News

2.7 million Brits caught up in 'serious failure of data security' says UK data watchdog

The UK’s data watchdog has slapped a £385,000 penalty on app-not-driving-service baddie Uber for security weak spots that attackers exploited to expose the details of millions of customers.…

Then took her employers to the Employment Tribunal

An NCC Group graduate trainee who emailed 300 coworkers to ask for help with what she deemed to be "unusual" behaviour from her Kali Linux VM; contacted the firm’s incident response team to complain about a faulty laptop; and said the machine had been "deliberately sabotaged", has had her victimisation claim thrown out by an employment tribunal.…

Mark Dreyfus offers to rubber-stamp legislation if only counter-terror agencies get decryption

Mark Dreyfus, the Labor opposition's shadow Attorney General, has offered a compromise on Australia's controversial encryption backdooring bill that could see it passed, but with its operation restricted to counter-terrorism agencies.…

It's Germany's first GDPR fine, for an incident that affected millions of accounts.

Node.js package tried to plunder Bitcoin wallets

A widely used Node.js code library in NPM's warehouse of repositories was altered to include crypto-coin-stealing malware. The lib in question, event-stream, is downloaded roughly two million times a week by application programmers.…

A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October.

The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off.

Sixty-six percent of phone users said they had suffered data-related harm: 11 percent suffered identity theft, 22 percent account hacking, 14 percent credit cards hacking and 12 percent financial fraud. 

Just five years after it paid a £90k penalty for dodgy dialling

A Glaswegian business has been fined £160,000 for making 1.6 million nuisance calls to people on the UK's opt-out database – five years after it received a £90,000 fine which was also for dodgy dialling.…

Ten intensive courses cover all the cyber security skills you need

Promo  Defending organisations against security attacks is an ongoing challenge, with new threats constantly emerging to test the beleaguered security professional.…

The credentials could be used to glean a variety of intel on the victims.

From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week's biggest stories.

New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers.

PLAIN TEXT passwords showed up on file-hosting site

German chat platform Knuddels.de ("Cuddles") has been fined €20,000 for storing user passwords in plain text (no hash at all? Come on, people, it's 2018).…

More than one-third of respondents in a new survey haven’t started or are just creating their security strategy plans.

Loose .zips sink chips 2: Electric Boogaloo

The "Zip Slip" vulnerability that first emerged in June has claimed another victim – the Apache Hadoop YARN NodeManager daemon.…

The first rule of death club is not to be seen alive

After faking one's own death to defraud a life insurance company, it's best to avoid being photographed alive and well, particularly when border agents may be reviewing those photos.…

Zero trust refers to the notion of evaluating  the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials.

In the first part of our podcast series, we talked to Rapid7's chief data scientist about how Magecart has changed.

Alice becomes Bob

Germany has patched a key "e-government" service against possible impersonation attacks, and both private and public sector developers have been told to check their logs for evidence of exploits.…