Author: Devon

1 My info was in the Capital One breach. What should I do? While the security world focuses on the aftermath of the Capital One data breach, the majority of those impacted by the incident are left with one big question: What do I do? The amount of information taken from the bank’s system is extensive: names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income on 100 million…

1 Equipment Benefits Administrator Reports Data Breach A Michigan-based administrator for durable medical equipment benefits is the latest business associate to report a large health data breach affecting patients as well as healthcare providers. In a July 12 statement, Madison Heights, Michigan-based Northwood Inc. says that on May 6 it discovered "suspicious activity" involving an employee email account. "Working together with a leading computer forensics expert, our investigation determined that an unauthorized individual or individuals…

1 Your Android’s accelerometer could be used to eavesdrop on your calls Just because you don’t give an application access to your microphone doesn’t mean that it can’t listen to you. Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more. When you install an Android app, it has to ask your permission if it wants access to…

    1 Still not using HTTPS? Firefox is about to shame you Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver. Soon, whenever you visit one of the shrinking number of sites that doesn’t use a security certificate, the Firefox browser will warn you. Firefox developer Johann Hofmann announced the news this week: In desktop Firefox 70, we intend to show an icon in the “identity…

  1 Alarm sounds over census cybersecurity concerns Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete…

1 MyDashWallet was compromised for 2 MONTHS MyDashWallet, a service that purports to be the fastest way of using DASH cryptocurrency, has revealed its platform was compromised for two whole months, and is now urging users to move their funds as soon as possible (if they’re still there). “The hacker was able to obtain private keys used between May 13 and July 12,” wrote Dash marketing manager Michael Seitz in a July 12 Dash forum…

  1 Self-driving shuttle crashed in Las Vegas because manual controls were locked away The National Transportation Safety Board (NTSB) has wrapped up a more than year-long investigation into a low-speed crash between a self-driving shuttle and a delivery truck in Las Vegas on November 8th, 2017. The agency determined two main probable causes for the accident: the truck driver’s assumption that the shuttle would move to avoid him, and that the safety operator inside…

              July 11, 2019   1 Bank voice authentication can be hacked via deepfake audio An investigation conducted by IT security audit specialists from cybersecurity firm Symantec has detected at least three cases of financial fraud involving the use of fake audio generated by artificial intelligence software, a practice known as deepfake, frequently used on adult content sites. This kind of software can be trained using a considerable amount of audio records; in this case,…

1 Hacker Who Disrupted Sony Gaming Firm Gets Federal Prison A hacker who disrupted Sony Online Entertainment and other gaming companies has been sentenced to more than two years in federal prison. Twenty-three-year-old Austin Thompson of Utah received the 27-month sentence on Tuesday in San Diego. Prosecutors said Thompson carried out a series of distributed denial-of-service computer attacks against Sony and other targets in 2013 and 2014. The attacks flood computer servers with traffic, making…

1 New FaceTime feature forces you to make eye contact FaceTime and other forms of video calling are already inherently weird, but Apple seems committed to making it as uncomfortable as possible. Apple is running an iOS 13 beta ahead of the big update's launch later this year and one new feature made waves on Twitter on Tuesday. "FaceTime Attention Correction" promises to make your eye contact "more accurate" during video calls, according to the…

1 US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outlook that if exploited could allow an attacker to bypass security features and execute arbitrary commands on targeted Windows computers. Microsoft issued a patch for the vulnerability…

1 Hackers are repeatedly targeting Navy contractors Huntington Ingalls, the Navy’s largest shipbuilder, was compromised by a large-scale hacking campaign waged by several organs of the Chinese government, according to a Reuters report. However, the company denied the allegation in a June 27 email to Fifth Domain, saying, “there was no breach of information” from Newport News Shipyard, nor were their systems connected to a foreign server controlled by a Chinese group, known as APT10. The…

1 U.S. CYBERATTACK ON IRAN JUST PUT A TARGET ON AMERICAN BUSINESSES President Donald Trump came within minutes of starting another war in the Middle East last week when he ordered, and then abruptly canceled, a missile strike against Iranian bases. Instead, he launched another strike: a long-planned cyberattack, designed to quietly cripple Iran’s missile defense systems. Anonymous U.S. officials claimed an instant victory, although Iran insists it failed to penetrate its systems. The impact…

1 Beware of Fake John McAfee and Tesla Cryptocurrency Giveaways A resurgence of scam campaigns that pretend to be Bitcoin and Ethereum giveaways from Tesla, Elon Musk, and John McAfee are underway. These scams rise in popularity as cryptocurrency prices increase. BleepingComputer was told by security researcher Frost that there has been a resurgence of cryptocurrency giveaway scams being promoted on Twitter. These scams state that if a person sends between .05 to 5 Bitcoins…

