A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent.
Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.Read more
If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data.
A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let attackers compromise vulnerable devices and steal data stored on them. LG's Network Attached Storage (NAS) device is a dedicated file storage unit connected to a network that allows users to store and share data with multiple computers.Read more
Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates.
But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.Read more
Apple Inc. warned employees to stop leaking internal information on future plans and raised the specter of potential legal action and criminal charges, one of the most-aggressive moves by the world’s largest technology company to control information about its activities.
The Cupertino, California-based company said in a lengthy memo posted to its internal blog that it "caught 29 leakers," last year and noted that 12 of those were arrested. "These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere," Apple added. The company declined to comment on Friday.Read more
Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.
The security firm cites recurring WannaCry ransomware infections that are still taking place at various companies, even eleven months after the first WannaCry outbreak in May 2017. For example, Boeing, Connecticut state agencies, Honda, and Victoria state police suffered WannaCry infections long after Kryptos Logic researcher Marcus "MalwareTech" Hutchins registered the WannaCry killswitch domain, effectively stopping the global outbreak on May 12, last year.Read more
Vevo’s YouTube account appears to have fallen victim to hackers today, as a number of high-profile music videos have been defaced. The most-viewed YouTube video of all time, Luis Fonsi and Daddy Yankee’s “Despacito,” disappeared from YouTube briefly after being defaced by hackers.
The video’s image was altered and replaced with a masked gang holding guns (from Netflix show Casa de Papel), and the description was changed by hackers calling themselves Prosox and Kuroi’sh. Lots of other popular music videos have also defaced.Read more
Like most electronic stuff, robots are not immune to cybercriminals. Last year, researchers at IOActive detected as many as 50 vulnerabilities in robots developed by the Japanese firm SoftBank. They informed the manufacturer but never heard back. So this year at the Security Analyst Summit 2018, they decided to demonstrate what can happen.
Robots are all around us, toiling away in factories and warehouses, busting a gut in landfills, and even working in hospitals. For its part, SoftBank Robotics supplies electronic helpers to work with people. The NAO model introduces school kids and students to programming and robotics, and it also teaches children with autism.Read more
Retailer Hudson’s Bay Co on Sunday disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America.
One cyber security firm said that it has evidence that millions of cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year, but added that it was too soon to confirm whether that was the case. Toronto-based Hudson’s Bay said in a statement that it had “taken steps to contain” the breach but did not say it had succeeded in confirming that its network was secure.Read more
As discerning dark web drug dealers and pseudonymous hackers have figured that Bitcoin is not magically private money, many have turned to Monero, a digital coin that promises a far higher degree of anonymity and untraceability baked into its design.
But one group of researchers has found that Monero's privacy protections, while better than Bitcoin's, still aren’t the cloak of invisibility they might seem. Monero is designed to mix up any given Monero "coin" with other payments, so that anyone scouring Monero's blockchain can't link it to any particular identity or previous transaction from the same source.Read more
A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.”
“It is metastasizing rapidly out of North Charleston and I just heard 777 may have gone down,” reads VanderWel’s memo. The company worries the virus may hit equipment used in functional airplane tests, which could lead to it spreading to airplane software. WannaCry, which the Trump administration blames on the cyberterrorism unit of North Korea as of December 2017, attacked mainly via a critical Windows vulnerability.Read more