14 Jan 2019

NASA internal app leaked employee emails, project names

A NASA server running Jira, an application used by the space agency to track internal bugs for apps and projects, was leaking sensitive information including staff usernames, names and project names last year. Bug hunter Avinash Jain detected and reported the issue in early September 2018, but NASA only fixed the

Read More
14 Jan 2019

Del Rio City Hall Forced to Use Paper After Ransomware Attack

Last Thursday, The City Hall of Del Rio, Texas suffered a ransomware attack. The City’s M.I.S. (Management Information Services) Department responded to the attack by disconnecting the local network from the Internet and prohibiting staff from logging on to their computers, thereby forcing them to perform their duties using only pen and

Read More
11 Jan 2019

I Gave a Bounty Hunter $300. Then He Located Our Phone

Joseph Cox of Motherboard has conducted an investigation into the sale of access to customers’ location data by the telecommunications companies T-Mobile, Sprint, and AT&T. The researcher claims to have found evidence showing that the sensitive information is being resold to dubious actors. Among the parties obtaining unauthorized access to the location

Read More
11 Jan 2019

TLS Certificates for Many .gov Domains Not Renewed Due to Government Shutdown

Internet services company Netcraft warns that the ongoing US Government shutdown is putting Internet users at risk. The shutdown, which began three weeks ago, has prevented the renewal of TLS certificates for more than 80 .gov websites. Netcraft’s Paul Mutton explained that “[m]ost of the affected sites will display an

Read More
11 Jan 2019

McAfee casts doubt on Ryuk ransomware connection to North Korea

Security researchers with McAfee have released a report in which they argue that the recent Ryuk ransomware attack on Tribune Publishing Co., which disrupted the distribution of various major US newspapers, was not carried out by North Korean hackers, as various media outlets have claimed. According to the report, the threat actors

Read More
11 Jan 2019

CVs containing sensitive info of over 202 million Chinese users left exposed online

Once again a security research has discovered an unsecured database that left sensitive information affecting millions of people exposed online. Instances like this are increasingly common since more and more organizations are storing data online, quite often without following proper security practices. In this case, Bob Diachenko of Hacken Proof

Read More
11 Jan 2019

Reddit users locked out of accounts after “security concern”

Reddit has informed a large number of users about a “security concern” that requires them to reset their passwords. The security concern refers to unusual user behavior spotted by Reddit admins, which indicated a credential-stuffing attack affecting many accounts. One Reddit admin explained that the company suspects threat actors were

Read More
11 Jan 2019

Consumers Demand Security from Smart Device Makers

The security of connected devices, or the lack thereof rather, is one of the biggest cybersecurity issues right now. Gartner predicts the Internet of Things (IoT) will consist of 25 billion devices by 2021, most of which might be very easy to hack, if current trends are any indication. According

Read More
10 Jan 2019

The government shutdown is catastrophic for US cybersecurity

The current US government shutdown caused by a conflict over the budget, and in particular by president Trump’s refusal to approve legislation to fund the government if it does not include $5 billion for a border wall with Mexico, is having an immediate negative impact on the country’s cyber defenses. However, the

Read More
10 Jan 2019

Iran-Linked DNS Hijacking Attacks Target Organizations Worldwide

FireEye has discovered a global DNS hijacking campaign targeting governments and businesses, including companies vital to telecommunications and Internet infrastructure. The cybersecurity firm says it has found evidence indicating that the attacks may be carried out by hackers working for the Iranian government. The attackers attempt to gain access to targeted networks

Read More