Equifax is one of the largest credit reporting agencies in America, which makes an announcement the company just issued particularly disconcerting. An authorized third party gained access to Equifax data on as many as 143 million Americans.
That's nearly half the population of the United States as of the last census. Equifax announced the incident this afternoon. Included among files accessed by hackers was a treasure trove of personal data: names, dates of birth, Social Security numbers, addresses. In some cases -- Equifax states around 209,000 -- the records also included actual credit card numbers. Documentation about disputed charges was also leaked.Read more
A security company has found an Amazon server that was stuffed with thousands of pieces of personal information about military types with little or no protection on it. The security company is called UpGuard, and it says that it found the collection of resumes and applications for a position at a place called TigerSwan.
TigerSwan told UpGuard that these resumes included some from people applying for top secret jobs, which makes their storing on an unsecured cloud-based server sound a bit odd. The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan.Read more
Cryptocurrencies were supposed to be largely anonymous. But a software tool gives the IRS has a better chance of identifying people who hide their wealth.
You can use bitcoin. But you can’t hide from the taxman. At least, that’s the hope of the Internal Revenue Service, which has purchased specialist software to track those using bitcoin, according to a contract obtained. The document highlights how law enforcement isn’t only concerned with criminals accumulating bitcoin from selling drugs or hacking targets, but also those who use the currency to hide wealth or avoid paying taxes. The IRS has claimed that only 802 people declared bitcoin losses or profits in 2015.Read more
Anyone relying on the CIA for tech support got a nasty surprise this morning, as documents published by Wikileaks revealed a secret project to siphon out data through its technical liaison service, dating back to 2009.
The program, called ExpressLane, is designed to be deployed alongside a biometric collection system that the CIA provides to partner agencies. In theory, those partners are agreeing to provide the CIA with access to specific biometric data — but on the off-chance those partners are holding out on them, ExpressLane gives the agency a way to take it without anyone knowing. ExpressLane masquerades as a software update.Read more
A short drive south of Alice Springs, the second largest population center in Australia’s Northern Territory, there is a high-security compound, code-named “RAINFALL.”
The remote base is one of the most important covert surveillance sites in the eastern hemisphere. Hundreds of Australian and American employees come and go every day from Joint Defence Facility Pine Gap, as the base is formally known. The official “cover story,” as outlined in a secret U.S. intelligence document, is to “support the national security of both the U.S. and Australia. The [facility] contributes to verifying arms control and disarmament agreements and monitoring military developments.”Read more
More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data.
The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law.Read more
Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.
"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub." This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.Read more
The security problems found in internet-enabled medical equipment and cars in recent years have raised a lot of awareness about the public safety risks of connected devices. But it's not just life-saving implements and fast-moving vehicles that pose potential harm.
A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the systems to physically attack vehicles and their occupants. The vulnerabilities would let an attacker open and close the bay doors on a car wash to trap vehicles inside the chamber, or strike them with the doors, damaging them and possibly injuring occupants.Read more
The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks.
IBM X-Force and Flashpoint both recently spotted new Trickbot activity. According to the researchers, spam campaigns have been active over the past several months, with the latest Trickbot attack reported earlier this week. While Flashpoint focused on the U.S. as targets, IBM focused on the redirection attacks used to steal login details, personally identifiable information and financial authentication codes.Read more
Smart rings aren't a novel idea: There are plenty of fitness tracking, notification-sending, payment or even protective finger ornaments around. But none have the ability to identify you and authorize your transactions wherever you go. That is, until Token hits the market. It's a biometric ring that can be used to open house doors, start cars, make credit card transactions and sign in to your computer.
That all sounds nifty in theory, but without any real cooperation from the third parties that enable those authorizations, Token is all but useless. The good news is that its makers managed to get support from an impressive list of partners including MasterCard, Microsoft, Visa and HID.Read more