Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story....
The rail service says that customer PII may have been compromised.
The security flaw handed over the keys to enterprise infrastructure.
US federal agencies reported 28,581 cyber-security incidents in 2019, down by 8% from 31,107 in 2018.
Only a third of users changed their password following a data breach.
This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in...
User accounts could be hijacked through missing validation processes on Apple servers.
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.
Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device". "Through a process...
DDoS-for-hire and Trojan-related searches are on the agency’s radar.
Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling...
Attorneys suing the company will now have access to the report in preparation for a potential trial.
The malware's end goal was to install a remote access trojan and grant hackers access to highly sensitive workstations were sensitive projects were being developed.
Chrome will block sites from showing notification spam by default. Has been an opt-in feature since February.
Japanese telecommunications giant NTT says hackers breached its internal network and stole data on 621 customers.
Hackers used vulnerabilities in the SaltStack data center software to breach six Cisco servers.
NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019.
Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen...