A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after the airline announced its bug bounty program, the...
eDellroot is not the only self-signed trusted root certificate on Dell computers. Researchers at Duo Security found two more on a Dell Inspiron 14-inch laptop purchased by Darren Kemp, one of its researchers who is based in Calgary, Canada, including one cert related to eDellroot that also ships with a corresponding private key, and a...
Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor. Brazilian researcher Bernardo Rodrigues stumbled upon the issues several months ago while researching cable modem security for a conference and disclosed them...
A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear. The RAT, dubbed GlassRAT, was signed with a certificate belonging to a popular Chinese software company with hundreds of millions of users worldwide. The RAT was used to spy on Chinese...
Travelers who stayed at either a Westin, Sheraton, or W hotel over the last year or so are going to want to check their bank statements sooner rather than later. Starwood Hotels and Resorts, a company that owns and operates approximately 1,200 hotels across North America, including the aforementioned brands, announced last week that a handful...
Mac malware is a thing. It’s real. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized. Adding further credence, Google-owned online malware scanner VirusTotal this week announced the availability of sandbox execution...
12 November 2015 - 10:43,
by ,
in Uncategorized, No comments
If you were born in California since 1983, the state owns your DNA. The data of every Californian born since that year is kept in a bland office building in Richmond, a city located in the eastern section of the San Francisco Bay Area. That data’s not just passively kept, mind you: it’s also being...
12 November 2015 - 10:31,
by ,
in Uncategorized, No comments
Microsoft’s new plan to keep the US government’s hands off its customers’ data: Germany will be a safe harbor in the digital privacy storm. Microsoft on Wednesday announced that beginning in the second half of 2016, it will give foreign customers the option of keeping data in new European facilities that, at least in theory,...
12 November 2015 - 9:57,
by ,
in News, No comments
A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes. There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous. Then there...
11 November 2015 - 21:48,
by ,
in Uncategorized, No comments
US federal prosecutors, on Tuesday, unveiled criminal charges against three men accused of orchestrating the biggest theft of customer data from financial institutions in the country’s history – encompassing personal data belonging to more than 100 million people. Unsealing a 23-count indictment in Manhattan, the Justice Department charged Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein with computer hacking...