Equifax is one of the largest credit reporting agencies in America, which makes an announcement the company just issued particularly disconcerting. An authorized third party gained access to Equifax data on as many as 143 million Americans.
That's nearly half the population of the United States as of the last census. Equifax announced the incident this afternoon. Included among files accessed by hackers was a treasure trove of personal data: names, dates of birth, Social Security numbers, addresses. In some cases -- Equifax states around 209,000 -- the records also included actual credit card numbers. Documentation about disputed charges was also leaked.
Read moreA security company has found an Amazon server that was stuffed with thousands of pieces of personal information about military types with little or no protection on it. The security company is called UpGuard, and it says that it found the collection of resumes and applications for a position at a place called TigerSwan.
TigerSwan told UpGuard that these resumes included some from people applying for top secret jobs, which makes their storing on an unsecured cloud-based server sound a bit odd. The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan.
Read moreCryptocurrencies were supposed to be largely anonymous. But a software tool gives the IRS has a better chance of identifying people who hide their wealth.
You can use bitcoin. But you can’t hide from the taxman. At least, that’s the hope of the Internal Revenue Service, which has purchased specialist software to track those using bitcoin, according to a contract obtained. The document highlights how law enforcement isn’t only concerned with criminals accumulating bitcoin from selling drugs or hacking targets, but also those who use the currency to hide wealth or avoid paying taxes. The IRS has claimed that only 802 people declared bitcoin losses or profits in 2015.
Read moreAnyone relying on the CIA for tech support got a nasty surprise this morning, as documents published by Wikileaks revealed a secret project to siphon out data through its technical liaison service, dating back to 2009.
The program, called ExpressLane, is designed to be deployed alongside a biometric collection system that the CIA provides to partner agencies. In theory, those partners are agreeing to provide the CIA with access to specific biometric data — but on the off-chance those partners are holding out on them, ExpressLane gives the agency a way to take it without anyone knowing. ExpressLane masquerades as a software update.
Read moreA short drive south of Alice Springs, the second largest population center in Australia’s Northern Territory, there is a high-security compound, code-named “RAINFALL.”
The remote base is one of the most important covert surveillance sites in the eastern hemisphere. Hundreds of Australian and American employees come and go every day from Joint Defence Facility Pine Gap, as the base is formally known. The official “cover story,” as outlined in a secret U.S. intelligence document, is to “support the national security of both the U.S. and Australia. The [facility] contributes to verifying arms control and disarmament agreements and monitoring military developments.”
Read moreA leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.
State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed. Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password.
Read moreMore than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data.
The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law.
Read moreJust like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.
"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub." This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.
Read moreChinese-made drones that may have been used by U.S. service members in Syria are now banned by the U.S. Army, according to a report.
"Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction," reads the memo from Lt. Gen. Joseph H. Anderson, the Army's deputy chief of staff for plans and operations. The memo was obtained by the publication Defense One, which said it was also confirmed by two Army officials. According to the publication, the Army document cites "increased awareness of cyber vulnerabilities associated with DJI products."
Read moreA bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects - known in the tech industry as the "internet of things" - which experts have long warned poses a threat to global cyber security.
The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland