fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

DNS-over-HTTPS will eventually roll out in all major browsers

All six major browser vendors have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user’s privacy on the web.

The DoH protocol has been one of the year’s hot topics. It’s a protocol that, when deployed inside a browser, it allows the browser to hide DNS requests and responses inside regular-looking HTTPS traffic.

Source: DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet

Most organisations still misunderstand cloud security

A report based on a survey of over 700 respondents from the United States, Canada and UK, foundthat 60% of respondents misunderstand the shared responsibility model for cloud security and incorrectly believe the cloud provider is responsible for securing privileged access.

Furthermore, 68% of organisations are not employing a common security model or enforcing least privilege access to reduce risk, and the majority list security as their main challenge with cloud migrations.

Source: #Privacy: Most organisations still misunderstand cloud security, report reveals

Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones

Chinese security researchers from X-Lab security at Tencent challenged fingerprint security in a presentation at the GeekPwn 2019 conference in Shanghai, writes Forbes. The team claims it can hack into almost any Android or iOS device in just about 20 minutes by using what appears to be a fairly simple fingerprint hacking method.

Without giving too many details about the actual technical approach to the audience, researchers used a smartphone to take a photo of fingerprints left on a glass and ran the photo through an app they developed. They were then able to gain access into three different phones equipped with different scanning technologies, one each with capacitive, optical, and ultrasonic sensors.

Source: Chinese researchers reveal method to bypass biometric fingerprint scanners in smartphones | Biometric Update

Google teams up with security companies to catch bad apps before they hit the Play Store 

Google announced that it’s teaming up with three security companies to help identify malicious apps before they’re published on the Play Store and can potentially do harm to Android users. The company is calling this partnership the App Defense Alliance.

Android is on over 2.5 billion devices, according to Google, and the company says that makes the platform “an attractive target” for abuse.

Source: Google teams up with security companies to catch bad apps before they hit the Play Store – The Verge

The DNA database used to find the Golden State Killer is a national security leak waiting to happen

A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.

Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.

Source: The DNA database used to find the Golden State Killer is a national security leak waiting to happen – MIT Technology Review

Over 21 million stolen login credentials found on the dark web

Stolen login credentials from Fortune 500 companies have been found in numerous places on the dark web, many of which are available in plaintext form.

Amid the 21 million records exposed, it is noted that only 4.9 million of them were fully unique passwords, suggesting that many users have identical or similar passwords. 16 million of them being compromised during the last 12 months.

Source: State of Stolen Credentials in the Dark Web from Fortune 500 Companies | ImmuniWeb Security Blog

Study reveals 2019’s darkest cyber-threats

Webroot has released its third annual Nastiest Malware list, shedding light on 2019’s worst cybersecurity threats.

From ransomware strains and crypto-mining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.

Full article: #Privacy: Study reveals 2019’s darkest cyber-threats

Facebook accepts Cambridge Analytica fine

Facebook has said it will pay the £500,000 financial penalty that the social network was issued by the UK’s data privacy watchdog, the Information Commissioner’s Office (ICO).

The fine came as a result of Facebook’s role in the Cambridge Analytica scandal, news of which first broke in March 2018.

Source: #Privacy: Facebook accepts ICO Cambridge Analytica fine

Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks

Security experts say our growing reliance on cell phones to help confirm our identity online is motivating “SIM-swap” scams to highjack our numbers.

SIM-swap — a “social engineering” trick fraudsters use to take control of somebody else’s phone number. Once scammers control your number, they can get your text messages — including the verification codes many online services send when customers reset their passwords.

Source: Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks, Experts Say : NPR

Supply chains show their weaknesses following Avast and NordVPN attacks

Antivirus solution provider Avast and VPN service NordVPN each disclosed a data breach that were traced back to a case of exposed credentials.

The security incidents are indicative of a key threat that exploits insecurities in the digital supply chain to mount a variety of attacks on businesses and critical infrastructure. Exploiting a third-party also vastly increases the scale of an attack, as a successful break-in opens up access to multiple businesses, making them all vulnerable at once.

Source: Supply chains show their weaknesses following Avast and NordVPN attacks

1 2 3 105
>