23 hours ago Whistleblower Everett Stern: 'Do the Right Thing'InfoRiskToday View Synopsis+1
"If You See Something, Say Something' Applies to Banks, Money LaunderingIt's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.
Company makes TLS support and fine-grained user/role management free for everyone.
12 hours ago iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2The Register View Synopsis+1
Cheapskate fandroids get a pass on this one, though
Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by reinstalling iOS.…
12 hours ago US Warns Chinese Drones May Steal Data: ReportSecurityWeek View Synopsis+1
Washington has warned that Chinese-made drones could be giving spy agencies in Beijing "unfettered access" to stolen data, according to a report in American media.
The Department of Homeland Security sent out an alert on Monday flagging drones built in China as a "potential risk to an organization's information", CNN reported.
Issue similar to Alpine Linux's CVE-2019-5021 impacts 194 other Docker images.
Unless you explicitly want it installed, you probably won't get this update.
1 day ago User Data Exposed in Stack Overflow HackSecurityWeek View Synopsis+1
Hackers had access to Stack Overflow systems for nearly one week before the attack was detected and some user data was exposed after all, the company has admitted.
As US/China Trade Tensions Escalate, Experts Warn of 'Unintended Consequences'After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license. Many chipmakers and other technology firms have also said they will cease or at least pause the sharing of software, hardware and services.
Bot and phishing attacks can compromise your G Suite account, but there is an easy way to block the majority of these attempts, according to Google.
1 day ago Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injectorThe Register View Synopsis+1
If it walks like a duck and quacks like a duck then...
Analysis The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs - potentially unwanted programs. But there isn't always a clear difference between malware and less threatening descriptors.…
NEC's NeoFace facial recognition software will be used by Melbourne-based Cambridge Boxhill Language Assessments in a bid to ensure those sitting tests are those enrolled.
Email Addresses, Phone Numbers Potentially ExposedThere's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.
Quantum computers are theorized to be capable of breaking RSA encryption. Experts disagree on when it could happen, but agree on a need for quantum-proof encryption.
11 hours ago Database May Have Exposed Instagram Personal DataInfoRiskToday View Synopsis+1
Email Addresses, Phone Numbers for 49 Million People Potentially ExposedThere's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.
G Suite passwords were encrypted when stored in disk, so at least they weren't stored in plaintext.
Google on Tuesday said that some customer passwords for its G Suite customers were stored in an unhashed format.
2 hours ago How does API Management Complement IAM?InfoRiskToday View Synopsis+1
Flat-out, traditional IAM practices are insufficient to secure a modern enterprise that relies on such diverse endpoints and connected devices. But API management can play a strong complementary role, says Jay Thorne of CA Technologies, a Broadcom company.
Mozilla this week released Firefox 67 to the stable channel with improved protection against tracking and with fingerprinting and crypto-mining protection capabilities.
To fully protect yourself from potential Zombieload attacks, vendors and early benchmarks show you'll face performance losses of up to 40%.
After eight months of alpha testing, Tor Browser for Android is now ready for rollout.
URLZone Morphs Into a Downloader for Ursnif
Researchers have discovered a malware campaign targeting Japan and combining phishing, steganography, PowerShell, and the URLZone and Ursnif malwares.
8 hours ago How to improve cloud provider security: 4 tipsTechRepublic View Synopsis+1
Many IT pros remain concerned with the risk of data loss and leakage in the cloud, according to a new survey from AlgoSec.
A commercial phishing platform that targets Apple users has proven popular enough for other criminals to pirate, though the pirated version transmits harvested data through a hidden back channel.