Security News

Does a generalization of tracking data cover up our traces on the internet?
2020-06-22 04:00

Many providers of tracking services advertise secure data protection by generalizing datasets and anonymizing data in this way. Tracking services collect large amounts of data of internet users.

How the pandemic affected DDoS attack patterns, global internet traffic
2020-06-19 04:30

There has been a shift in internet traffic patterns coinciding with an increase in DDoS and other types of network attacks in recent months as organizations across industries quickly transitioned to remote workforces and individuals under stay-at-home orders began relying on the internet more heavily, according to Neustar. The pandemic effect was clear in traffic to specific websites, such as the 250% increase in queries for a popular collaboration platform as lockdowns commenced and the sharp rise in traffic to the website of a N95 masks manufacturer.

New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
2020-06-17 05:37

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe. According to Israeli cybersecurity company JSOF-who discovered these flaws-the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centers, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.

845GB of racy dating app records exposed to entire internet via leaky AWS buckets
2020-06-16 07:56

Hundreds of thousands of sensitive dating app profiles - including images of "a graphic, sexual nature" - were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records. "Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps' entire AWS infrastructure through unsecured admin credentials and passwords," vpnMentor's researchers wrote.

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users
2020-06-15 08:58

High impact vulnerabilities in modern communication protocol used by mobile network operators can be exploited to intercept user data and carry out impersonation, fraud, and denial of service attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher
2020-06-10 10:00

Expiring root certificates will cause devices like smart TVs and refrigerators to fail in the next few years, security researcher Scott Helme has warned. In order to validate the certificate the client must have a trusted root certificate from the issuing authority, and this, says Helme, is a problem for devices that never get updated.

Gene Spafford on Internet Voting
2020-06-08 18:33

Good interview....

US Lawmakers Push for Internet Privacy Amendments to USA Freedom Act
2020-05-27 11:49

United States lawmakers this week will vote on an amendment to the surveillance bill known as the USA FREEDOM Reauthorization Act that would limit law enforcement access to people's search and browsing histories. Enacted in June 2015, the USA FREEDOM Act amends, among others, the Foreign Intelligence Surveillance Act of 1978, and USA PATRIOT Act, imposing limits on the bulk collection of data on U.S. citizens by the National Security Agency and other intelligence agencies.

Internet giants unite to stop warrantless snooping on web histories
2020-05-26 16:01

It didn't: the amendment to curtail warrantless web history search missed passage by only one vote when four senators didn't show up for the Senate's vote. In a nutshell, Section 215 currently allows the government to collect the web browsing and internet searches of Americans without a warrant.

Internet Organizations Ask US House to Limit Access to Search, Browsing History
2020-05-26 10:41

In a letter to the U.S. House of Representatives, several Internet organizations are urging for an amendment to the surveillance bill known as the USA FREEDOM Reauthorization Act to prohibit warrantless collection of search and browsing history. Signed by Mozilla Corporation, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon, the letter asserts that the Internet browsing and search history provide a detailed picture of a person's life, and that legislation should ensure that this information is well protected.