A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security. The campaign seems to be automated according to Sanguine Security researcher Willem de Groot who told BleepingComputer that the card skimming script was added within a 24-hour timeframe. “It would be nearly impossible to breach 960+ Read more about Magento webshop Automated Magecart Campaign Hits Over 960 Breached Stores[…]

On Monday, security researcher Jonathan Leitschuh publicly disclosed a serious zero-day vulnerability in conferencing software Zoom—which apparently achieves its click-to-join feature, which allows users to go directly to a video meeting from a browser link, on Mac computers by installing a local web server running as a background process that “accepts requests regular browsers wouldn’t,” Read more about Serious Security Flaw With Teleconferencing App Zoom Allows Websites to Hijack Mac Webcams – and you can’t fix it by uninstalling[…]

Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don’t want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered Read more about More than 1,000 Android apps harvest data even after you deny permissions[…]

Over ten million users have been duped in installing a fake Samsung app named “Updates for Samsung” that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads. “I have contacted the Google Play Store and asked them to consider removing this app,” Aleksejs Kuprins, malware analyst at Read more about Fake Samsung firmware update app tricks more than 10 million Android users[…]

There’s an interesting and troubling attack happening to some people involved in the OpenPGP community that makes their certificates unusable and can essentially break the OpenPGP implementation of anyone who tries to import one of the certificates. The attack is quite simple and doesn’t exploit any technical vulnerabilities in the OpenPGP software, but instead takes Read more about OpenPGP Certificate Attack Worries Experts, due to same symptoms bothering other Open Source projects – not enough contributors[…]

Windows 10 continues to be a danger zone. Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptive about the operation of key services. And now the company has warned millions about another problem. Spotted by the always excellent Windows Latest, Microsoft has told tens of millions of Windows Read more about Microsoft Issues Warning For 50M Windows 10 Users – VPNs are now broken[…]

Facebook resolves day-long outages across Instagram, WhatsApp, and Messenger Facebook had problems loading images, videos, and other data across its apps today, leaving some people unable to load photos in the Facebook News Feed, view stories on Instagram, or send messages in WhatsApp. Facebook said earlier today it was aware of the issues and was Read more about Facebook, Instragram, Whatsapp, Oculus, Google Cloud go down and Cloudflare reroutes large portions of the internet to nothing – twice[…]

In yet another example of absent security controls, troves of police body camera footage were left open to the world for anyone to siphon off, according to an infosec biz. Jasun Tate, CEO of Black Alchemy Solutions Group, told The Register on Monday he and his team had identified about a terabyte of officer body Read more about Cop a load of this: 1TB of police body camera videos found lounging around public databases[…]

ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers. Now there’s new evidence that a U.K. firm takes a similar approach. Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting Read more about Sting Catches Another Ransomware Firm Negotiating With “Hackers” when claiming to decrypt[…]

Eight of the world’s biggest technology service providers were hacked by Chinese cyber spies in an elaborate and years-long invasion, Reuters found. The invasion exploited weaknesses in those companies, their customers, and the Western system of technological defense. […] The hacking campaign, known as “Cloud Hopper,” was the subject of a U.S. indictment in December that Read more about 8 of worlds top tech companies pwned for years by China[…]

Verizon sent a big chunk of the internet down a black hole this morning – and caused outages at Cloudflare, Facebook, Amazon, and others – after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania, USA. For nearly three hours, web traffic that was supposed to go to some of the biggest Read more about BGP super-blunder: How Verizon today sparked a ‘cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc[…]

During the social network’s heyday, multiple Myspace employees abused an internal company tool to spy on users, in some cases including ex-partners, Motherboard has learned. Named ‘Overlord,’ the tool allowed employees to see users’ passwords and their messages, according to multiple former employees. While the tool was originally designed to help moderate the platform and Read more about When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users[…]

A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 US patients. The leaky database was discovered by the security team at vpnMentor, led by Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet earlier Read more about Meds prescriptions for 78,000 patients left in a database with no password[…]

Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online. A terabyte of torrents seeded by Distributed Denial of Secrets Read more about Hack of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On[…]

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and Read more about Millions of Dell PCs Vulnerable to Flaw in SupportAssist software[…]

Google Calendar was down for users around the world for nearly three hours earlier today. Calendar users trying to access the service were met with a 404 error message through a browser from around 10AM ET until around 12:40PM ET. Google’s Calendar service dashboard now reveals that issues should be resolved for everyone within the Read more about Google Calendar was down for hours after major outage[…]

As far back as 2015, major companies like Sony and Intel have sought to crowdsource efforts to secure their systems and applications through the San Francisco startup HackerOne. Through the “bug bounty” program offered by the company, hackers once viewed as a nuisance—or worse, as criminals—can identify security vulnerabilities and get paid for their work. Read more about HackerOne Reveals Which Security Bugs Are Making Its Army of Hackers the Most Bank[…]

The well-known and respected data breach notification website “Have I Been Pwned” is up for sale. Troy Hunt, its founder and sole operator, announced the sale on Tuesday in a blog post where he explained why the time has come for Have I Been Pwned to become part of something bigger and more organized. “To Read more about The Biggest Data Breach Archive on the Internet Is for Sale[…]

On June 6, more than 70,000 BGP routes were leaked from Swiss colocation company Safe Host to China Telecom in Frankfurt, Germany, which then announced them on the global internet. This resulted in a massive rerouting of internet traffic via China Telecom systems in Europe, disrupting connectivity for netizens: a lot of data that should Read more about You won’t guess where European mobile data was rerouted for two hours. Oh. You can. Yes, it was China Telecom[…]

A team at network security outfit vpnMentor was scanning cyber-space as part of a web-mapping project when they happened upon a Graylog management server belonging to Tech Data that had been left freely accessible to the public. Within that database, we’re told, was a 264GB cache of information including emails, payment and credit card details, Read more about Who left a database of emails, credit cards, plain-text passwords, and more open to the web this week? Tech Data, come on down![…]

Google suffered major outages with its Cloud Platform on Sunday, causing widespread access issues with both its own services and third party apps ranging from Snapchat to Discord. As of early Sunday evening, issues had persisted for hours; according to the Google Cloud Status Dashboard, the outages began at roughly 3:25 p.m. ET and were Read more about Major Google Outage Hits YouTube, G Suite, and Third Party Apps Including Discord and Snapchat[…]

All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated. The bug Read more about Docker Bug Allows Root Access to Host File System[…]

In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information. Most passwords are secure Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails Read more about Flipboard hacked and open for 9 months – fortunately passwords properly salted and encrypted so not much damage[…]

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geolocations. I also noticed Chinese Read more about Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online[…]

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction Read more about First American Financial Corp. Leaked 885 Million Title Insurance Records[…]