Cybersecurity News
What's in Store for Privacy in 2021
Changes are coming to the privacy landscape, including more regulations and technologies.Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues
Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.
Baidu Apps in Google Play Leak Sensitive Data
Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.
Up to 350,000 Spotify accounts hacked in credential stuffing attacks
This won't be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree
The post Up to 350,000 Spotify accounts hacked in credential stuffing attacks appeared first on WeLiveSecurity
Printers' Cybersecurity Threats Too Often Ignored
Remote workforce heightens the need to protect printing systems against intrusion and compromise.Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
Stantinko's Linux malware now poses as an Apache web server
Eight-year-old Stantinko botnet updates its Linux malware.Spotify launches ‘rolling reset’ on customer accounts, passwords linked to data leak
A third-party server containing Spotify credentials was uncovered by researchers.Tesla Hacked and Stolen Again Using Key Fob
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
Baidu's Android apps caught collecting sensitive user details
Data collection issue identified in Baidu Maps and Baidu Search Box apps, both removed from the Play Store in October 2020.New WAPDropper malware abuses Android devices for WAP fraud
New WAPDropper malware signs up Android users to premium services provided by telecoms in Thailand and Malaysia.SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire
The agency claims that business deals were made up to lure investors into funding the startup.Hacker leaks the user data of event management app Peatix
More than 4.2 million user accounts have been made available for download online earlier this month.'Antiquated process': data regulator on obtaining Cambridge Analytica warrant
UK information commissioner calls for international approach to emerging threat
The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.
Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.
Continue reading...Security Researchers Sound Alarm on Smart Doorbells
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.Ransomware Grows Easier to Spread, Harder to Block
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.
Evidence-Based Trust Gets Black Hat Europe Spotlight
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.GoDaddy Employees Tricked into Compromising Cryptocurrency Sites
‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.