Cybercriminals are increasingly targeting third-party financial aggregation services to steal money from consumers’ online bank accounts and one of the weakest links are passwords. Many people use the same passwords across online accounts and cybercriminals just cycle through names and passwords until they hit the jackpot.
ISBuzz Team
CafePress, a well-known custom T-Shirt and merchandise site, suffered a data breach that exposed the personal information of 23 million of their customers. Users became aware of the breach today, not through CafePress, but through notifications from Troy Hunt’s Have I Been Pwned service. The database contained a total 23,205,290 CafePress customer records, including email addresses, names, phone numbers, and physical addresses. About half the records also had encrypted passwords attached, with most of them hashed using an older form of encryption known as “base64 SHA1,” according to Forbes, that’s easily broken in 2019.
Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone. The iPhones, which will essentially be “dev devices” will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.
It has been reported a group of researchers are quietly commercialising an artificial intelligence-driven lie detector, which they hope will be the future of airport security. Discern Science International is the start-up behind a deception detection tool named the Avatar, which features a virtual border guard that asks travellers questions. The machine, which has been tested by border services and in airports, is designed to make the screening process at border security more efficient, and to weed out people with dangerous or illegal intentions more accurately than human guards are able to do. But its development also raises questions about whether a person’s propensity…
It has been reported that fashion and sneaker trading platform, StockX, pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambling for answers. StockX told users that the email was legitimate and not a phishing email as some had suspected, but did not say what caused the alleged system update or why there was no prior warning. A spokesperson eventually told TechCrunch that the company was “alerted to suspicious activity” on its site but declined to comment further. But that wasn’t the whole truth. An unnamed data breached seller contacted TechCrunch claiming more than 6.8…
Researchers from cybersecurity firm Tenable said the Amcrest IP2M-841B IP camera, available on Amazon and subject to 12,000 customer reviews — many of which are positive — contained a serious bug which is “trivial” to exploit and could allow attackers to listen in over HTTP, ZDNet reported.
Introduction Since the GDPR rules were introduced in May 2018, data subject access requests (DSARs) have been on the rise. The ICO reports that data protection complaints from the public have gone up: 41,000 since May 2018, compared with 21,000 for the preceding year. Of these, 38% related to DSARs compared with 39% the preceding year; this establishes that DSARs make up a significant proportion of data protection complaints and that this has not really changed since the GDPR came into force. In employment litigation matters in particular, DSARs appear to be the fashion, whereby individuals request information for the…
Comparitech recemtly released results of their tests on 21 popular, free Android antivirus apps, which found serious vulnerabilities. They looked at the application itself, its effectiveness, the web management dashboard, and all backend services involved. They also analyzed dangerous permissions and trackers embedded in each mobile antivirus app: We tested 21 Android antivirus apps and found these serious vulnerabilities Key findings include: In total, 47% of the vendors tested failed in some way These mobile antivirus apps couldn’t detect a dangerous test virus: AEGISLAB Antivirus Free Antiy AVL Pro Antivirus & Security Brainiacs Antivirus System Fotoable Super Cleaner MalwareFox Anti-Malware NQ…
Cloud infrastructure misconfiguration has emerged as an increasingly common and destructive problem in the past year. With so many organizations moving their operations to the cloud, implementation and configuration errors are often made that can easily be exploited to gain unauthorized access to data, leaving infrastructures vulnerable to unforeseen cyber risk. Additionally, many organizations continue to place too much faith in their cloud providers, assuming the onus is not on them but rather on their providers to ensure security. Such misguided assumptions can lead to dire consequences, however, with Gartner estimating that by 2020, 95 percent of all cloud security…
It has been reported the United States Department of Homeland Security’s (DHS) has issued an alert for the same, warning owners of small aircraft to be on guard against a vulnerability that could enable attackers to easily hack the plane’s CAN bus and take control of key navigation systems. The vulnerability, discovered by a cybersecurity researcher at Rapid 7, resides in the modern aircraft’s implementation of CAN (Controller Area Network) bus—a popular vehicular networking standard used in automobiles and small aircraft that allows microcontrollers and devices to communicate with each other in applications without a host computer. Rapid7 researcher Patrick Kiley demonstrated that a hacker with…