Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.
But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users. The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure.
Read moreWindows 7 users are reporting problems checking for updates through Windows Update and Microsoft Update. The root of the problem may be an expiration date that Microsoft needs to fix on its side, noted experts earlier today.
A Microsoft Answers thread for those hit by the Windows Update Error 80248015 -- which began at some point on December 3 -- is growing. I've also seen some with Windows Server 2008 reporting this same problem on Twitter. I am one of those affected on my desktop Dell PC that's running Windows 7 SP1. The message I am seeing is "Windows could not search for new updates."
Read morePayPal has revealed that its recently acquired company TIO Networks has suffered a data breach compromising the personal information of 1.6 million customers.
PayPal bought the Canadian payment processing company, which has over 60,000 utility and bills payment kiosks across North America, for $238m in cash in July. On Friday, 1 December, PayPal said a review of TIO's network showed evidence of a breach that may have compromised the details of about 1.6 million users, including locations that stored personal data of TIO customers and customers of TIO billers.
Read moreIt was an audacious scheme: an attempted inside job at the office of a federal watchdog agency, where the cops, the authorities said, became the robbers.
Three employees in the inspector general’s office for the Department of Homeland Security stole a computer system that contained sensitive personal information of about 246,000 agency employees, according to three United States officials and a report sent to Congress last week. They planned to modify the office’s proprietary software for managing investigative and disciplinary cases so that they could market and sell it to other inspector general offices across the federal government.
Read moreThe contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online.
The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures.
Read moreIf you're running macOS High Sierra, don't let anyone near your Apple Mac. It's possible for anyone to login to the Mac and get the admin level of access to change passwords, get access to all data on the main account and lock the original user out.
Fortunately, there's a fix that should solve the problem, even as Apple works to patch. First, the bug. In what may go down as one of the most embarrassing vulnerabilities in Apple history, all a "hacker" needs to do is sign in as an "Other" user, type in "root" for a username and no password. Then they're in. Experts tested the vulnerability and found it wide open, allowing a change of passwords for other accounts on the Mac.
Read moreNew features in software always bring bugs. Still, some are worse than others. When Facebook rolled out its new polling feature earlier this month, which allows people to post votable questions on anything from what to have for dinner to what dress to wear at a prom dance, it also inadvertently opened the door for hackers to delete any picture on the network.
Researcher discovered this bug in early November. When someone created a poll, he found, it would send a request to Facebook servers that included a unique ID for the picture or GIF included. At that point, he could replace that ID with the ID of any other picture on the network, even ones other people had uploaded.
Read moreA security researcher has discovered and publicly disclosed two critical vulnerabilities in the popular Internet mail message transfer agent Exim, one of which could allow a remote attacker to execute malicious code on the targeted server.
Exim is an open source mail transfer agent (MTA) developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which is responsible for routing, delivering and receiving email messages. The first vulnerability, identified as CVE-2017-16943, is a use-after-free bug which could be exploited to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands.
Read moreThe FBI failed to notify scores of US officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year, an investigation found.
The Associated Press dedicated two months and a small team of reporters to go through a hit list of targets of Fancy Bear, a Russian government-aligned cyberespionage group, that was provided by the cybersecurity firm Secureworks. Previous investigations based on the list had shown how Fancy Bear worked in close alignment with the Kremlin’s interests to steal tens of thousands of emails from the Democratic party.
Read moreImgur, one of the world's most visited websites, has confirmed a hack dating back to 2014. The company told that hackers stole 1.7 million email addresses and passwords, scrambled with the SHA-256 algorithm, which has been passed over in recent years in favor of stronger password scramblers.
Imgur said the breach didn't include personal information because the site has "never asked" for real names, addresses, or phone numbers. The stolen accounts represent a fraction of Imgur's 150 million monthly users. The hack went unnoticed for four years until the stolen data was sent to Troy Hunt, who runs data breach notification service.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland