forced Google to reveal the details of an anonymous poster who published a bad review of his business. According to the court judgement, the anonymous poster used the pseudonym CBsm 23 Read more…


Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers US charges four Chinese military members with Equifax hack 1.7M Nedbank Customers Read more…


Ring makes 2FA mandatory to keep hackers out of your doorbell account

by Lisa Vaas Leery of losing microseconds of your life by using two-factor authentication (2FA) to keep your stuff safe from hackers? Alas for you, but hurray for security. Bit by bit, the Internet of Things (IoT) is getting a wee bit more secure: last week, Google announced that it would soon begin forcing users of its Nest gadgets to use 2FA, and this week, security came knocking for Amazon’s Ring video doorbells. On Tuesday, Read more…


MGM Hotel breach highlights need for sophisticated cloud security

Cybercriminals posted the information of more than 10 million customers on a hacker forum a year after the initial attack on a cloud server. View Original Source Article HERE Related posts: Wawa Breach May Have Affected More Than 30 Million Customers Do I really need additional email security when using Office 365? Cyber Fitness Takes More Than a Gym Membership & a Crash Diet 1.7M Nedbank Customers Affected via Third-Party Breach Text message package scam Read more…


92% of Americans would delete an app that sold their personal information

Smartphone users don’t want government encryption backdoors and would rather read “terms and conditions” than watch the movie “Cats.” View Original Source Article HERE Related posts: Microsoft Leaves 250M Customer Service Records Open to the Web Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking Do I really need additional email security when using Office 365? Nearly half of hospital Windows systems still vulnerable to RDP bugs Text message package scam delivers more than Read more…


Text message package scam delivers more than your business bargained for

There’s a text message scam making the rounds that could target your mail room staff, receptionist, or other employees. The FTC has tips on how you can protect your business. Our Consumer Blog describes a text message people are receiving that claims to be a FedEx tracking notice. In variations on the scheme, fraudsters also are falsely invoking the names of UPS and the U.S. Postal Service. According to the text, there’s a “delivery” that needs Read more…


The Amazon Prime phishing attack that wasn’t…

by Paul Ducklin Earlier this week, we received a moderately believable Amazon Prime phish via email. The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account. To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t complete the verification process within 24 hours, then our account would Read more…


Data of 10.6m MGM hotel guests posted for sale on Dark Web forum

by Lisa Vaas The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. It doesn’t matter that the data isn’t freshly baked: it’s still edible. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as “the right person answered Read more…


Freedom Hosting owner pleads guilty to distributing child abuse images

by John E Dunn The man arrested for running what was once believed to be the largest child abuse hosting provider on the dark web, has pleaded guilty in a US court to the charge of advertising child pornography. That service was Freedom Hosting and the man who operated it from its founding in 2008 until his arrest in Ireland in 2013 was dual US-Irish national, Eric Eoin Marques. Extradited to the US last year, Read more…


Facebook’s Twitter and Instagram accounts hijacked

by John E Dunn Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them. Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared: Hi, we are OurMine Well even Facebook is hackable but at least their security better than Read more…


Self-driving car dataset missing labels for pedestrians, cyclists

by Lisa Vaas A popular self-driving car dataset for training machine-learning systems – one that’s used by thousands of students to build an open-source self-driving car – contains critical errors and omissions, including missing labels for hundreds of images of bicyclists and pedestrians. Machine learning models are only as good as the data on which they’re trained. But when researchers at Roboflow, a firm that writes boilerplate computer vision code, hand-checked the 15,000 images in Read more…