At the beginning of this week (Monday 16th), TaskRabbit, the IKEA-owned mobile marketplace that matches freelance labour with local demand, had its website and app hacked resulting in both shutting down and going offline. The company had offered a statement to its customers saying, “ we understand how important your personal information is and are working with an outside cybersecurity firm and law enforcement to determine the specifics.”
Today VMware has released the following new security advisory:
While a yoga-exercising, goofy, attention-loving duck who appeared in his first TV commercial back in 1999 has made Aflac a virtual household name, there are other of its corporate stars beyond the public eye at the insurance company who play vital roles in keeping the organization, its clients, critical data, and intellectual property — maybe even that of the duck’s, safe.
Ubuntu Security Notice USN-3627-1
April 19, 2018
I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn’t have been publicly accessible. Let’s start with this video as it pretty succinctly explains the issue in consumer-friendly terms:
The Middle East and Asia have become the new hunting ground for malicious APT activity, with hackers using new techniques to target organisations according to new research. It was revealed that there had been a surge in the activities of Chinese-speaking hackers targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia. Chris Doman, Security Researcher at AlienVault commented below.
WinMagic, a leading encryption solutions provider, today announced the launch of its latest software release, SecureDoc 8.2. Purpose-built for a new, unified approach to encryption and key management, SecureDoc 8.2 will enable industry-leading data security across endpoints, data centres, hyper-converged infrastructures and into the cloud – and view it all from a Single Pane of Glass.
Three top strategies fraudsters use against banks—and how they can be defeated.
Facebook isn’t the only one in the hot seat over data privacy. A flaw in LinkedIn’s AutoFill plugin that websites use to let you quickly complete forms could have allowed hackers to steal your full name, phone number, email address, ZIP code, company and job title. Malicious sites have been able to invisibly render the plugin on their entire page so if users who are logged into LinkedIn click anywhere, they’d effectively be hitting a hidden “AutoFill with LinkedIn” button and giving up their data.
TechCrunch’s top goal at Disrupt SF (September 5-7) is to help early-stage founders get lots of attention, which is why every year we introduce more and better ways to make that happen. This year we’re adding TC Top Picks, a new program that will provide 60 top founders the opportunity to exhibit free of charge for one day in Startup Alley and three free Founder Passes for all three days of the show, including access to CrunchMatch, TechCrunch’s founder-investor matching service.
Open source component vulnerabilities have been a hot topic in the security industry as well as in the media. It used to be the main concern in software development was making sure you testing throughout the SDLC. While this is still a crucial part of making sure your software is secure, component security has grown in importance. As Tim Jarrett, Director of product management at CA Veracode explained “Software development has changed a lot over past 10 years.” Software today is mostly assembled rather than composed. CA Veracode’s data shows that between 80 and 90 percent of an application is made up of someone else’s code. And when there is a vulnerability in one of these components it ends up spreading to all the applications which contain that component. No wonder we are seeing such widespread proliferation of vulnerabilities and seeing major breaches.
To secure U.S. election systems from the very real threat of targeted cyberattacks, states might need to reframe their security practices to look more like they would in a tightly-controlled corporate environment.
At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need.
As I drive through the vineyard-covered hills of San Luis Obispo, Calif., the tiny Global Positioning System receiver in my phone works with Google Maps to alert me to upcoming turns. The app reassures me that I’ll arrive at my destination on time, in spite of a short delay for construction.
Today’s topics include DHS Secretary Nielsen prioritizing the United States’ response to nation-state cyber-attacks, and RSA Security’s president detailing cyber-security silver linings.
Russia is an endlessly fascinating subject both in and around infosec. Recent years have shifted attention away from pure malware capabilities, to psyops, social engineering, and an endless slew of mind games designed to destabilize and keep nations ever-so-slightly off balance.
A class-action lawsuit led by a number of Lyft drivers against Uber regarding the alleged “Hell” spying program is moving forward in an amended way. The lawsuit, brought by Lyft driver Michael Gonzales on behalf of other Lyft drivers, alleges Uber wrongfully intercepted the communications and whereabouts of Lyft drivers, and resulted in the loss of revenue.
In 1991, I sat down with Ivan Getting, then age 79 and retired but still serving on the boards of directors of several companies. The U.S. satellite navigation system, now referred to as GPS, then more commonly called Navstar, wasn’t complete, but covered most of the world and had proved essential to the U.S. military in the Persian Gulf War. We thought Spectrum’s readers would want to know more about how Getting came to play such a big role in making Navstar.
I don’t know where you are, but the data analysis of the RSA Conference by the prestigious Cyentia Institute is amazing. They wrote algorithms to tell us what the “most important” talks are each year from 25 years of security conference data, and illustrate our industry’s trend over time. Who can forget “A top 10 topic in 2009 was PDAs”?