security

Citing an FCC application on Sunday, The Guardian reports that Echodyne, a company based out of Seattle, wants to operate experimental radar "'in the immediate vicinity' of Mercedes-Benz Stadium to 'alert security personnel, including federal officers, of any unidentified drone activity during...

9to5Mac reports that a major bug in FaceTime allowed anyone with an iDevice running iOS 12.1 or latter to call someone else with FaceTime, and hear audio from their end without the other person ever picking up. Apparently, all you have to do is type your own phone number to the "add person"...

AFP reports that Nest, a smart camera manufacturer founded by former Apple engineers and owned by Alphabet, is urging customers to use two factor authentication for their home systems. The plea comes after local media near San Francisco reported on a couple's trouble with a Nest camera mounted...

Last year, an exposed ElasticSearch server reportedly leaked data on nearly 57 Million U.S. citizens. ElasticSearch servers aren't supposed to be exposed to the web, especially if they don't have a password, and the security researcher warned that exposed servers like that are a significant...

Twitter just posted a notice on their site claiming that they found an issue with the "Protect your Tweets" feature on Android devices. According to the feature's help page, the setting restricts the visibility of Tweets to the followers of an account, and requires users to confirm new...

The UpGuard Data Breach Research team, who previously uncovered data breaches in U.S. voting systemsand an Experian partner, recently exposed a massive leak from Oklahoma's Department of Securities. The contents of the files "ran the gamut from personal information to system credentials to...

Security experts from Check Point Research claim they found a bug in Fortnite's login system that allowed potential attackers to hijack accounts. Unlike the thousands of Fortnite scams that already exist online, this hack allegedly didn't require entering any login credentials or financial info...

Wired just ran a story claiming that the Silicon Valley giants spend huge amounts of money to protect their CEOs and other executives. Apple, for example, reportedly dropped $310,000 protecting Tim Cook, while Amazon and Oracle spent $1.6 Million protecting Jeff Bezos and Larry Ellison. But...

According to a new report from the Pentagon's Inspector General (PDF Warning), which was spotted by Motherboard, the Department of Defense still has some glaring cybersecurity issues. While the Pentagon has apparently made some great strides since 2017, there are still "266 open...

As cars get smarter, they also become more vulnerable to digital saboteurs. We've reported on several incidents where hackers managed to unlock a drive a Tesla away, but the company has repeatedly reaffirmed its commitment to security, as it did again this week. A post on the Zero Day...

A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security...

Security researcher Paulos Yibelo has reportedly discovered bugs in Bluehost, Dreamhost, HostGator, OVH, and iPage that could compromise hosted websites with a single click, which allows for "account takeover when the victim clicks a link or visits a malicious website." Yibelo documented the...

Marriott International has provided an update to the "Starwood" data breach that was initially thought to have affected 500 million of its customers. After "working closely with its internal and external forensics and analytics investigation team" Marriott was able to determine that the number...

Motherboard says that 2 hackers tapped into Chromecasts and Smart TVs to promote the prolific Youtuber PewDiePie. "HackerGiraffe" and "j3ws3r," the duo behind the attack, were reportedly behind an older hack that forced 50,000 printers to print PewDiePie Propaganda. The hackers also posted, and...

Motherboard reports that a group of hackers breached a law firm's servers containing case files related to the September 11 attacks. The the hackers supposedly sent an encrypted datafile to Motherboard, before publishing it on the web, and claim they will release the file's encryption keys if...

Last week, researchers from Insinia Security hijacked the Twitter accounts of a number of celebrities. But, unlike previous incidents where high profile users were hacked with the intent of defacing popular accounts or proliferating cryptocurrency scams, Insinia took control of the Twitter...

The Los Angeles Times and Tribune Publishing have reportedly been hit by a "targeted" ransomware attack originating from outside the United States. Reports from the Times and the Chicago Tribune themselves say their servers started going down on Saturday, and that Saturday editions of the Wall...

Citing posts by security researcher Jamie Hankins on Twitter, Bleepingcomputer reports that Wannacry ransomware is still active, but dormant, on thousands of computers across the world. Jamie Hankins reportedly contained the infection last year by setting up a "kill switch" domain in 2017. As...

Some hot tubs have apps that allow users to control the tubs remotely. But security researchers from Pen Test Partners found a small security flaw in one of those implementations... apparently, there is no security. A wifi access point on the tub can be configured to act as a client accessible...

According to a recent report by Reuters, Amazon's experiments with Alexa are having some unintended consequences. The publication claims that Alexa blurted out "Kill your foster parents" last year. Other incidents involved chats about sex acts or dog defecation, and anonymous sources claim that...

