Security News

Cloud load balancer snafu leads to 3D printer user printing on a stranger's kit
2021-08-20 13:47

A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu.Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".

Cloud load balancer snafu leads to 3D printer user printing on a stranger's kit
2021-08-20 13:47

A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu. Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".

$600m in cryptocurrencies swiped from Poly Network servers after security snafu
2021-08-10 20:51

Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the "Biggest [attack] in DeFi history." Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used to swap Bitcoin for Ethereum, for example.

Zoom agrees to pay subscribers $25 to put its security SNAFUs behind it
2021-08-02 05:29

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.

Military infosec SNAFUs: What WhatsApp and bears in the woods can teach us
2021-06-07 08:32

Fans of John le Carré's Tinker Tailor Soldier Spy know how top military secrets are extracted from the enemy. If head KGB spy Karla wanted to learn intricate details of the British military today, he'd just have to check WhatsApp.

Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu
2021-05-24 17:15

Mozilla Thunderbird spent the last couple of months saving some users' OpenPGP keys in plain text - but that's now been patched, the author of both the bug and the patch fixing it has told The Register. The vulnerability, assessed as "Low" impact by Mozilla, existed in the free open source Thunderbird email client between version 78.8.1 and version 78.10.1 after a crestfallen maintainer realised carefully designed protections were in fact not protecting users' private OpenPGP keys.

US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents
2021-01-08 19:30

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

Home Depot Confirms Data Breach in Order Confirmation SNAFU
2020-10-29 15:28

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.

TikTok Launches Bug Bounty Program Amid Security SNAFUs
2020-10-16 13:26

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

Brave soz about coding snafu that sent search queries to affiliate links but insists practice is 'industry-standard'
2020-06-09 14:30

Privacy-focused browser maker Brave has responded to complaints about affiliate links by apologising for a coding error but also stating that adding affiliate links to search queries is standard practice. The browser was never guilty of the more serious accusation of injecting affiliate links into the HTML rendered for a page, said Brave.