Latest News

12 months ago
Jeremy Kahn and Nate Lanxon / Bloomberg

Documents Show Facebook Knew About Russian-Linked Activities in 2014, British Lawmaker Says; Facebook Denies the Claim

Facebook knew that Russian-linked entities were using a feature on the social network that let advertisers harvest large amounts of data as early as October 2014, according to Damian Collins, head of a committee of British lawmakers investigating the impact of fake news. Collins’ committee obtained the email underlying this accusation after compelling the founder of U.S. software company Six4Three to hand over a large cache of documents during a business trip to London. Facebook said the documents that Collins has obtained are taken out of context and that the initial concerns raised in the email were investigated at the time, with no findings of Russian data exfiltration.

12 months ago
Azam Ahmed / New York Times

Murdered Mexican Journalist’s Colleagues Were Sent Text Messages Infected With Pegasus Spyware Supplied by Israel’s NSO Group, Citizen Lab

Following the murder of Mexican journalist Javier Valdez, a prominent investigative reporter, his colleagues received spyware-laden text messages inaccurately saying his killers had been caught. The messages were infected with a spyware known as Pegasus, which the Mexican government purchased from Israeli cyber arms dealer, the NSO Group, according to a forensic analysis by the Citizen Lab at the Munk School at the University of Toronto. The Pegasus spyware was purchased during the administration of Mr. Peña Nieto, which bought the spyware on the condition that it be used only to target terrorists and criminals, although the Citizen Lab specialists saying they confirmed nearly two dozen highly questionable targets, including some of Mexico’s most prominent journalists, human rights lawyers and anti-corruption activists.

12 months ago
Huw Jones / Reuters

UK Financial Watchdog Says It Will Punish Firms That Fail on Cyber Defenses or Botch IT Projects

The UK’s Financial Conduct Authority will punish firms that are failing to get the basics right on cyber defenses, or whose botched IT projects harm consumers, Megan Butler, the FCA’s executive director of supervision said. The FCA also released the results of a survey of 300 regulated firms and found that through October 2018, the firms reported a 138 percent rise in technology outages, and an 18 percent increase in cyber incidents when compared to 2017 levels.

12 months ago
Linda Comins / Wheeling News Register

Hospitals in West Virginia, Ohio Forced to Turn Away Emergency Patients in Face of Ransomware Attack

The Ohio Valley Medical Center in Wheeling, West Virginia, and East Ohio Regional Hospital in Martins Ferry, Ohio had to divert emergency patients away from their facilities following a ransomware attack on Friday night. By Monday, only a partial diversion of emergency room traffic was necessary. The attacks shut down hospital systems requiring the staff to revert to paper charting.

12 months ago
Foo Yun Chee / Reuters

Consumer Groups in Seven European Countries Ask Regulators to Take Action Against Google for Alleged Deceptive Location Tracking

Consumer agencies in the Netherlands, Poland, Czech Republic, Greece, Norway, Slovenia and Sweden asked privacy regulators on Tuesday to take action against Google for allegedly tracking the movements of millions of users in breach of the EU’s new General Data Protection Regulation (GDPR). Speaking on behalf of the countries’ consumer groups, the European Consumer Organisation (BEUC) alleges that Google uses various methods to encourage users to enable the settings ‘location history’ and ‘web and app activity’ which are integrated into all Google user accounts leaving users unaware about the use of their personal data and making Google in violation of GDPR regarding user consent for this data use. Google said that Location History is turned off by default, and users can edit, delete, or pause it at any time but that it will continue to improve its user controls.

12 months ago
Elizabeth Schulze / CNBC

Uber Fined Combined $1.17 Million by British and Dutch Authorities for 2016 Data Breach

Uber has been fined a combined $1.17 million by British and Dutch authorities Tuesday for a 2016 data breach that exposed the personal details of millions of customers. The U.K.’s Information Commissioner’s Office (ICO) announced a £385,000 fine ($491,284) while the Dutch Data Protection Authority imposed a fine of €600,000 ($679,257) for the same incident. The high-profile and controversial 2016 data breach exposed information on 2.7 million Uber customers in the U.K. and 174,000 in the Netherlands. The breach predated the EU’s new GDPR rules which would have required far higher payments on the order of 4% of annual revenues for the company.

12 months ago
Brian Krebs / Krebs on Security

Virtually Half of All Phishing Sites Bear Padlock Icons, up From 25% a Year Ago

Half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://,” running counter to the notion that the padlock icon and associated SSL encryption would become synonymous with trustworthiness, researchers at PhishLabs report. Around 49% of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar, up from 25% a year ago.

12 months ago
Catalin Cimpanu / ZDNet

Hacker Infects Popular JavaScript Library That Steals Bitcoin, Bitcoin Cash Funds Stored Inside BitPay’s Copay Wallet Apps

A hacker has gained legitimate access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay’s Copay wallet apps, The library loading the malicious code is named Event-Stream, a JavaScript npm package for working with Node.js streaming data. The library’s original author handed development over to another programmer called Right9ctr. The malicious code resides in the Flatmap-Stream library version 0.1.1. The malicious code steals users’ wallet information, including private keys, and send it to the copayapi.host URL on port 8080.  A new version of CoPay has been released to eliminate the problems.

Podcasts

12 months ago
Defensive Security

Podcast Episode 229

In this week’s podcast, con men ripped off Pathe, password constraints give a false sense of security, the city of Valdez pays off ransomware hacker and more.

12 months ago
ISC StormCast

ViperMonkey; More Malicious NPM Libraries; BMC Lateral Movement

Johannes Ullrich talks about ViperMonkey: VBA Maldoc Deobfuscation, Malicious NPM Libraries, Turning Your BMC Into A Revolving Door.

12 months ago
The Security Ledger

Episode 122: will 5G increase Internet of Things Risk?

Jason Ortiz of the penetration testing firm Pondurance talks about the security implications of massively distributed IoT endpoints connected to capacious 5G cellular infrastructure.

Cybersecurity Events

Nov. 4-9SANS Paris November 2019ParisFrance
Nov. 7-9POC2019SeoulKorea
Nov. 9BSides CharlestonCharleston, SCUSA
Nov. 11-16SANS London November 2019LondonUK
Nov. 15-17SecureWV 2019 Hack3rCon XCharleston, WVUSA
Nov. 16-28SANS Gulf Region 2019DubaiUAE
Nov. 17-20FS-ISAC Fall SummitWashington, DCUSA
Nov. 18SANS AustinAustin, TXUSA
Nov. 18Securing Mobility SummitLos Angeles, CAUSA
Nov. 18-25Pen Test HackFest Summit & TrainingBethesda, MDUSA
Nov. 18-20NICE ConferencePhoenix, AZUSA
Nov. 18-23SANS Munich November 2019MunichGermany
Nov. 20-21Infosecurity North America and ISACANew York, NYUSA
Nov. 20-21ISC EastNew York, NYUSA
Nov. 21CyberwarconArlington, VAUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!


Support Us!

If you enjoy Metacurity, let us know by becoming a patron. For less than the price of a cup of coffee per day, you can ensure that we continue to deliver you the best of information security news from across the web. We need help in support our growing hosting charges and have great plans for delivering even more dynamic and useful information.Become a Patron!