Group items tagged

"The most well-documented of these deals with the hash function used to "anonymize" the license and medallion numbers. A bit of lateral thinking from one civic hacker and the data was completely de-anonymized. This data can now be used to calculate, for example, any driver's annual income. More disquieting, though, in my opinion, is the privacy risk to passengers. With only a small amount of auxiliary knowledge, using this dataset an attacker could identify where an individual went, how much they paid, weekly habits, etc. I will demonstrate how easy this is to do in the following section."

"The transparency report is in its third year, but it hasn't prevented attacks from advocates such as Edward Snowden, who called the company "hostile to privacy". "Dropbox is a targeted you know wannabe PRISM partner," he told the Guardian in July 2014. "They just put … Condoleezza Rice on their board … who is probably the most anti-privacy official you can imagine.""

""Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to our emails. "

""History sniffing" promises a nose full of dust or, you're talking about web browsers, a whiff of the websites you've visited. And that may be enough to compromise your privacy and expose data that allows miscreants to target you more effectively with tailored attacks. For example, a phishing gambit that attempts to simulate your bank login page has a better chance of success if it presents the web page for a bank where you actually have an account."

"Computer security experts suggested that the crisis could reflect weaknesses in the NHS's cybersecurity. Ross Anderson, of Cambridge University, said the attack appeared to exploit a weakness in Microsoft's software that was fixed by a "critical" software patch earlier this year but which may not have been installed across NHS computers."

"Surrendering our privacy to the government would be foolish enough. But what is more insidious is the Faustian bargain made with the marketing industry, which turns every location ping into currency as it is bought and sold in the marketplace of surveillance advertising. Now, one year later, we're in a very similar position. But it's far worse. A source has provided another data set, this time following the smartphones of thousands of Trump supporters, rioters and passers-by in Washington, D.C., on January 6, as Donald Trump's political rally turned into a violent insurrection. At least five people died because of the riot at the Capitol. Key to bringing the mob to justice has been the event's digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing."

"This is where Google's Project Shield comes through: sites pre-register with Google to "reverse proxy" their traffic through Google's cloud platform. By making a change in DNS, publishers can route all their traffic through Google. This means that a DDoS attack has to be sufficiently robust as to take down Google's cloud (much harder than taking down a WordPress install on a rack in a commodity hosting provider)"

"L&M used a credential stuffing attack: using email addresses gleaned from massive breaches to gain access by repeatedly trying different email/password combinations."

"Google released a beta test version of its Chrome browser that attempts to keep your data secure even if today's uncrackable encryption becomes tomorrow's code-breaking cakewalk. The Chrome 54 beta gets the ability to encipher data sent to and from websites with a technology called CECPQ1. It "protects against future attacks using large quantum computers," Google said in a blog post Thursday."

"demonstrate a fiendishly clever procedure for getting data off of airgapped computers that have had their speakers removed to prevent acoustic data-transmission: instead of playing sound through the target computer's speakers, they attack its fans, varying their speeds to produce subtle sounds that humans can barely notice, but which nearby devices can pick up through their microphones."

"Three software flaws in Facebook's systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook."

"As more governments turn to contact tracing apps to aid in their efforts to contain the coronavirus outbreak, cybersecurity experts are warning this may spark renewed interest in Bluetooth attacks. They urge developers to ensure such apps are regularly tested for vulnerabilities and release patches swiftly to plug potential holes, while governments should provide assurance that their databases are secure and the data collected will not be used for purposes other than as originally intended. "

"The Observer has obtained a series of Conservative party attack ads sent to voters last week in the key marginal constituency of Delyn, north Wales. Activists captured the ads using dummy Facebook accounts after finding that their own ad - encouraging young people to register to vote - were being "drowned out" by the Tory ads"

"Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM. The flaws, named Meltdown and Spectre, were discovered by security researchers at Google's Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system."

"Japanese idol Ena Matsuoka was attacked outside her home last month after a fan figured out her address from selfies she posted on social media - just by zooming in on the reflection on her pupils, according to media reports."

"Spyware sold by an Israeli private intelligence firm was allegedly used to hack the phones of dozens of Al Jazeera journalists in an unprecedented cyber-attack that is likely to have been ordered by Saudi Arabia and the United Arab Emirates, according to leading researchers."

"So, are you on Clubhouse, the social-media sensation du jour? No? Me neither. But - I hasten to add, lest there should be any doubt about my social status - that's not because I wasn't invited to join. A generous friend had a few invitations to extend, and she offered me one. After that, she had an attack of what one can only describe as donor's remorse, because in order to be able to extend the invitation to me she had to grant Clubhouse access to all her contacts!"

"In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. "