Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Leaks reveal the spy tactics which leveraged Wi-Fi in a major airport to track travelers.

Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel

A leak at Autoclerk, a reservations management system recently acquired by the Western Hotel & Resorts Group, exposed personal and travel information on hotel guests, including members of the U.S. government, military and Department of Homeland Security. “Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements…

Russian Turla group masqueraded as Iranian hackers in attacks

The Russian hacker group Turla disguised itself as Iranians and stole state secrets from multiple countries, authorities from the U.S. and U.K. said Monday.  “Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign,” Paul Chichester, director of operations at GCHQ’s National Cyber Security…

Mind Your Own Business Act beefs up privacy protections, gives consumers dominion over data, punishes execs

The Mind Your Own Business Act, privacy legislation introduced by Sen. Ron Wyden, D-Ore., Friday, aims to protect data and punish corporate executives who abuse it. Billed by Wyden as going further than the General Data Protection Regulation (GDPR), the bill would let consumers control how their data is used – in a single click…

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in bitcoin, although the true number is likely higher. Researchers from ESET discovered a version of…

Phishing scam targets users of Stripe payment processing service

Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data. The attackers employ two clever tricks to hide their malicious activity. First, they use a technique to block email…

2.8 million CenturyLink customer records exposed by unprotected database

A third-party MongoDB database containing 2.8 million CenturyLink customer records and information was left unprotected exposing the data of several hundred thousand of the tech company’s customers. The database was found by the security firm Comparitech working with security researcher Bob Diachenko. The initial finding took place on September 15, but it is believed the…

Govt surveillance NSA

CBP mulls facial recognition tech for body cams

The U.S. Customs and Border Patrol (CBP) is considering using facial recognition in body cameras that agents will wear in the future, sending out a request for information (RFI) on biometric options that can be used to verify identity. This after California banned the use of facial recognition technology in body cameras and body cam…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

CozyDuke APT group believed to have targeted White House and State Department

APT 29/The Dukes back in business

The threat group APT 29 has apparently returned to action with ESET uncovering three new malware families it is attributing to the cybergang. Apt 29/The Dukes is best known as being the primary suspect behind the Democratic National Committee breach during the runup to the 2016 U.S. presidential election, but the group had remained quiet…

Next post in Government/Defense