Security News

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database. In a separate email to subscribers, shared with El Reg by dozens of readers, the telco expanded: "The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details, technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth."

A UK cybercrime vigilante was so incensed by tech support scammers he reverse-hacked the call centre in India to reveal CCTV footage of perpetrators as they ripped off their victims in real-life calls. During 2019, Browning said he was able to identify dozens of call centres in India where many of tech support scams targeting English speakers originate.

Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

Always stay alert to potential security attacks on mobile devices. Aaron Turner, president and chief security officer of Highside, a distributed identity and secure collaboration technology company, said hardened Android devices are preferred over iOS devices, because iOS devices rely on a single-point-of-failure security model and don't allow users to select which encryption roots their device trusts.

Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo's lawyer. Assange appeared in the central London court via video link from prison.

Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites. Just days after the existence of the flaw was made public, ThemeGrill customers started reporting that the security hole had apparently been exploited to hack their websites.

A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers a ransom to unlock its systems. Because of the ransomware attack, patients had their medical care and treatment disrupted, the complaint alleges.

A group of hackers called OurMine hijacked some of Facebook's official Twitter and Instagram accounts over the weekend through a third-party social media management service. The hackers briefly hijacked the Twitter accounts of Facebook and its Messenger application, and the Instagram accounts of Facebook and Facebook Messenger.

Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!Offensive Security have released Kali Linux 2020.1, which is available for immediate download. You can upgrade Windows 7 for free! Why wouldn't you?Windows 7 has been Microsoft's most successful operating system and, it's safe to say, one of the most loved. How industries are evolving their DevOps and security practicesThere's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses.

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.