Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Johannes Ullrich, dean of research at the SANS Technology Institute, said Wednesday that there’s been an uptick in Netflix phishing mails using TLS-certified sites. The bad actors behind the attacks will take advantage of unpatched installs […]
More than a year after CloudPets connected teddy bears were found to have exposed 2.2 million voice recordings between parents and their children in a significant data breach, Amazon, Target and Walmart have pulled the toys from their online markets. But it’s the installed base of the connected cuddlies that should be of greater concern. […]
The global shipping industry is vulnerable to a range of hacks, including one that can send multi-million dollar vessels on a collision course for disaster, according researchers. Worse, the flaws are trivial to execute and easy to mitigate against, according to a report by Pen Test Partners. “Ship security is in its infancy – most of […]
GOOGLE TACKLES AI PRINCIPLES: IS IT ENOUGH?
June 13, 2018
Google has released its manifesto of principles guiding its efforts in the artificial intelligence realm – though some say the salvo isn’t as complete as it could be. AI is the new golden ring for developers, thanks to its potential to not just automate functions at scale but also to make contextual decisions, based on […]
Facebook’s Special-Access, Data-Sharing Deals
June 12, 2018
In the months that have followed Mark Zuckerberg’s testimony before Congress, Facebook has repeatedly found itself in the headlines. Once again, it has come to light that the social media giant has been less than transparent, with the Wall Street Journal reporting that certain companies deemed to provide particular value to Facebook were placed on what was […]
Coinrail Heist Drains 30% of Crypto-Exchange’s Coins
June 11, 2018
A South Korean crypto-currency exchange has lost virtual coins with a reported value of $37m after a cyber-attack on the company. Coinrail explained in a statement earlier today that the attack came at dawn on Sunday. “At present, 70% of your coin rail total coin / token reserves have been confirmed to be safely stored […]
Ticketfly and several major venues’ services are still offline Friday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets. Ticket distribution service Ticketfly said in a statement that it has launched an ongoing investigation into the incident and has yet to confirm the “extent […]
RESEARCHERS WARN OF MICROSOFT ZERO-DAY RCE BUG
June 7, 2018
Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. […]
A side-channel vulnerability in Google Chrome and Mozilla Firefox allows drive-by de-anonymization of Facebook users. An exploit would allow an attacker to pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website – with no additional user interaction. The vulnerability (CVE-2017-15417) lies in certain browser […]
Thousands of organizations out there are leaking some form of sensitive email, according to an analysis, thanks to a widespread misconfiguration in Google Groups. According to Kenna Security, the afflicted include Fortune 500 companies, hospitals, universities and colleges, newspapers and television stations and U.S. government agencies. Out of just one sample of 9,600 organizations with […]