The Guardian reports that at least one drone shut down Gatwick airport for a few hours. 91 arrivals and 64 departures have been canceled so far, and authorities say the disruption will have a "knock on" effect. The police claim they've found "persons of interest" related to the rogue drone, but...

Reuters reports that a German Alexa user got access to "thousands of recordings" from their neighbor. According to the German trade publication c’t, the customer reportedly contacted Amazon about the mixup, and was able to download the recordings before Amazon deleted the download link. An...

BleepingComputer reports that SecureAuth published "driver elevation of privilege" vulnerabilities for desktop Gigabyte and Asus motherboards. According to the Asus report, multiple vulnerabilities were found in the GLCKIo and Asusgio drivers that the company's Aura Sync RGB control software...

A new report from McAfee Labs claims that the total volume of "coin miner" malware has grown over 4000% since last year, and over 60% since Q2. Hackers are apparently moving away from ransomware to the more "lucrative" field of cryptomining malware. Malware attacks are up in general too, though...

AZCentral reports that a hacker broke into a man's Nest security camera at his Phoenix home. But, instead of abusing the system, the hacker contacted the camera's owner, informing him that the system was compromised with fairly obvious proof. If you aren't already paranoid about cameras in...

The security team of the Chinese media conglomerate Tencent has allegedly found a vulnerability in SQLite. Dubbed "Magellan," the vulnerability would supposedly allow attackers to run unauthorized code remotely, leak program memory, or crash programs that use the software. SQLite is used as a...

On their developer website, Facebook revealed a bug in their Photo API that "may have affected people who used Facebook Login and granted permission to third-party apps to access their photos." Facebook claims some "third parties" may have had access to more photos than they were supposed to...

Finland announced plans for a digital drivers license this year, and several U.S. States are running similar pilot programs of their own. So far, digital drivers license systems have been fairly limited, but a report by IEEE Spectrum claims that could change in Louisiana soon. According to the...

Facial recognition is everywhere now, whether it's used for convenience or pushed as a "security" feature. But according to a report by Forbes, Android's facial recognition system isn't particularly hard to fool. Using a commercial, 3D printed model of his own head, Thomas Brewster was able to...

Concert venues and organizers are turning to facial recognition solutions to identify security threats such as stalkers and important individuals who are to be treated as VIPs. Taylor Swift fans were unknowingly scanned at a kiosk that displayed rehearsal clips of the star at her Rose Bowl...

According to a ZDNet report, bad default configurations in popular Ethereum software are leaving users' wallets wide open to exploitation, and hackers are taking advantage of it. The misconfiguration exposes the standard JSON-RPC interface commonly found in Ethereum software to the internet...

Following a lengthy investigation, Supermicro sent an open letter to their customers claiming that they "found absolutely no evidence of malicious hardware on our motherboards." The company hired a "leading, third party investigations firm" to assist with the review, and they tested both newer...

New Atlas reports that the Australian government recently passed the world's first anti-encryption bill. The Assistance and Access Bill 2018 can allegedly "compel a private company to create new interception capabilities so no communications data is completely inaccessible to the government."...

Last month, the Wall Street Journal reported the the U.S. Government asked its allies to stop buying Huawei equipment. Since then, things have gone downhill for the Chinese company. Japan, Australia, New Zealand, Canada, and the UK have all all allegedly stopped buying Huawei equipment...

Today's data leak of the day comes from... Bethesda. Recently, Bethesda promised to give buyers of Fallout 76's $200 Power Armor edition a real canvas bag. But to do that, customers had to create a support ticket and submit proof of purchase, which allegedly included a receipt containing credit...

Last night, Quora's CEO announced that about 100 million of the site's user accounts were compromised in yet another data breach. Quora says they discovered the breach last Friday, and that account names, email addresses, posting history on the site, IP addresses, personal messages, and hashed...

Marriott International suffered a big data breach involving the reservation database for Starwood Properties last week. The attackers allegedly had "unauthorized access" since 2014, and onlookers assumed there were no indications that Starwood's systems were compromised until this year. But, the...

The GCHQ, the hub of the UK's surveillance program, recently published a piece in Lawfare that calls for "virtual crocodile clips in today’s digital exchanges," among other things. While the agency isn't advocating weak encryption, they do want law enforcement to be a "third end" in end-to-end...

On November 27, Atrium Health announced that one of their databases hosted by AccuDoc was breached by an "unauthorized third party" between September 22 and September 29, 2018. According to the release, basic information like names, date of birth, insurance info, and account balances were...

An ElasticSearch server has reportedly leaked records of 56,934,021 U.S. citizens. The names, employers, job titles, email addresses, home addresses, IP addresses and phone numbers of these Americans were said to have been exposed exposed, and security expert Bob Diachenko claims that an...