Cybersecurity News & Analysis | SC Media | Info Security News Security News

Security News

Apple says ultra wideband tech culprit behind location data sharing; to issue fix

If what happens on your iPhone doesn’t stay on your iPhone after all, ultra wideband (UWB) technology is the culprit, according to Apple. After the Apple iPhone 11 Pro was discovered to still be sending out user location data even after Location Services was disabled, the company has finally pinned the contradiction of its privacy…

My kingdom for a decryptor! Ransomware creates ticketing snafu for N.J. Shakespeare theater

The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” earlier this week after a ransomware attack disrupted its database and ticketing system, causing a show reservations nightmare. Performances of the show, which run through Dec. 29, are now back underway. However, the ransomware has disabled the company’s online…

Company sued for allegedly hijacking Facebook accounts to serve ads

In a lawsuit filed yesterday, Facebook is accusing a Hong Kong-based company of infecting individuals with malware in order to hijack their Facebook ad accounts and run malicious advertisements at their expense. The Menlo Park, Calif.-based social media company filed the legal documentation in a San Francisco federal court against ILikeAd Media International Company Ltd.,…

Passwords found being reused

Same story all over again: Microsoft research finds millions of reused passwords

The loud pleas made by the cybersecurity industry, along with the repeated examples of what happens when login credentials are reused, seemingly have fallen on deaf ears as Microsoft found more than 44 million repeated passwords just for its Azure AD and Microsoft Services Accounts. According to a newly published Microsoft Security Intelligence Report, the…

leaking faucet

3,000 affected by Fort Worth water utility data breach

The Fort Worth, Texas Water Department is notifying about 3,000 customers that their payment information may have been exposed during a data breach. The utility reported that payments made between August 27, 2019 and October 23, 2019 were included in the breach and the content exposed included cardholder’s name, credit card billing address, credit card…

data center

Data center provider CyrusOne hit with REvil ransomware: Report

One day after news broke that data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware the company issued a statement confirming the incident. Initially, CyrusOne did not release any details, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note…

U.S. charges alleged members of “Evil Corp” cybercrime group for Zeus and Dridex campaigns

The U.S. today announced legal and regulatory action against the powerhouse cybercriminal group Evil Corp, filing hacking and bank fraud charges against two of its suspected members. Authorities are also offering a $5 million bounty for information leading to the arrest or conviction of one of the group’s alleged masterminds, 32-year-old Maksim Yakubets of Moscow,…

talkingonaphone

Sprint contractor reportedly stored non-Sprint customers’ phone bills on open server

Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server. The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services…

Cookie leak allows white-hat researcher to access HackerOne vulnerability reports

Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported…

Next post in Vulnerabilities