Search Results for “Fortune”


May 13, 2020
James Leggate / Fox Business

James Leggate / Fox Business  
Fortune 500 Company Magellan Health Said That Hacker Stole Personal Data During Ransomware Attack

Fortune 500 health care company Magellan Health said that a hacker stole some personal information in a ransomware attack last month after sending phishing emails that impersonated a company client. Magellan is notifying and providing identity theft protection for people whose personal information was affected.

May 29, 2020
Robert Hackett / Fortune

Robert Hackett / Fortune  
Bug Bounty Platform Company Synack Raises $52 Million in Series D Round, Valuation Now $500 Million

Crowdsourced penetration testing platform company Synack has raised $52 million in a Series D funding round led by C5 Capital USA and including B Capital Group, GGV Capital, GV (previously Google Ventures), Hewlett Packard Enterprise Co., Icon Ventures, Intel Capital, Kleiner Perkins, Microsoft Corp.’s M12 and Singtel Innov8. The latest funding round puts Synack’s valuation at around $500 million. Synack was founded in 2013 by former National Security Agency security experts and bills itself as a “Hacker-Powered Intelligence Platform.”

April 22, 2020
Robert McMillan / Wall Street Journal

Robert McMillan / Wall Street Journal  
iPhone Zero-Day Flaw That Requires Only Specially Crafted Messages to Gain Phone Access Has Been Exploited for Two Years by Sophisticated Attackers, Researchers

In attacks that go back two years, iPhones have been exploited by sophisticated hackers who leveraged a zero-day flaw in the smartphone’s email software, according to digital security firm ZecOps. The hackers gained access to the phones by merely sending a specially crafted message, which triggers the attack when the phone’s email reader downloads the message. ZecOps wasn’t able to obtain the malware itself but based it determinations on the digital clues left after the attacks. The attacks were virtually undetectable due to the sophistication of the attackers and Apple’s efforts to make investigating the device difficult. The researchers were able to identify six targets of these attacks including employees of a telecommunications company in Japan, a large North American firm, technology companies in Saudi Arabia, and Israel, a European journalist and an individual in Germany. Apple has patched the mail bug in a test version of its iPhone operating system, but the fix hasn’t yet been widely released through an official IOS update.

Related: Motherboard, iMore, Security Affairs, The Hacker News, ZDNet Security, AppleInsider, iPhone Hacks, Cult of Mac, Reuters: Top News, Tech Insider, Cybersecurity Insiders, Inc.com, Engadget, The Register – Security, MobileSyrup.com, Tenable Blog, Cyber Kendra, MacRumors, CNET, PhoneArena, Security News | Tech Times, HotHardware.com, TechCrunch, Apple InsideriMore, iPhone Hacks, Threatpost, iDownloadblog, PYMNTS.com, Fortune, 9to5Mac, Malwarebytes Unpacked, Malwarebytes Unpacked, SiliconANGLE, MacDailyNews, ZDNet Security, Law & Disorder – Ars Technica, The Hill: Cybersecurity, The Inquisitr News, Mashable, Reuters, iTnews – Security, Patently Apple, Japan Today, Wall Street Journal, ARN, The Verge, VentureBeat, Japan Times, Fortune, Motley Fool, The Hacker News, MobileSyrup.com, Security Affairs, Jerusalem Post

