Earlier this month, the multibillion-dollar cruise conglomerate Carnival Corp. announced that two of its most popular lines—Holland America and Princess Cruises—were respectively slammed with hacks compromising the sensitive personal intel of cruise-goers and cruise-workers alike. Even though neither announcement makes mention of when each respective breach was disclosed, pulling up the source code for the Read more about Carnival Corp. (Holland America / Princess Cruises) Discloses nasty customer Data Breach Amid Covid-19 Panic[…]

Whisper, the secret-sharing app that called itself the “safest place on the Internet,” left years of users’ most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. The data exposure, discovered by independent researchers and shown to Read more about 900 Million Secrets From 8 Years of ‘Whisper’ App Were Left Exposed Online[…]

Federal regulators waived a rule Wednesday that was causing airlines to fly nearly empty planes just to avoid losing takeoff and landing rights at major airports. The Federal Aviation Administration said it would suspend the rule through May 31 to help airlines that are canceling flights because of the new virus outbreak. The FAA assigns Read more about US Rule Waiver Will Reduce Empty Planes During Virus Outbreak (after in EU) and then closes US airspace to EU flights after blaming EU for Corona[…]

Named Load Value Injection, or LVI for short, this is a new class of theoretical attacks against Intel CPUs. While the attack has been deemed only a theoretical threat, Intel has released firmware patches to mitigate attacks against current CPUs, and fixes will be deployed at the hardware (silicon design) level in future generations. A Read more about Intel CPUs vulnerable to new LVI attacks, allows information injection[…]

Web researcher David Eade found and reported CVE-2020-8987 to Avast: this is a trio of blunders that, when combined, can be exploited by a snooper to silently intercept and tamper with an AntiTrack user’s connections to even the most heavily secured websites. This is because when using AntiTrack, your web connections are routed through the Read more about Avast’s and AVG AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping[…]

In fact, the marketing database also contained some subscribers’ requests to block or unblock access to X-rated and gambling websites, unique ID numbers of stolen cellphones, and records of whichever site they were visiting before arriving at the Virgin Media website. This is according to British infosec shop Turgensec, which discovered the poorly secured Virgin Read more about FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more[…]

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A Read more about Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys[…]

Based on Google data, two in five of Android users worldwide may no longer be receiving updates, and while these devices won’t immediately have problems, without security support there is an increased risk to the user. Our latest tests have shown how such phones and tablets, including handsets still available to buy from online marketplaces Read more about More than one billion Android devices at risk of malware threats, no longer being updated[…]

Virgin Media, one of the UK’s biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers’ personal information onto the internet via a poorly secured database. The cableco said it “incorrectly configured” a storage system so that at least one miscreant was able to access it and potentially siphon off customer records. The Read more about Virgin broadband ISP spills 900,000 punters’ records into wrong hands from insecure database[…]

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month. The Window giant’s director of identity security, Alex Weinert, and IT identity and access program manager Lee Walker revealed the figures at the RSA conference last month in San Francisco. “About a half of a per Read more about Enable MFA: 1.2 million Azure Active Directory (Office 365) accounts compromised every month, reckons Microsoft[…]

An error in chipset read-only memory (ROM) could allow attackers to compromise platform encryption keys and steal sensitive information. Intel has thanked Positive Technologies experts for their discovery of a vulnerability in Intel CSME. Most Intel chipsets released in the last five years contain the vulnerability in question. By exploiting vulnerability CVE-2019-0090, a local attacker Read more about Unfixable vulnerability in Intel CSME allows crypto key stealing and local access to files[…]

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications. The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.” The app is favored by privacy Read more about EU Commission to staff: Switch to Signal messaging app[…]

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims’ encrypted Wi-Fi traffic. The flaw [PDF] was branded KrØØk by the bods at Euro infosec outfit ESET who discovered it. The design blunder is otherwise known as CVE-2019-15126, and Read more about Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right?[…]

Automating connections from 3rd party providers makes it easy to access your financial data because people re-use their logins and these logins have been repeatedly leaked online. New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application Read more about Your banks’ APIs are a major target for credential stuffing attacks[…]

In the early hours of this morning, a very large number of Samsung devices around the world received a push notification from the vendor’s Find my Mobile app. That notification simply read “1/1”. […] A handful of Reg staffers also received the notification, which caused surprise and concern at Vulture Central – not least because Read more about All that Samsung users found on UK website after weird Find my Mobile push notification was… other people’s details[…]

Penetration testers looking at commercial shipping and oil rigs discovered a litany of security blunders and vulnerabilities – including one set that would have let them take full control of a rig at sea. Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says, reckoned that on the whole, Read more about Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners[…]

Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time, the Telegraph can reveal. Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a Read more about Facebook was repeatedly warned of security flaw that led to biggest data breach in its history[…]

Thousands of images, videos and records pertaining to plastic surgery patients were left on an unsecured database where they could be viewed by anyone with the right IP address, researchers said Friday. The data included about 900,000 records, which researchers say could belong to thousands of different patients. The data was generated at clinics around Read more about Plastic surgery images and invoices leak from unsecured database[…]

Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst Read more about Apple’s Mac computers now outpace Windows in malware and virus[…]

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the flaw, warning that a locally authenticated low-privilege user could exploit Read more about Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool[…]

A software error in Denmark’s government tax portal has accidentally exposed the personal identification (CPR) numbers for 1.26 million Danish citizens, a fifth of the country’s total population. The error lasted for five years (between February 2, 2015, and January 24, 2020) before it was discovered, Danish media reported last week. The software error and Read more about Software error exposes the ID numbers, birthdays and genders for 1.26 million Danish citizens, 1/5th of the population[…]

A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election. The security lapse was tied to a mobile app used by Prime Minister Read more about Israeli Voters: Data of All 6.5 Million Voters Leaked[…]

Personal records, including scans of ID cards and purchase details, for more than 30,000 people were exposed to the public internet from this unsecured cloud silo, we’re told. In addition to full names and pictures of customer ID cards, the 85,000 file collection is said to include email and mailing address, phone numbers, dates of Read more about Sorry to be blunt about this… Open AWS S3 storage bucket just made 30,000 potheads’ privacy go up in smoke[…]

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices. This data can be used Read more about Netgear leaves admin interface’s TLS cert and private key router firmware[…]