Security News

"Sign in with Apple" Vulnerability

Schneier on Security - Tue, 06/02/2020 - 06:27
Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story.... Bruce Schneier
Categories: Security News

Amtrak discloses data breach, potential leak of customer account data

ZDNet Zero Day - Tue, 06/02/2020 - 03:34
The rail service says that customer PII may have been compromised.
Categories: Security News

VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure

ZDNet Zero Day - Tue, 06/02/2020 - 00:00
The security flaw handed over the keys to enterprise infrastructure.
Categories: Security News

White House says security incidents at US federal agencies went down in 2019

ZDNet Zero Day - Mon, 06/01/2020 - 15:58
US federal agencies reported 28,581 cyber-security incidents in 2019, down by 8% from 31,107 in 2018.
Categories: Security News

After a breach, users rarely change their passwords, study finds

ZDNet Zero Day - Mon, 06/01/2020 - 12:39
Only a third of users changed their password following a data breach.
Categories: Security News

Password Changing After a Breach

Schneier on Security - Mon, 06/01/2020 - 06:08
This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in... Bruce Schneier
Categories: Security News

Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug

ZDNet Zero Day - Mon, 06/01/2020 - 05:25
User accounts could be hijacked through missing validation processes on Apple servers.
Categories: Security News

Joomla team discloses data breach

ZDNet Zero Day - Sun, 05/31/2020 - 21:05
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.
Categories: Security News

Hacker leaks database of dark web hosting provider

ZDNet Zero Day - Sun, 05/31/2020 - 05:43
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.
Categories: Security News

Friday Squid Blogging: Humboldt Squid Communication

Schneier on Security - Fri, 05/29/2020 - 16:07
Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Bogus Security Technology: An Anti-5G USB Stick

Schneier on Security - Fri, 05/29/2020 - 12:02
The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device". "Through a process... Bruce Schneier
Categories: Security News

NCA launches UK ad campaign to divert kids searching for cybercrime tools

ZDNet Zero Day - Fri, 05/29/2020 - 07:16
DDoS-for-hire and Trojan-related searches are on the agency’s radar.
Categories: Security News

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Schneier on Security - Fri, 05/29/2020 - 06:37
Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling... Bruce Schneier
Categories: Security News

Judge demands Capital One release Mandiant cyberforensic report on data breach

ZDNet Zero Day - Fri, 05/29/2020 - 05:51
Attorneys suing the company will now have access to the report in preparation for a potential trial.
Categories: Security News

GitHub warns Java developers of new malware poisoning NetBeans projects

ZDNet Zero Day - Fri, 05/29/2020 - 00:00
The malware's end goal was to install a remote access trojan and grant hackers access to highly sensitive workstations were sensitive projects were being developed.
Categories: Security News

Google to enable the Chrome anti-notification spam system in July 2020

ZDNet Zero Day - Thu, 05/28/2020 - 15:56
Chrome will block sites from showing notification spam by default. Has been an opt-in feature since February.
Categories: Security News

Fortune 500 company NTT discloses security breach

ZDNet Zero Day - Thu, 05/28/2020 - 14:16
Japanese telecommunications giant NTT says hackers breached its internal network and stole data on 621 customers.
Categories: Security News

Cisco discloses security breach that impacted VIRL-PE infrastructure

ZDNet Zero Day - Thu, 05/28/2020 - 13:05
Hackers used vulnerabilities in the SaltStack data center software to breach six Cisco servers.
Categories: Security News

NSA warns of new Sandworm attacks on email servers

ZDNet Zero Day - Thu, 05/28/2020 - 10:31
NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019.
Categories: Security News

Thermal Imaging as Security Theater

Schneier on Security - Thu, 05/28/2020 - 06:50
Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen... Bruce Schneier
Categories: Security News