In yet another example of absent security controls, troves of police body camera footage were left open to the world for anyone to siphon off, according to an infosec biz. Jasun Tate, CEO of Black Alchemy Solutions Group, told The Register on Monday he and his team had identified about a terabyte of officer body Read more about Cop a load of this: 1TB of police body camera videos found lounging around public databases[…]

ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers. Now there’s new evidence that a U.K. firm takes a similar approach. Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting Read more about Sting Catches Another Ransomware Firm Negotiating With “Hackers” when claiming to decrypt[…]

Eight of the world’s biggest technology service providers were hacked by Chinese cyber spies in an elaborate and years-long invasion, Reuters found. The invasion exploited weaknesses in those companies, their customers, and the Western system of technological defense. […] The hacking campaign, known as “Cloud Hopper,” was the subject of a U.S. indictment in December that Read more about 8 of worlds top tech companies pwned for years by China[…]

Verizon sent a big chunk of the internet down a black hole this morning – and caused outages at Cloudflare, Facebook, Amazon, and others – after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania, USA. For nearly three hours, web traffic that was supposed to go to some of the biggest Read more about BGP super-blunder: How Verizon today sparked a ‘cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc[…]

During the social network’s heyday, multiple Myspace employees abused an internal company tool to spy on users, in some cases including ex-partners, Motherboard has learned. Named ‘Overlord,’ the tool allowed employees to see users’ passwords and their messages, according to multiple former employees. While the tool was originally designed to help moderate the platform and Read more about When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users[…]

A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 US patients. The leaky database was discovered by the security team at vpnMentor, led by Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet earlier Read more about Meds prescriptions for 78,000 patients left in a database with no password[…]

Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online. A terabyte of torrents seeded by Distributed Denial of Secrets Read more about Hack of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On[…]

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and Read more about Millions of Dell PCs Vulnerable to Flaw in SupportAssist software[…]

Google Calendar was down for users around the world for nearly three hours earlier today. Calendar users trying to access the service were met with a 404 error message through a browser from around 10AM ET until around 12:40PM ET. Google’s Calendar service dashboard now reveals that issues should be resolved for everyone within the Read more about Google Calendar was down for hours after major outage[…]

As far back as 2015, major companies like Sony and Intel have sought to crowdsource efforts to secure their systems and applications through the San Francisco startup HackerOne. Through the “bug bounty” program offered by the company, hackers once viewed as a nuisance—or worse, as criminals—can identify security vulnerabilities and get paid for their work. Read more about HackerOne Reveals Which Security Bugs Are Making Its Army of Hackers the Most Bank[…]

The well-known and respected data breach notification website “Have I Been Pwned” is up for sale. Troy Hunt, its founder and sole operator, announced the sale on Tuesday in a blog post where he explained why the time has come for Have I Been Pwned to become part of something bigger and more organized. “To Read more about The Biggest Data Breach Archive on the Internet Is for Sale[…]

On June 6, more than 70,000 BGP routes were leaked from Swiss colocation company Safe Host to China Telecom in Frankfurt, Germany, which then announced them on the global internet. This resulted in a massive rerouting of internet traffic via China Telecom systems in Europe, disrupting connectivity for netizens: a lot of data that should Read more about You won’t guess where European mobile data was rerouted for two hours. Oh. You can. Yes, it was China Telecom[…]

A team at network security outfit vpnMentor was scanning cyber-space as part of a web-mapping project when they happened upon a Graylog management server belonging to Tech Data that had been left freely accessible to the public. Within that database, we’re told, was a 264GB cache of information including emails, payment and credit card details, Read more about Who left a database of emails, credit cards, plain-text passwords, and more open to the web this week? Tech Data, come on down![…]

Google suffered major outages with its Cloud Platform on Sunday, causing widespread access issues with both its own services and third party apps ranging from Snapchat to Discord. As of early Sunday evening, issues had persisted for hours; according to the Google Cloud Status Dashboard, the outages began at roughly 3:25 p.m. ET and were Read more about Major Google Outage Hits YouTube, G Suite, and Third Party Apps Including Discord and Snapchat[…]

All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated. The bug Read more about Docker Bug Allows Root Access to Host File System[…]

In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information. Most passwords are secure Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails Read more about Flipboard hacked and open for 9 months – fortunately passwords properly salted and encrypted so not much damage[…]

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geolocations. I also noticed Chinese Read more about Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online[…]

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction Read more about First American Financial Corp. Leaked 885 Million Title Insurance Records[…]

Google admitted Tuesday its paid-for G Suite of cloudy apps aimed at businesses stored some user passwords in plaintext albeit in an encrypted form. Administrators of accounts affected by the security blunder were warned via email that, in certain circumstances, passwords had not been hashed. Hashing is a standard industry practice that protects credentials by Read more about G Suite passwords stored unhashed creds since 2005, and other passwords in plain text for 14 days for troubleshooting[…]

A new device fingerprinting technique can track Android and iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions. This new technique — called a calibration fingerprinting attack, or SensorID — works by using calibration details from gyroscope and magnetometer sensors on iOS; and Read more about Android and iOS devices impacted by new sensor calibration attack – it’s easy to follow your device everywhere online[…]

Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including: MAC address of every device that’s ever connected to it (full historical record, not just active devices) Device name (such as “TROY-PC” or “Mat’s MacBook Pro”) Operating system (such as “Windows Read more about Over 25,000 Linksys Smart Wi-Fi routers kept info on who connected to them and are now leaking this[…]

A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by Read more about Millions of Instagram influencers had their private contact data scraped and exposed on AWS[…]

Last week, Adobe said that older versions of Creative Cloud apps—including Photoshop and Lightroom—would no longer be available to subscribers. This week, some users are getting messages from Adobe warning they could be at “risk of potential claims of infringement by third parties” should they continue to use outdated versions of their apps. The new Read more about Adobe: If You Use Old Apps, You May Be Violating Third-Party Copyrights, highlighting the problem that you don’t own anything in the Cloud[…]

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on. The Facebook-owned software suffers from Read more about It’s 2019 and a WhatsApp call can hack a phone: Zero-day exploit infects mobes with spyware[…]

Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way. Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Read more about New Intel firmware boot verification bypass enables low-level persistent backdoors[…]