04 Dec 2019

Magecart Hackers Open Fire at Smith & Wesson Customers

Digital skimming hackers targeted the website of major US gun producer Smith & Wesson, as well as their customers, over the weekend. Smith & Wesson is based out of Springfield, Massachusetts, and was attacked on Black Friday during one of the highest-grossing shopping days of the year. Smith & Wesson

Read More
02 Dec 2019

SDKs Misused to Scrape Twitter, Facebook Account Info

Twitter and Facebook warn users that software development kits (SDKs) owned by oneAudience and MobiBurn can be embedded within an app and used to extract personal information. The two SDK companies create kits that can be used by app developers to create malicious apps that request access to Twitter or

Read More
22 Nov 2019

Optus opens privacy can of worms with programmable voice play

Australian telco company Optus recently introduced a service that transcribes phone call interaction between customers and a call center officer. Seow Yoke Kong, Optus VP of IT, labeled the feature as assisting the Optus employee by taking notes from the phone call, saving them “five minutes” not having to take

Read More
21 Nov 2019

Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online

Passwords and other personal data of more than 2.2 million users were revealed as a result of dual data breaches. Users of cryptocurrency walled GateHub and gaming bot provider EpicBot were posted online despite heavy encryption. Security researcher Troy Hunt announced on Tuesday that he had uncovered databases with information

Read More
20 Nov 2019

PayMyTab Exposes Data of US Restaurant Goers

PayMyTab, a mobile payments provider, exposed the data of thousands of customers for 16 months after failing to follow security protocols on Amazon Web Services (AWS). Data exposed in the privacy breach includes personally-identifying information of customers who had requested a receipt from their dining experience be emailed or texted

Read More
20 Nov 2019

Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws

Oracle patched vulnerabilities that allow potential attackers to access a company’s entire enterprise resource planning solution, but research reports that 50% of over 21,000 organizations that use Oracle EBS for financial management, supply chain management, customer relationship management, and more have not yet deployed the patches. The patches were released

Read More
20 Nov 2019

1.19 billion confidential medical images available on the internet

An ongoing study by Greenbone researched the security of Picture Archiving and Communications Systems (PACS) servers used by health providers to store imaging records. In the US, Greenbone security identified 786 million medical images that include at least one piece of personal identification, details of patient names, reason for imaging,

Read More
20 Nov 2019

Google: BigQuery and GCE users get these new controls over sensitive cloud data

Google announced an alternative to existing key management services offered by Google cloud; External Key Manager. To give companies more control of encrypted data, External Key Manager will allow customers to keep encryption keys out of Google’s hands. Yesterday, Google announced Big Query Reservations, an entreprise-friendly pricing model that offers

Read More
19 Nov 2019

Macy’s Customer Payment Info Stolen in MageCart Data Breach

American department store chain Macy’s announced that they suffered a data breach in October, resulting in customer payment information being exposed. The attack, called a MageCart attack, involves hackers compromising a website and using malicious scripts to steal information submitted when a customer purchases an item. Macy’s was not aware

Read More
18 Nov 2019

Attackers using WhatsApp MP4 video files vulnerability can remotely execute code

Last week a severe vulnerability in the WhatsApp messaging software was uncovered, allowing hackers to perform remote code execution attacks. Facebook reported that the bug is a stick-based buffer overflow problem that can be prompted by attackers sending .MP4 video files. The vulnerability can be exploited to conduct denial-of-service (DoS)

Read More