Archive for November, 2018

In any discussion of cyber security, details matter. Unfortunately, it’s the details that are missing from the discussion around lawful access to commodity end-to-end encrypted services and devices (often called the “going dark” problem). Without details, the problem is debated as a purely academic abstraction concerning security, liberty, and the role of government. Continue reading

The identified backdoor accounts are accessible through Telnet, hence a compromise of the device via a local network attack is possible. Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope. Therefore, all procedures which are executed with this device are untrustworthy. Continue reading

These physical devices by Yubico and Google are helping guard you against online hackers. Just don’t lose them. Continue reading

Marriott, the world’s largest hotel company, said it identified a data breach in its Starwood reservation system that may have exposed the personal information of up to 500 million guests.  Continue reading

How to reach Marriott’s call center and FAQ page and enroll in a free fraud monitoring service. Continue reading

Newly unredacted court records suggest that Facebook used people’s profiles as leverage to expand its mobile-ad business.

Continue reading

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information.

Continue reading

cookie maker malicious network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS. Continue reading

In 2018 the threat landscape evolved at a breakneck pace, from predominantly DDoS and ransom attacks (in 2016 and 2017, respectively), to automated attacks. We saw sensational attacks on APIs, the ability to leverage weaponized Artificial Intelligence, and growth in side-channel and proxy-based attacks. Continue reading

data breach hackenproof

A massive 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine. Prior to this publication, there were at least 3 IPs with the identical Elasticsearch clusters misconfigured for public access. First IP was indexed by Shodan on November 14th, 2018. An open Elasticsearch instance exposed personal info of 56,934,021 US citizens, with information such as first name, last name, employers, job title, email, address, state, zip, phone number, and IP address. Continue reading