It looks like you can attribute contributions on github.com to anyone you feel like, without having their password.
For a project that’s been around for a while, it’s a real shitshow at identity verification. Or… is this a way to get people to pay for the enterprise edition?
An instant messaging app whose creators promoted it as secure and end-to-end encrypted was in fact no such thing, according to researchers at Royal Holloway.
The University of London college found, according to a paper it published yesterday, that the app “permits its users to be tracked, offers no authenticity, no effective confidentiality protections and lacks resilience against adversarially crafted messages”.
The US Department of the Interior (DoI) spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses.
This is according to a report [PDF] from the department’s inspector general (via NextGov) which found that, among other failings, the DoI internal wireless network could be broken into over the air using a smartphone and less than $200 of gear stuffed into a backpack.
A woman in Germany died after a ransomware infection prevented her hospital from giving emergency treatment.
The unnamed patient died en route to a hospital in another city after she was unable to get treatment in Düsseldorf due to the malware affecting computer systems. A manslaughter investigation is now underway against the ransomware’s operators, who have yet to be identified.
In their very, very thin defense, the crooks behind the file-scrambling nasty turned over the decryption key to the cops when they were informed they had hit a hospital with their crimeware. Since then, the operators have gone dark. Chances are they are not in Germany and there’s not much hope for an arrest and extradition.
The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that allegedly led to one patient’s death, according to local sources.
The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer’s eponymous ransomware had been introduced to the University Hospital Düsseldorf’s network through a vulnerable Citrix product.
Parents are turning to their kids for tech support rather than the company IT department while working from home, we’re told.
A survey by consultants Prolifics Testing set out to determine what it would cost for the tech support services the average teen provides their parents, and it concluded this month kids will, on average, do about £4,200 a year in IT work.
Microsoft earlier this month exposed a 6.5TB Elastic server to the world that included search terms, location coordinates, device ID data, and a partial list of which URLs were visited.
According to a report from cyber-security outfit WizCase, the server was password-protected until around 10 September, when “the authentication was removed,” we’re told.
An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.
This is according to Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA), which on Thursday went into technical detail on how an intruder: broke into staffers’ Office 365 accounts; gained access the agency’s internal network via its VPN; and installed malware and exfiltrated data.
Security through stupidity, I guess.
Here’s a detailed rundown of the hack, which is mind boggling in its simplicity. It’s a wonder nobody found it (or at least reported it) up until now.
The EFF has disabled by default an anti-tracking feature in its Privacy Badger browser extension – after Googlers warned it could be abused to track people.
The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic.
This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora said. Exploiting this security hole is essentially non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today’s gizmos.
If you’re wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you’ve patched them.
This seems major
I read this as the “Red Unlock” service mode being a backdoor that is supposedly only accessible by Intel for their own purposes. And by extension as an excellent example why backdoors are never a good idea in the long run.
Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key.
Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being posted on stolen data bazaar raidforums[.]com.
At the time of writing, users of the forum were claiming to have decrypted at least part of the encrypted databases stolen.
Got that email this morning from haveibeenpwned
Pain in the hole.
Two separate internet affiliate networks have closed vulnerabilities that exposed potentially millions of records in one of the most sensitive areas: payday loans.
