Security News > 2020

Wireless carrier T-Mobile is sending notifications to its customers to inform them of a data breach that resulted in some of their personal information being compromised. Because some of these accounts contained account information for T-Mobile customers and employees, the attack essentially resulted in that data being accessed by a third-party.

Hackers are crawling all over the US Department of Defense's websites. Four years after it first invited white hat hackers to start hacking its systems, the Pentagon continues asking them to do their worst - and a report released this week says that they're submitting more vulnerability reports than ever.

First came 'fuzzing', a long-established technique for spotting bugs such as security flaws in real applications using automated tools. More recently, security fuzzing tools have expanded in number, and today there are hundreds of specialised open-source tools and online services designed to probe specific types of software.

Unwanted and malicious emails using political-themed lures has spiked as the presidential primary season cranks into high gear - with Donald Trump and Bernie Sanders representing the lion's share of subject line themes. "Overall UCE volumes mentioning individual candidates suggests that Donald Trump not only has the incumbent's advantage but also maintains the strongest brand as he did in 2016," researchers said in a posting issued on Super Tuesday.

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month. "About a half of a per cent of the enterprise accounts on our system will be compromised every month, which is a really high number. If you have an organisation of 10,000 users, 50 will be compromised each month," said Weinert.

Let's Encrypt said it will give users of its Transport Layer Security certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization bug before it revokes them. The popular free certificate authority had given users until Wednesday, March 4, 9:00 p.m. EST to replace 3 million certificates because the bug in its Boulder software-discovered and patched this past Sunday-impacted the way its software checked domain ownership before issuing certificates.

Zynga - maker of addictive online social games such as FarmVille, Mafia Wars, Café World and Zynga Poker - is facing a potential class action lawsuit over the September 2019 breach in which hackers got access to more than 218 million Words with Friends accounts. Zynga admitted to the breach at the time, saying that hackers got their hands on "Certain player account information" but that, at least during the early stages of its investigation, it didn't think any financial information was accessed.

Out of the blue over Skype, someone I hadn't communicated with in nearly a year reaches out. The worst part isn't my reply of, "Goodness I'm afraid I cannot help," with the horrible feeling of guilt that accompanies my reply - a feeling the scammer relies upon, necessary for their hacking of the social bond.

Of course, the WHO website wouldn't ask for your email password - it's a public information website, after all, not a webmail service, so it has no need for your email details. The crooks were hoping that because their website looked exactly like the real thing - in fact, it contained the real website, running in a background browser frame with the illicit popup on top - you might just put in your email details out of habit.

There are more than 600 legitimate Microsoft subdomains that can be hijacked and abused for phishing, malware delivery and scams, researchers warned this week. Researchers at Vullnerability, a company that specializes in exploit and vulnerability alerting services, have created an automated system that scanned all the subdomains of some important Microsoft domains.