Flipboard data breach – what users should do now

Posted on May 31st, 2019 by Responsible Cyber

by John E Dunn Popular news aggregation site Flipboard – one billion app downloads from Google Play and counting – has become the latest internet company to admit it has suffered a breach. We’ve covered a lot of data breaches in recent years but this one has one or two wrinkles that are worth highlighting. […]

Read More

The cryptominer that kept coming back

Posted on May 30th, 2019 by Responsible Cyber

by John E Dunn One of computer security’s special frustrations is the phenomenon of malware that keeps re-infecting a system no matter how many times defenders think they’ve cleaned it. This was the puzzle that recently confronted Sophos Support when it was called in to investigate the mystery of an internet-facing Apache Tomcat web server […]

Read More

CEO told to hand back 757,000 fraudulently obtained IP addresses

Posted on May 23rd, 2019 by Responsible Cyber

by John E Dunn A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back after the American Registry for Internet Numbers (ARIN) won a landmark judgment against it. The dispute began in late 2018 when ARIN, which allocates IPv4 addresses in the US, Canada and parts of the Caribbean […]

Read More

Don’t break Windows 10 by deleting SID, Microsoft warns

Posted on May 22nd, 2019 by Responsible Cyber

by John E Dunn Microsoft has reminded admins and users not to delete something called a Windows account security identifier (SID) ‘capability’ in case they inadvertently break applications. It’s not clear what prompted Microsoft to issue the caution for a type of SID that has been part of its OS since Windows 8 and Windows […]

Read More

Deep Packet Inspection a threat to net neutrality, say campaigners

Posted on May 21st, 2019 by Responsible Cyber

by John E Dunn Some of Europe’s biggest ISPs and mobile operators stand accused of using Deep Packet Inspection (DPI) technology to quietly undermine net neutrality rules and user privacy. News of the troubling allegation first reached the public domain earlier this year in an analysis by German organisation epicenter.works. It claimed it had detected […]

Read More

Android phones transformed into anti-phishing security tokens

Posted on April 12th, 2019 by Responsible Cyber

by John E Dunn Google just announced a new security feature that allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts. The surprise announcement was buried inside a pile of enterprise-oriented enhancements revealed at Google Cloud Next 2019 in San Francisco on Wednesday. Released in beta, […]

Read More

Apache needs a patchy! Carpe Diem, update now

Posted on April 6th, 2019 by Responsible Cyber

by John E Dunn The maintainers of one of the world’s most popular web servers, Apache HTTP Server, have patched a critical vulnerability that could give an attacker a way to gain full ‘root’ admin control on Unix-based systems. Named ‘Carpe Diem’ by the researcher who discovered it, Ambionics engineer Charles Fol, techies might prefer […]

Read More

Patch now! Magento e-commerce sites targeted by SQLi attacks

Posted on April 5th, 2019 by Responsible Cyber

by John E Dunn Cybercriminals are reportedly exploiting a critical flaw in the Magento e-commerce platform only days after it was made public by the researchers who discovered it. Scoring a 9.0 on CVSS, the bug doesn’t yet have a CVE number to identify it but Magento refers to its patching list as PRODSECBUG-2198 (the […]

Read More

Is your e-commerce site being used to test stolen card data?

Posted on March 30th, 2019 by Responsible Cyber

by John E Dunn An unspecified weakness in some versions of the Magento e-commerce platform is reportedly being misused by carding criminals to surreptitiously test the validity of stolen, leaked or skimmed credit and debit cards. That’s according to news site ZDNet, which said it had seen an advisory from Magento which, frustratingly, doesn’t appear […]

Read More

As drones fill the skies, cybercriminals won’t be far behind

Posted on March 29th, 2019 by Responsible Cyber

by John E Dunn For the longest time, drones looked like a good-news tech story that would transform aerial photography, disaster relief and parcel delivery. The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts. […]

Read More