Security News
NCP engineering released version 5.30 of the Secure Enterprise Management Server, a central component of the NCP Next Generation Network Access Technology that serves as a single point of administration. With the NCP Secure Enterprise Management Server version 5.30, a Time-based One-time Password generated through the NCP Authenticator App can be used as an alternative to NCP's Advanced Authentication via SMS as a second factor.
Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called "Social Care" was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.
"The main takeaway for online conference platforms is that these companies are in charge of the security of their users and they need to work to secure these environments. Zoom added a password but other actions can be taken as well so that people can't really abuse these platforms," she said. Beyond Zoom's recent flaw, Horowitz also talked to Threatpost about the challenges of hunting down cybercriminals and making attribution, and the top threats she's anticipating in 2020 - from ransomware to cloud-infrastructure attacks.
On Saturday, Google temporarily disabled the ability to publish paid Chrome apps, extensions, and themes in the Chrome Web Store due to a surge in fraud. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," said Simeon Vincent, developer advocate for Chrome Extensions, in a post to the Chromium Extensions forum.
UPDATE. Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. "Tech support scams entail a scammer contacting users and pretending to be a Microsoft support representative. These types of scams are quite prevalent, and even when scammers don't have any personal information about their targets, they often impersonate Microsoft staff. Microsoft Windows is, after all, the most popular operating system in the world."
Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.
The online giant said its "Sandbox" program would still allow advertisers the ability to deliver targeted messages, while also sparing people from being tracked by snippets of code called "Cookies" when they use its Chrome web browser. "We are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete," Chrome director of engineering Justin Schuh said in a post.
A researcher has found two new methods that payment card number thieves are using to try to stay under the radar. The attackers are sometimes referred to as Magecart, a name for a slew of groups that steal payment card numbers.
Microsoft said Monday it obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others. read more
The Hartford has expanded the range of services designed to protect customers from the costly risk of cyber-attacks. The new additions to The Hartford Cyber Center include detection of digital...