Ride-sharing company reveals 380,000 in Singapore were affected by the massive data breach that compromised 57 million accounts globally, but says no fraud or misuse has been tied to these users. Uber says an estimated 380,000 users in Singapore were impacted by the 2016 data breach that compromised 58 million accounts globally, but finds no incidents of fraud related to the attack. The ride-sharing operator...
Read More
A dump of 1.4 billion passwords – clear text passwords available in an aggregated, interactive database – was recently discovered online by 4iQ. While it might sound like more of the same, a couple factors make this news both particularly concerning and sadly predictable. Details of the Data Here are a few details about what 4iQ discovered: The 41GB dump was found on December 5, 2017 in...
Read More
EC Council and BGD e-GOV CIRT have recently signed a MoU, with a joint vision to provide ANSI Certified C|CISO certification to Bangladesh Government’s top security professionals across ministries, that are eligible for the course. The attendees of the course will range from business, police, military, paramilitary forces, telecom and other top government officials at leadership positions. Under the scope of the MoU, the courseware...
Read More
White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing. Some Windows 10 versions come with a pre-installed 3rd-party password manager app that could allow hackers to steal users credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft included in its OS a new feature called Content Delivery Manager that silently installs new...
Read More
Apple just can’t seem to get away from the theme of security flaws right now. Last month it was the macOS 10.13 root password issue, hot on the heels of the news that the iPhone’s X’s much-vaunted Face ID authentication could be bypassed using a prosthetic mask. And it only seems fair to mention the small matter of the ‘show your password hint in encrypted APFS volumes’ issue...
Read More
Ransomware is a growth industry – and it’s growing because it works. Attacks that lock up data unless a ransom is paid shot up an unbelievable 6000% worldwide in 2016 over the previous year. According to the FBI, hackers “earned” over a billion dollars in ransomware attacks in 2016, some five times over the amount they netted in 2015. Despite the big numbers, it’s small users who may be...
Read More
Microsoft released Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 Critical browser issues. Microsoft has released its Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 critical flaws affecting the Internet Explorer and Edge web browsers. Microsoft addressed several memory corruption flaws that can be exploited for remote code execution. Most of the vulnerabilities reside in...
Read More
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions. Named ROBOT, which stands for Return Of Bleichenbacher’s Oracle Threat, this new attack is a variation of the Bleichenbacher attack on the RSA algorithm discovered almost two decades ago. The original Bleichenbacher attack Back...
Read More
The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the “Internet Chemotherapy” project in November 2016. Known as The Doctor (self-given name) and The Janit0r (HackForums nickname), this individual (or group) is the author of BrickerBot, a malware strain that was purposely created to brick IoT devices....
Read More
While USB drives are ubiquitous for employees across all industries, security policies for these devices are often severely outdated or grossly inadequate for protecting critical enterprise data, according to Apricorn. By failing to effectively monitor USB usage, organizations are leaving themselves vulnerable to data breaches, as well as putting their clients’ and employees’ personal information at risk. While nine out of 10 employees rely on USB...
Read More