1 Hacker Steals Customer Payment Info in EatStreet Data Breach Online food ordering service EatStreet disclosed a security incident from May which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners. EatStreet is currently "servicing over 15,000 restaurants in more than 1,100 cities" according to the company's website and it is a "one-stop-shop for online ordering and marketing" by offering partnered restaurants "web, mobile, and social…

1 Phishing Scam Asks You to Login to Read Encrypted Message A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message. As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into…

1 Yubico Replacing YubiKey FIPS Devices Due to Security Issue Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. In a security advisory published on Thursday, the company informed customers that the issue impacts YubiKey FIPS series devices running versions 4.4.2 and 4.4.4 of…

1 Aerial assessment: The insurance adjuster is a drone Drone delivery may be taking off slowly in the U.S. thanks to strict FAA oversight, but drones have become a key tool for inspection in many industries. Now, that includes the insurance sector, where damage assessments are frequently performed by drones equipped with machine vision and AI. That fact was driven home with an announcement from Kespry, a drone-based aerial intelligence company, which has teamed up…

1 'Surveillance capitalism': critic urges Toronto to abandon smart city project A “smart city” project in Canada has hit yet another snag, as mounting delays and privacy concerns threaten the controversial development along the Toronto’s eastern waterfront. The 12-acre Quayside project, a partnership between Google’s Sidewalk Labs and the city of Toronto, has come under increasing scrutiny amid concerns over privacy and data harvesting. This week, the US venture capitalist Roger McNamee warned that technology…

1 Gang charged with $19 million iPhone scam A gang in New York allegedly spent the past seven years using the ripped-off identities of cellphone subscribers to steal $19 million worth of iPhones, according to a now-unsealed complaint originally filed by federal prosecutors at the end of April 2019. The six defendants have been charged with felony counts of mail fraud, conspiracy, and aggravated identity theft. New York City Police Department (NYPD) detective Armando Coutinh,…

1 News aggregator Flipboard disclosed a data breach The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information. Hackers had access to the company systems between June 2, 2018, and March 23, 2019, and again on April 21-22, 2019. On April 23, the internal staff noticed suspicious activity in its infrastructure. “We recently identified unauthorized access to some of our…

1 Hackers breach US license plate scanning company One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach after news site The Register was sent files stolen from it last week. The company is probably best known for designing the licence plate imaging systems used at the US border crossings with Mexico and Canada. According to the site, a hacker using the identity “Boris Bullet-Dodger”…

1 Hospitals testing virtual reality to improve pain management, reduce opioid usage When sickle cell disease patients experiencing a pain crisis show up at the emergency department hoping for relief, they’re often treated with a heavy dose of opioids and other medications. But St. Jude Children’s Research Hospital is trying something new. To enhance the effect of medication, cut the amount of opioids used in treatment and lower the chances a patient is admitted, the…

1 You're Not At Fault, Google Search Tripped and Broke Its Index This is an article about a Google problem that most of you won't see until it is fixed. That is because Google Search is having a problem where new content is not being indexed in their searched results. We first noticed this when one of our recently published stories was not showing up in Google. When taking a look at other sites, Bleeping…

1 Xbox chief Phil Spencer outlines plans for fighting toxicity in gaming Microsoft’s Xbox chief Phil Spencer says he’s acutely aware of the problems the gaming industry faces from a cultural perspective — issues like toxicity, abuse and harassment, and exclusionary attitudes that can keep gaming’s benefits from spreading beyond its most hardcore, traditional demographic. So today, Spencer says Microsoft is launching an industry-wide initiative to combat these issues by sharing solutions and technology and…

1 In Middle of Trade War, America’s Busiest Port Gets Ready for Robots Pier 400 in Los Angeles is North America’s largest shipping terminal. More than 1,700 trucks pass through, on average per day, even in the middle of the U.S.-China trade war. All that cargo translates into thousands of miles driven within the facility each day, mostly by diesel vehicles, spewing pollutants. For APM Terminals, the part of global shipping company A.P. Moller-Maersk A/S…

1 Google is using Your Gmail Account to Track Your Purchases This week, a user posted on Reddit about how they discovered that their Google Account's Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay. When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from…

1 Company behind LeakedSource pleads guilty in Canada Defiant Tech Inc., the company behind the LeakedSource.com portal, pleaded guilty this week, according to a press release from the Royal Canadian Mounted Police (RCMP). The LeakedSource website launched in late 2015 and rose to infamy in 2016. Its operators gathered data from hacked companies, either from the public domain or by buying it from hackers. LeakedSource provided access to this illegally obtained information via a search…

Do you live, work, love Toronto? Do you want to work for a leading Global Incident Response investigations Company?  Send me a message and let's talk!  Contact me through LinkedIn (top left of this website).

