Security News

Researchers create magstripe versions from EMV and contactless cards

ZDNet Zero Day - Fri, 07/10/2020 - 19:05
Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.
Categories: Security News

China Closing Its Squid Spawning Grounds

Schneier on Security - Fri, 07/10/2020 - 16:09
China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for... Bruce Schneier
Categories: Security News

Amazon tells employees to remove TikTok from their phones due to security risk

ZDNet Zero Day - Fri, 07/10/2020 - 13:25
Accessing the TikTok website from work laptops is still allowed, according to an internal email Amazon sent to employees today.
Categories: Security News

EFF's 30th Anniversary Livestream

Schneier on Security - Fri, 07/10/2020 - 11:48
It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EFF.... Bruce Schneier
Categories: Security News

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

ZDNet Zero Day - Fri, 07/10/2020 - 06:30
The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.
Categories: Security News

Business Email Compromise (BEC) Criminal Ring

Schneier on Security - Fri, 07/10/2020 - 06:12
A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and... Bruce Schneier
Categories: Security News

Smartwatch tracker for the vulnerable can be hacked to send medication alerts

ZDNet Zero Day - Fri, 07/10/2020 - 04:53
API issues could be exploited to make calls, spy on users, send fake messages, and more.
Categories: Security News

KingComposer patches XSS flaw impacting 100,000 WordPress websites

ZDNet Zero Day - Fri, 07/10/2020 - 02:08
The vulnerability could be exploited to execute malicious payloads in visitor browsers.
Categories: Security News

Google bans stalkerware ads

ZDNet Zero Day - Thu, 07/09/2020 - 16:36
New Google Ads policy that bans stalkerware enters into effect on August 11.
Categories: Security News

Zoom working on patching zero-day disclosed in Windows client

ZDNet Zero Day - Thu, 07/09/2020 - 13:00
Security firm has disclosed today a zero-day vulnerability in Zoom's Windows client.
Categories: Security News

Traffic Analysis of Home Security Cameras

Schneier on Security - Thu, 07/09/2020 - 06:16
Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread.... Bruce Schneier
Categories: Security News

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

ZDNet Zero Day - Thu, 07/09/2020 - 04:30
The APT is also a loyal customer of Golden Chickens, a Malware-as-a-Service outfit.
Categories: Security News

Google abandons Isolated Region cloud services project in China

ZDNet Zero Day - Thu, 07/09/2020 - 01:20
Google says the Isolated Region project was scrapped due to other services offering “better outcomes.”
Categories: Security News

More pre-installed malware has been found in budget US smartphones

ZDNet Zero Day - Wed, 07/08/2020 - 23:40
Cheap phones often have tradeoffs but researchers say this should never compromise user safety.
Categories: Security News

Nvidia fixes code execution vulnerability in GeForce Experience

ZDNet Zero Day - Wed, 07/08/2020 - 21:42
Security updates have also been released for the JetPack software development kit.
Categories: Security News

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption

ZDNet Zero Day - Wed, 07/08/2020 - 21:42
The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data (for encryption).
Categories: Security News

Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only

ZDNet Zero Day - Wed, 07/08/2020 - 18:09
New KDP security feature is currently being tested with Windows 10 Insider builds.
Categories: Security News

Google open-sources Tsunami vulnerability scanner

ZDNet Zero Day - Wed, 07/08/2020 - 12:16
Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.
Categories: Security News

Civil rights auditors slam Facebook stance on Trump, voter suppression

ZDNet Zero Day - Wed, 07/08/2020 - 07:09
Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling.
Categories: Security News

Half a Million IoT Passwords Leaked

Schneier on Security - Wed, 07/08/2020 - 06:41
It is amazing that this sort of thing can still happen: ...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure... Bruce Schneier
Categories: Security News