β EU Recalls Childrenβs Smartwatch That Leaks Location Data β
π Read
via "Threatpost | The first stop for security news".
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.π Read
via "Threatpost | The first stop for security news".
Threat Post
EU Recalls Childrenβs Smartwatch That Leaks Location Data
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.
π΄ Taming the Wild, West World of Security Product Testing π΄
π Read
via "Dark Reading: ".
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.π Read
via "Dark Reading: ".
Dark Reading
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
β Google Patches Critical .PNG Image Bug β
π Read
via "Threatpost | The first stop for security news".
Eleven critical bugs will be patched as part of the February Android Security Bulletin.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Patches Critical .PNG Image Bug
Eleven critical bugs will be patched as part of the February Android Security Bulletin.
π Why your business needs to work with the government to fight cyber warfare π
π Read
via "Security on TechRepublic".
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.π Read
via "Security on TechRepublic".
TechRepublic
Why your business needs to work with the government to fight cyber warfare
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.
β Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast - give it a listen!π Read
via "Naked Security".
Naked Security
Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST]
Hereβs the latest Naked Security podcast β give it a listen!
ATENTIONβΌ New - CVE-2017-1202
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1200
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1198
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1177
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-1000282
π Read
via "National Vulnerability Database".
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.π Read
via "National Vulnerability Database".
π΄ No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms π΄
π Read
via "Dark Reading: ".
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Over 59K Data Breaches Reported in EU Under GDPR π΄
π Read
via "Dark Reading: ".
In addition, 91 reported fines have been imposed since the regulation went into effect last May.π Read
via "Dark Reading: ".
Darkreading
Over 59K Data Breaches Reported in EU Under GDPR
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
π΄ Mitigating the Security Risks of Cloud-Native Applications π΄
π Read
via "Dark Reading: ".
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.π Read
via "Dark Reading: ".
Dark Reading
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
π΄ Cybercriminals Exploit Gmail Feature to Scale Up Attacks π΄
π Read
via "Dark Reading: ".
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
β IoT Scale Flaws Enable Denial of Service, Privacy Issues β
π Read
via "Threatpost | The first stop for security news".
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous about using this vulnerable IoT device.π Read
via "Threatpost | The first stop for security news".
Threat Post
IoT Scale Flaws Enable Denial of Service, Privacy Issues
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.
π΄ Shellbot Crimeware Re-Emerges in Monero Mining Campaign π΄
π Read
via "Dark Reading: ".
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.π Read
via "Dark Reading: ".
Darkreading
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
<b>⌨ More Alleged SIM Swappers Face Justice ⌨</b>
<code>Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground whoβs built a solid reputation hijacking mobile phone numbers for profit.</code><code>According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.</code><code>Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.</code><code>The Justice Department says Hared was better known to his co-conspirators as βwinblo.β That nickname corresponds to an extremely active and at one time revered member of the forum ogusers[.]com, a marketplace for people who wish to sell highly prized social media account names β including short usernames at Twitter, Instagram and other sites that can fetch thousands of dollars apiece.</code><code>Media</code><code>Winbloβs account on ogusers[.]com</code><code>Winblo was an associate and business partner of another top Oguser member, a serial SIM swapper known to Oguser members as βXzavyer.β In August 2018, authorities in California arrested a hacker by the same name β whose real name is Xzavyer Clemente Narvaez β charging him with identity theft, grand theft, and computer intrusion.