1 Former NSA analyst charged in leak of classified documents to reporter A former National Security Agency analyst has been charged and arrested for illegally obtaining classified national defense information, including files on drone warfare, and disclosing it to a reporter. The charges, which were filed originally in March of this year in federal court in Alexandria, Virginia, include obtaining, retaining, transmitting, and causing the communication of national defense information, disclosure of classified communications intelligence…

1 Unhackable? New chip makes the computer an unsolvable puzzle A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan. Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second–infinitely faster than a human hacker…

1 Ladders Database Exposed 13M User Records Sanyam Jain, a security researcher and a member of the GDI Foundation, discovered a database belonging to the employment-recruitment site Ladders left exposed online on a misconfigured AWS-hosted database. The archive contained 13 million user records, data related to job seekers who had signed up for the service. Exposed records included contact details, current compensation, and applicants’ employment histories. “Ladders, one of the most popular job recruitment sites…

1 Instagram will test hiding public like counts in Canada Instagram announced at its F8 developer conference today that it’ll start testing a new feature later this week that’ll hide users’ public like counts on videos and photos. The test will only be in Canada, and likes will be hidden in the Feed, permalinked pages, and on profiles. Instagram says it wants followers to “focus on the photos and videos you share, not how many…

1 Nearly all 2020 presidential candidates aren’t using a basic email security feature New data out by Agari  confirms just one presidential hopeful — Democratic candidate Elizabeth Warren  — uses domain-based message authentication, reporting, and conformance policy — or DMARC . This email security feature sits on top of two existing security protocols, Sender Policy Framework (SKF) and DomainKeys Identified Mail (DKIM), which cryptographically verifies a sender’s email, and can mark emails as spam or…

1 Docker Hub Database Hack Exposes Sensitive Data of 190K Users An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories. According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019. After performing an investigation it…

1 FedEx CIO: It’s time to mandate blockchain for international shipping When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry – making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1⁄2 inches. FedEx CIO Rob Carter believes the same kind of thing needs to happen for…

1 Unsealed warrant in Massachusetts adds to growing privacy debate A US judge gave the cops permission to force people's fingers onto seized iPhones to see who could unlock them, a newly unsealed search warrant has revealed. Specifically, Judge Judith Dein, of the federal district court of Massachusetts, gave agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) the right to press Robert Brito-Pina's fingers on any iPhone found in his apartment in…

1 Teen Sues Apple for $1 Billion, Saying Facial Recognition Mistook Him for a Thief An 18-year-old student from New York is suing Apple for $1 billion, claiming he was wrongfully accused of stealing gadgets from a number of Apple stores in Boston, Manhattan, New Jersey and Delaware last year, writes The New York Post. Ousmane Bah says the company’s facial recognition technology misidentified him after his ID was lost. It is believed his driving…

1 Bodybuilding.com Security Breach, All Customer Passwords Reset Bodybuilding.com fitness and bodybuilding fan website notified its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. As detailed in the data incident notification published on the company's help center, the security breach might "have affected certain customer information in our possession" and, as concluded after investigating the incident with the help of…

1 Listen to this AI spit out brutal death metal non-stop Puzzlomaly is a death metal album that sounds like others from the genre: it’s filled with screeching vocals, bludgeoning beats and dizzying guitar solos. However, the record – which you can listen to on Bandcamp or in the widget below – wasn’t produced by actual musicians. Rather, it was created by a pair of technologists, CJ Carr and Zack Zukowski, using a deep a…

1 Shopify API flaw offered access to revenue data of thousands of stores A security flaw in a Shopify API endpoint has been discovered by a researcher which can be exploited to leak the revenue and traffic data of thousands of stores. Application security engineer and bug bounty hunter Ayoub Fathi disclosed his findings in a Medium blog post this week. Shopify, which accounts for over 800,000 merchants in more than 175 countries, set up…

1 Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns out that the collection of email contacts…

1 Game of Thrones Phishing Scams and How to Avoid Them The long night has finally ended. Game of Thrones fans can finally come in from the cold and, like a starving dragon, start devouring the latest and final season of the massively popular TV show. But unlike the fantasy series, what is far more real is the plethora of phishing scams facing enthusiasts. While there have been many such deceptions, from malware via pirate…