Sat.Nov 17, 2018 - Fri.Nov 23, 2018

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

How to Shop Online Like a Security Pro

Krebs on Security

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping.

How To 276

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

The Last Watchdog

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom. Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way.

Information Attacks against Democracies

Schneier on Security

Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks.

Groups 114

Lessons Learned From 2018's Top Attacks

Data Breach Today

Cisco's Paul Singleton on Why It's Important to Know Your Adversary How have cyberattacks evolved in 2018? Cisco's Paul Singleton describes the common threats and vectors, as well as why it's important to know exactly who your attacker is - and how they are exploiting your defenses

IT 216

USPS Site Exposed Data on 60 Million Users

Krebs on Security

Postal Service just fixed a security weakness that allowed anyone who has an account at to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image:

Data 268

More Trending

Using Machine Learning to Create Fake Fingerprints

Schneier on Security

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner.

Paper 113

Magecart Spies Payment Cards From Retailer Vision Direct

Data Breach Today

Card-Sniffing JavaScript Posed as Google Analytics Script on Retailer's Sites Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details.

Retail 209

Instagram glitch exposed some user passwords

Security Affairs

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch.

10 things you must do to become cyber secure

IT Governance

Preparing your organisation for cyber attacks and data breaches is complicated, and you should look for advice wherever you can get it. One of the most trusted resources is the NCSC’s (National Cyber Security Centre) ten-step guide.

Risk 102

Worst-Case Thinking Breeds Fear and Irrationality

Schneier on Security

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center.

Two Friends Who Hacked TalkTalk Receive Prison Sentences

Data Breach Today

Telecom Company Says Total Losses Due to Data Breach Stand at $99 Million Two men who pleaded guilty to participating in the massive 2015 hack of London-based telecom company TalkTalk have been sentenced to serve time in jail.

6,500+ sites deleted after Dark Web hosting provider Daniel’s Hosting hack

Security Affairs

On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider.

Massive Vulnerability Exposed at USPS

Adam Levin

Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on to view granular information about the site’s more than 60 million users.

Protecting Big Data, while Preserving Analytical Agility

Thales Data Security

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk.

Amazon Snafu Exposed Customers' Names and Email Addresses

Data Breach Today

Scant Detail on Incident and Unusual Email Notification Raises Eyebrows Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online.

Retail 191

Protonmail hacked …. a very strange scam attempt

Security Affairs

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail.

JavaScript keylogger sees Vision Direct’s customer data stolen

IT Governance

Contact lens supplier Vision Direct has released information about a data breach it suffered earlier this month.

What Happened to Cyber 9/11?

Schneier on Security

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then.)

Malware Moves: Attackers Retool for Cryptocurrency Theft

Data Breach Today

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen.

What is a cyber security incident?

IT Governance

You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. What is the difference between those terms?

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

WIRED Threat Level

Safer browsing, more bitcoin scams, and the rest of the week's top security news. Security

Did China Spy on Australian Defense Websites?

Data Breach Today

One Answer Is Clear: Network Re-Routing Raises Suspicions For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't

Data 186

New set of Pakistani banks’ card dumps goes on sale on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach.

Sales 108

Weekly podcast: Amazon, TalkTalk and City of York

IT Governance

This week, we discuss Amazon’s exposure of customer names and addresses, jail sentences for two TalkTalk hackers, and a data breach affecting a City of York rubbish app. Hello and welcome to the IT Governance podcast for Friday, 23 November. Here are this week’s stories.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

WIRED Threat Level

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security. Security

Texas Hospital Catches Dharma Ransomware Infection

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

CarsBlues Bluetooth attack Affects tens of millions of vehicles

Security Affairs

The CarsBlues attack leverages security flaws in the infotainment systems installed in several types of vehicles via Bluetooth to access user PII. A new Bluetooth hack, dubbed CarsBlues, potentially affects millions of vehicles, Privacy4Cars warns.

Radisson Rewards programme breached

IT Governance

Last month the Radisson Hotel Group, a global player in the hospitality industry with more than 1,400 hotels in 114 countries, discovered that its rewards programme had been breached. The hack occurred on 11 September 2018 but was only detected on 1 October.

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

DLA Piper Privacy Matters

By Denise Lebeau-Marianna and Caroline Chancé. On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. The social network has 4 months to respond. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR.


Cybercrime Conference Returns to Dublin

Data Breach Today

IRISSCERT to Focus on Crime Trends, Incident Response, Spam Fighting and Cybersecurity for Kids The 10th annual IRISSCERT Cyber Crime Conference, to be held Thursday in Dublin, promises to round up crime trends and also offer updates on incident response lessons learned, spam fighting and even cybersecurity essentials for children

Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW

Security Affairs

Hackers targeted Drupal web servers chaining some known vulnerabilities, including Drupalgeddon2 and DirtyCOW issues. Security experts at Imperva reported an attack against Drupal Web servers running on Linux-based systems.

Scotland’s SMEs – how much should be invested in cyber security?

IT Governance

With only 40% of organisations confident that they can prevent cyber attacks and 42% of micro/small businesses identifying at least one breach or attack in the last 12 months, it is only too clear why businesses need to invest more in cyber security.