Security News

Friday Squid Blogging: Vulnerabilities in Squid Server

Schneier on Security - Fri, 08/23/2019 - 18:19
It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. The vulnerability present in Squid 4.0.23 through 4.7 is caused by incorrect buffer management which... Bruce Schneier
Categories: Security News

Capital One hacker denied release, will remain in jail

ZDNet Zero Day - Fri, 08/23/2019 - 17:05
Defense argued for her release, but judge decided she was a flight risk and a danger to herself and others.
Categories: Security News

Police to sell hacker's $1.1 million Bitcoin stash to compensate victims

ZDNet Zero Day - Fri, 08/23/2019 - 15:27
Hacker told to give up bitcoins or face four more years in prison.
Categories: Security News

Hong Kong protesters warn of Telegram feature that can disclose their identities

ZDNet Zero Day - Fri, 08/23/2019 - 11:01
Message shared on discussion boards sparks panic among protesters.
Categories: Security News

Asruex Trojan exploits old Office, Adobe bugs to backdoor your system

ZDNet Zero Day - Fri, 08/23/2019 - 06:23
The malware’s selection of old vulnerabilities highlights a patching issue worldwide.
Categories: Security News

License Plate "NULL"

Schneier on Security - Fri, 08/23/2019 - 06:19
There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: now that he has a... Bruce Schneier
Categories: Security News

Data stolen from Hy-Vee customers offered for sale on Joker’s Stash Dark Web forum

ZDNet Zero Day - Fri, 08/23/2019 - 05:15
A card dump of 5.3 million accounts may be tied to the recent security breach.
Categories: Security News

80 suspects arrested in massive business email scam takedown

ZDNet Zero Day - Fri, 08/23/2019 - 04:22
Police say the mainly-Nigerian network was responsible for the attempted theft of $46 million.
Categories: Security News

Employees connect nuclear plant to the internet so they can mine cryptocurrency

ZDNet Zero Day - Thu, 08/22/2019 - 17:21
The Ukrainian Secret Service is investigating the incident as a potential security breach.
Categories: Security News

Valve patches recent Steam zero-days, calls turning away researcher 'a mistake'

ZDNet Zero Day - Thu, 08/22/2019 - 13:08
Valve also updates bug bounty rules to prevent similar incidents from happening again.
Categories: Security News

Chrome devs propose Privacy Sandbox to balance ad targeting and user privacy

ZDNet Zero Day - Thu, 08/22/2019 - 10:46
New technical spec will allow advertisers to track users in groups and categories, rather than individually.
Categories: Security News

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

ZDNet Zero Day - Thu, 08/22/2019 - 08:13
NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.
Categories: Security News

Modifying a Tesla to Become a Surveillance Platform

Schneier on Security - Thu, 08/22/2019 - 05:21
From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the same dash and rearview cameras providing a 360-degree view used... Bruce Schneier
Categories: Security News

Open-source spyware makes it on the Google Play Store

ZDNet Zero Day - Thu, 08/22/2019 - 05:16
Spyware based on two-year-old AhMyth RAT makes past Play Store's scans, despite not being anything special.
Categories: Security News

US military veterans swindled out of millions by former army employee

ZDNet Zero Day - Thu, 08/22/2019 - 04:05
Millions of dollars were stolen from those who have served after their PII was taken.
Categories: Security News

A botnet has been cannibalizing other hackers' web shells for more than a year

ZDNet Zero Day - Wed, 08/21/2019 - 17:39
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
Categories: Security News

Intel, IBM, Google, Microsoft & others join new security-focused industry group

ZDNet Zero Day - Wed, 08/21/2019 - 11:00
New Confidential Computing Consortium will promote the use of TEEs (trusted execution environments).
Categories: Security News

Suspected Capital One hacker requests release from jail on health grounds

ZDNet Zero Day - Wed, 08/21/2019 - 07:52
It is believed the alleged cybercriminal stole information belonging to 100 million citizens.
Categories: Security News

Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program

ZDNet Zero Day - Wed, 08/21/2019 - 07:45
Valve gets heavily criticized for mishandling a crucial bug report.
Categories: Security News

SEC charges rating service $269,000 for hiding ICO touting payments

ZDNet Zero Day - Wed, 08/21/2019 - 07:08
The company failed to mention some Initial Coin Offerings were paying for inclusion.
Categories: Security News