</code><code>Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren β a $200,000 high-performance sports car.</code><code>According to the indictments against Hared and Ditman, one of the men (the indictment doesnβt specify which) allegedly used his ill-gotten gains to purchase a BMW i8, an automobile that sells for about $150,000.</code><code>Investigators also say the two men stole approximately 40 bitcoins from their SIM swapping victims. Thatβs roughly $136,000 in todayβs conversion, but it would have been substantially more in 2017 when the price of a single bitcoin reached nearly $20,000.</code><code>Interestingly, KrebsOnSecurity was contacted in 2018 by a California man who said he was SIM swapped by Winblo and several associates. That victim, who asked not to be identified for fear of reprisals, said his Verizon mobile number was SIM hijacked by Winblo and others who used that access to take over his Twitter and PayPal accounts and then demand payment for the return of the accounts.</code><code>A computer specialist by trade, the victim said he was targeted because heβd invested in a cryptocurrency startup, and that the hackers found his contact information from a list of investors theyβd somehow obtained. As luck would have it, he didnβt have much of value to steal in his accounts.</code><code>The victim said he learned more about his tormentors and exactly how theyβd taken over his mobile number after they invited him to an online chat to negotiate a price for the return of his accounts.</code><code>βThey told me they had called a Verizon employee line [posing as a Verizon employee] and managed to get my Verizon account ID number,β said my victim source. βOnce they had that, they called Verizon customer service and had them reset the password. They literally just called and pretended to be me, and were able to get my account tied to another SIM card.β</code><code>The victim said his attackers even called his mom because the mobile account was in her name. Soon after that, his phone went dead.</code><code>βThe funny thing was, after I got my accountβ¦
<code>Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground whoβs built a solid reputation hijacking mobile phone numbers for profit.</code><code>According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.</code><code>Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.</code><code>The Justice Department says Hared was better known to his co-conspirators as βwinblo.β That nickname corresponds to an extremely active and at one time revered member of the forum ogusers[.]com, a marketplace for people who wish to sell highly prized social media account names β including short usernames at Twitter, Instagram and other sites that can fetch thousands of dollars apiece.</code><code>Media</code><code>Winbloβs account on ogusers[.]com</code><code>Winblo was an associate and business partner of another top Oguser member, a serial SIM swapper known to Oguser members as βXzavyer.β In August 2018, authorities in California arrested a hacker by the same name β whose real name is Xzavyer Clemente Narvaez β charging him with identity theft, grand theft, and computer intrusion.
</code><code>Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren β a $200,000 high-performance sports car.</code><code>According to the indictments against Hared and Ditman, one of the men (the indictment doesnβt specify which) allegedly used his ill-gotten gains to purchase a BMW i8, an automobile that sells for about $150,000.</code><code>Investigators also say the two men stole approximately 40 bitcoins from their SIM swapping victims. Thatβs roughly $136,000 in todayβs conversion, but it would have been substantially more in 2017 when the price of a single bitcoin reached nearly $20,000.</code><code>Interestingly, KrebsOnSecurity was contacted in 2018 by a California man who said he was SIM swapped by Winblo and several associates. That victim, who asked not to be identified for fear of reprisals, said his Verizon mobile number was SIM hijacked by Winblo and others who used that access to take over his Twitter and PayPal accounts and then demand payment for the return of the accounts.</code><code>A computer specialist by trade, the victim said he was targeted because heβd invested in a cryptocurrency startup, and that the hackers found his contact information from a list of investors theyβd somehow obtained. As luck would have it, he didnβt have much of value to steal in his accounts.</code><code>The victim said he learned more about his tormentors and exactly how theyβd taken over his mobile number after they invited him to an online chat to negotiate a price for the return of his accounts.</code><code>βThey told me they had called a Verizon employee line [posing as a Verizon employee] and managed to get my Verizon account ID number,β said my victim source. βOnce they had that, they called Verizon customer service and had them reset the password. They literally just called and pretended to be me, and were able to get my account tied to another SIM card.β</code><code>The victim said his attackers even called his mom because the mobile account was in her name. Soon after that, his phone went dead.</code><code>βThe funny thing was, after I got my accountβ¦
β Digital signs left wide open with default password β
π Read
via "Naked Security".
One thing the world doesn't need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.π Read
via "Naked Security".
Naked Security
Digital signs left wide open with default password
One thing the world doesnβt need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.
β Just two hacker groups are behind 60% of stolen cryptocurrency β
π Read
via "Naked Security".
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.π Read
via "Naked Security".
Naked Security
Just two hacker groups are behind 60% of stolen cryptocurrency
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.
β Firefox 66 will silence autoplaying web audio β
π Read
via "Naked Security".
From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.π Read
via "Naked Security".
Naked Security
Firefox 66 will silence autoplaying web audio
From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.