Secret global government surveillance: I’ll spy for you, if you spy for me

If you care about privacy and human rights, then information from a new report about secret global surveillance networks and the sharing of intelligence between governments is not good at all. In fact, the sharing of surveillance with intelligence and other governments is so “alarmingly under-regulated” that it is ripe for human right abuses. Privacy International […]

MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to […]

Atlanta spent at least $2.6 million on ransomware recovery

Atlanta spent more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city’s online services. The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, but it’s understood that the ransom was […]

Windows warning: Tech-support scammers are ramping up attacks, says Microsoft

Microsoft says it received 153,000 reports in 2017 from customers who’d come in contact with tech-support scammers via a cold call, spam, or the web. The reports from customers last year were up 24 percent on 2016, with filings coming from 183 countries. Despite being a well-known fraud, some 15 percent of Microsoft customers who […]

Biometrics Are Coming & So Are Security Concerns

From unlocking your smartphone with your face to boarding a flight with your fingerprints, the use of biometric data for authentication is becoming commonplace. In both identity management and identity verification, biometric applications are making marked improvements over current security protocols. Traditional methods of identity management, while effective, are often a bother for end users. […]

Oracle critical update fixes 254 flaws – so get patching now

Oracle has published its critical patch update for April, offering 254 security fixes across 20 product sets. The database giant said customers should install the update as soon as possible, as attackers continue to attempt to exploit patched vulnerabilities. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to […]

LinkedIn AutoFill bug could leak personal data to third parties and attackers

A flaw in LinkedIn’s AutoFill button created the potential for an attacker to harvest sensitive profile data without the user even knowing it. LinkedIn has long offered an AutoFill button plugin for paying marketing solutions customers, who can add the button to their websites to let LinkedIn users fill in profile data with a single click. The […]

SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients

SunTrust Bank said a former employee may have stolen names, addresses, phone numbers, and account balances of some 1.5 million of its clients. The employee tried to download the client contact information six- to eight weeks ago in an attempt to provide the data to a criminal from outside the organization, Reuters reports. SunTrust CEO […]

How to Protect Industrial Control Systems from State-Sponsored Hackers

On March 15, a significant alert was issued by the US-CERT regarding Russian state-sponsored threat activity against critical infrastructure sectors, including energy, aviation, and critical manufacturing. The attacks were not random; these were deliberate, multistage, focused attacks designed to gain a foothold within high-impact assets that can be used for any number of nefarious actions. According to […]

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices

An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it. The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference […]