Protecting Your Cyber World With Real World Solutions

The FTC Is Officially Investigating Facebook's Data Practices

This entry was posted in SecurityNews on March 27, 2018 by

By l33tdawg The FTC Is Officially Investigating Facebook’s Data Practices
l33tdawg
Tue, 03/27/2018 – 05:32 …read more

Via:: HITBSec

Trending
Current
CSO
Did you Know?

Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

Ninth more unto the breach, dear friends, ninth more. [...]

Apple pushes out iOS security update that’s more tight-lipped than ever

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good... [...]

LastPass admits to customer data breach caused by previous breach

Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round. [...]

The CHRISTMA EXEC network worm – 35 years and counting!

"Uh-oh, this viruses-and-worms scene could turn out quite troublesome." If only we'd been wrong... [...]

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Latest episode - listen now (or read if you prefer)... [...]

Serious Security: MD5 considered harmful – to the tune of $600,000

It's not just the hashing, by the way. It's the salting and the stretching, too! [...]

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line. [...]

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. [...]

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. [...]

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. [...]

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. [...]

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. [...]

BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness

Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This… [...]

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2022 and 2023.From major events to those that are more narrowly focused, this list… [...]

Researchers found security pitfalls in IBM’s cloud infrastructure

Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure.Developed by researchers from security firm Wiz, the attack combined a privilege escalation vulnerability in the IBM Cloud Databases for PostgreSQL service with plaintext credentials scattered around the environment and overly permissive internal network access controls that allowed for lateral movement inside the infrastructure.To read this article in full, please click here [...]

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to this issue.“We have discovered that when transferring artifacts between different workflows, there is a major risk for artifact poisoning — a technique in which attackers replace the content of a legitimate artifact with a modified malicious one and thereby initiate a supply chain attack,” researchers… [...]

8 things to consider amid cybersecurity vendor layoffs

2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world have announced significant staff cuts, including Amazon, Twitter, Meta, and Salesforce. Although perhaps less severely affected, cybersecurity vendors haven’t been immune. Popular security firms including Snyk, Malwarebytes, Tripwire, Cybereason, and Lacework have made notable workforce cuts this year, albeit for varying reasons from shifting business… [...]

Fortanix unveils AWS integration for centralized key management

Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS’ external encryption key store system, adding another major public cloud vendor to the list of those supported for the company’s key management system.With this week's update, Fortanix, which already supports this type of cloud key management system in Azure and Google Cloud, is trying to solve one of the major security and regulatory problems posed by multicloud environments. Every public cloud provider has its own management service for digital keys, which generally don’t integrate with services provided by other vendors. That’s a serious headache for… [...]

Apple releases patch for iPhone and iPad 0-day reported by anonymous source

Apple releases patch for iPhone and iPad 0-day reported by anonymous source l33tdawg Fri, 12/02/2022 - 09:28 [...]

All the Actually Important Stuff Neuralink Just Announced

All the Actually Important Stuff Neuralink Just Announced l33tdawg Fri, 12/02/2022 - 09:28 [...]

OpenAI invites everyone to test new AI-powered chatbot—with amusing results

OpenAI invites everyone to test new AI-powered chatbot—with amusing results l33tdawg Fri, 12/02/2022 - 09:28 [...]

Over a year later, Musk’s Neuralink still 6 months from human trials

Over a year later, Musk’s Neuralink still 6 months from human trials l33tdawg Fri, 12/02/2022 - 09:28 [...]

First M2 Max benchmark scores appear to leak on Geekbench

First M2 Max benchmark scores appear to leak on Geekbench l33tdawg Thu, 12/01/2022 - 01:37 [...]

Chrome, Defender, and Firefox 0-days linked to commercial IT firm in Spain

Chrome, Defender, and Firefox 0-days linked to commercial IT firm in Spain l33tdawg Thu, 12/01/2022 - 01:37 [...]