You heard right. The embattled ride sharing service @Uber paid thieves $100,000.00 to delete stolen data of ~57 million of its users private information. Then they attempted to bury the entire event and not disclose the breach to the public as they are legally required to by law.

Uber has struggled with many legal and business mishaps the past year and yet another bad choice will definitely take an toll on the company’s continued existence. So does anyone need a Lyft?

#uber #security #hacking #databreach

https://www.cnbc.com/2017/11/21/uber-hack-exposes-data-of-57-million-users-and-drivers-report-says.html

OnePlus is one of my new mobile device favorite but lacks in there software development process it’s beginning to show. They have released multiple new applications now that have been found to be easily subverted to gain access. Tile to keep a close eye on those updates!

#security #hacking #OnePlus

https://latesthackingnews.com/2017/11/16/another-oneplus-factory-app-allow-attackers-steal-photos-gps-wifi-data/

 

Dell recently had a snafu in its domain registration and was the victim of one of the oldest internet “hustles”.  Cybersquatting and domain drop catching (aka Domain sniping).

Around June to early July 2017, DellBackupandRecoveryCloudStorage.com domain was the property of a German company named TeamInternet.com.  Apparently, they specialize in selling what appears to be typosquatting traffic.  In other words, they are “dirty spammers and linkjackers“.  Think as in terms of typing in Goggle.com instead of Google.com.

According to Dell no information or backups look to have been lost or compromised due to the domain loss.

Below is a link to a great article about it from KrebsOnSecurity.

#Dell #Security #Cybersquatting #DomainSniping

https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/

 

Amazon is seemingly dipping its toes into the security market with this new Alexa enabled camera. Also if you buy the in home delivery bundle it’s $100 cheaper.

Yes I said in home.

This bundle includes a smart lock that allows Amazon deliveries to open your door and place your package inside.

All the security implications aside this is an interesting twist to an offering. IoT has changed the game.

#security #IoT #Amazon

https://www.theverge.com/circuitbreaker/2017/10/25/16535002/amazon-cloud-cam-camera-alexa-key-in-home-delivery

 

From a technical perspective, the Equifax breach was a fairly simple hack.  Boiled WAY down the thieves took advantage of an old bug in Apache Struts on an unpatched vulnerable web server and in doing so became a process owner on that server.  This then gave them access to other connected systems.  So with time likely on their side, they roamed the network and made out with the proverbial goods.

In reflection, now that we have had time to digest the response it begs to reason if Equifax did all it could as stewards of our information and data.

So as further reading we’d thought we’d share a great article on the techie part of the how and how it affects us all.

#security #equifaxbreach #hacking

https://www.wired.com/story/equifax-breach-no-excuse/

It’s another day and another hacked company! Whole Foods announced recently that hackers obtained access to their network and were able to steal credit card information of its customers. While they claimed that their primary systems for taking credit card payments were not impacted, they report systems pertaining to the taprooms, restaurants, and other service systems that are in store use a different credit card processing system. These were the ones that were infiltrated.

Whole Foods who were recently purchased by Amazon did not release the range of the impact nor which facilities were at-risk. They have hired a leading cyber security firm and are investigating.

#hacking #security #WholeFoods

http://abc7.com/2468228/

In another in a long list of slip ups Equifax has again got itself into another security hole. By not using their main domain and setting up new domain name for their breach response they have opened themselves up to one of the oldest tricks on the internet. Tricky domain names.

To prove the point a developer simply set up another domain by inverting the first 2 words of the url and even Equifax tweeted the wrong domain out to people. Not once, not twice, but three times!

Equifax’s already weak response to protecting its clients is continuing to slide down the slope of ridiculous.

#Equifax #security #privacy #internet

http://www.kgw.com/mobile/article/news/nation-world/equifax-accidentally-sent-data-breach-victims-to-a-fake-website/477541196

Avast Security owned software CCleaner was recently found to have been hijacked with a backdoor installed into it by unknown “bad actors”. An wildly popular Windows maintenance application that has been downloaded over 2 billion times, CCleaner has been a favorite of techies and corporate types alike. Avast has acknowledged the issue and a new upgrade was released but to many out there who knows how much was hijacked or stolen during the months this hack has been in play. TR;DL below.

#security #hacking #avast #ccleaner

https://www.forbes.com/sites/thomasbrewster/2017/09/18/ccleaner-cybersecurity-app-infected-with-backdoor/amp/

http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/

On the heels of Apple’s big “Look at our new stuff” show comes the news that a flaw in iOS dubbed Leaky reported in February remains unpatched by both Microsoft and Apple.

Sad part is that Microsoft doesn’t consider this flaw to be a serious issue and Apple only said that this issue should be addressed in iOS 11, to the dismay of everyone that can not upgrade to latest version.

Technical explanation and TL;DR below.

#security #hacking #Microsoft #apple

http://www.techrepublic.com/article/ios-security-alert-your-device-is-transmitting-exchange-credentials-without-any-encryption/?ftag=COS-05-10aaa0g

 

In another twist in an already complex and difficult response to a major security breach, Equifax was found to be using a very simple algorithm for assigning PINs to individuals for credit file freezes.  A Smithsonian research scientist stumbled upon this little bit of info while signing up to freeze her credit files.  The 10 digit pin was based simply on the time and date you signed up.

This prompted Equifax to announce, after a flood of customer complaints, they would be changing the PIN generation and reset request process.  This new process should be active as of now.

So continue to be vigilant out there friends.  Because your info is available out there and those that are paid to protect it have made it your problem to monitor now.

#security #equifaxhack #equifax #hacking

https://mobile.nytimes.com/2017/09/10/your-money/identity-theft/equifax-breach-credit-freeze.html