Tweets:@ZecOps @kennwhite @AntivirusLV

Motherboard: Researchers Say They Caught an iPhone Zero-Day Hack in the Wild
iMore: An iOS vulnerability may have been exploited to spy on Uyghur population
Security Affairs: A new Insomnia iOS exploit used to spy on China’s Uyghur minority
The Hacker News: New iPhone Hack is Being Exploited to Spy Uyghurs Muslims in China
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
AppleInsider: Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Cult of Mac: iPhone vulnerability let hackers attack devices through Mail app
Reuters: Top News: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Tech Insider: Hackers may be attacking iPhones by sending emails that can infect phones without you even opening the email (AAPL)
Cybersecurity Insiders: Apple iPhones are vulnerable to Email hacks
Inc.com: Apple Mail Bug Lets Hackers Control Your iPhone
Engadget: Apple Mail for iPhone may be vulnerable to malware attacks
The Register – Security: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild
Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug
MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta
CNET: Mail app on iPhone may be vulnerable to email hack, report says
PhoneArena: “Scary” vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon
Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data
HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions
TechCrunch: A new iPhone email security bug may let hackers steal private data
Apple Insider : Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iMore: A new security vulnerability has been discovered in the default Mail app
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Threatpost : Apple Patches Two iOS Zero-Days Abused for Years
iDownloadblog : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch
PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
9to5Mac : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release
Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
SiliconANGLE: Hackers spotted using new iPhone vulnerability in email-borne cyberattacks
MacDailyNews: Apple investigating report of a new iOS email exploit being used in the wild
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
Law & Disorder – Ars Technica: A critical iPhone and iPad bug that lurked for 8 years may be under active attack
The Hill: Cybersecurity: Vulnerabilities on iPhones, iPads allowed hackers to access data for years: report
The Inquisitr News: Flaws In iPhone Design Have Allowed Hackers To Steal Information For Years
Mashable: Newly disclosed iPhone vulnerability means emails are an even bigger risk
Reuters: Flaw in iPhone, iPads may have allowed hackers to steal data for years
iTnews – Security: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Patently Apple: Apple is planning to fix a Security Flaw that was first discovered by a former Israeli Defense Force security researcher
Japan Today: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Wall Street Journal: Apple iPhone May Be Vulnerable to Email Hack
ARN: Apple moves to fix flaw affecting up to 500M iPhones
The Verge: Apple’s default Mail app for the iPhone has a severe security flaw, researchers claim
VentureBeat: Researchers find actively exploited iOS flaws that were open for years
Japan Times: Apple iPhones and iPads vulnerable to hackers by flaws in mail app
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
Motley Fool: iPhone Flaw Allowed Hackers to Steal Data for Years
The Hacker News: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Security Affairs: Hacking Apple iPhones and iPads by sending emails to the victims
Jerusalem Post: Israeli security company finds vulnerable flaw in iPhones, iPads

@ZecOps: Hackers may be attacking iPhones by exploiting a previously unknown flaw in the smartphone’s email software, according to digital-security company @ZecOps https://wsj.com/articles/apple-iphone-may-be-vulnerable-to-email-hack-11587556802 via @WSJ
@kennwhite: MacRumors Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta San Francisco-based cybersecurity company ZecOps today announced that it has uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices, as noted by Motherbo + Related: CERT-EU , CERT-EU , The Register - Security, The Register - Security, Techmeme Chatter (@TechmemeChatter) | Twitter, Techmeme Chatter (@TechmemeChatter) | Twitter, MobileSyrup.com, Tenable Blog, Cyber Kendra, Techmeme Chatter (@TechmemeChatter) | Twitter, GeekWire, GeekWire, CERT-EU , MacRumors, CERT-EU , CNET, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PhoneArena, PhoneArena, Security News | Tech Times, Security News | Tech Times, HotHardware.com, HotHardware.com, CERT-EU , TechCrunch, TechCrunch, CERT-EU , iMore, CERT-EU , iMore, CERT-EU , CERT-EU , iPhone Hacks, iPhone Hacks, iPhone Hacks, iPhone Hacks, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Fortune, GeekWire, CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked Related: CERT-EU : Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Zero-click, zero-day flaw in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug Techmeme Chatter (@TechmemeChatter) | Twitter: @TheRegister: Zero-click, zero-day flaw in iOS Mail exploited to hijack VIP smartphones. Apple rushes out beta patch https://t.co/r7OWryABPq GeekWire: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch GeekWire: Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CNET: Mail app on iPhone may be vulnerable to email hack, report says CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions CERT-EU : iPhone's Mail app has two severe "zero-click" vulnerabilities that have existed for 8 years TechCrunch: A new iPhone email security bug may let hackers steal private data TechCrunch: A new iPhone email security bug may let hackers steal private data CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : A new security vulnerability has been discovered in the default Mail app iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta CERT-EU : Apple Patches Two iOS Zero-Days Abused for Years CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app GeekWire: iOS Mail bug allows remote zero-click attacks CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
@AntivirusLV: Researchers are reporting two Apple #iOS 0-day security #vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta. A final release of iOS 13.4.5 is expected soon.


March 5, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Engineering and Industrial Construction Company Emcor Group Was Hit by Ryuk Ransomware Last Month, Still Working on Restoring Services

Engineering and industrial construction company Emcor Group, a US-based Fortune 500 company, disclosed last month a Ryuk ransomware incident that took down some of its IT systems on February 15. The company didn’t exactly go public with the details of the attack. However, the message announcing the ransomware infection is still present on the company’s website almost three weeks after the attack. Emcor said it is restoring services but did not say if it paid the ransom. In its financial report for Q4 2019, the company said it already adjusted the estimated 2020 figures to account for the downtime caused by the ransomware incident, but did not specify the estimated losses.

May 29, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Japanese Telecom and Tech Giant NTT Says Hackers Gained Access to It Internal Network and Stole Data on 621 Customers

Japanese telecommunications and technology giant Nippon Telegraph & Telephone (NTT) disclosed a security breach in which hackers gained access to its internal network and stole information on 621 customers from its communications subsidiary, NTT Communications. The hack, which originated from an NTT base in Singapore, took place on May 7. NTT says it became aware of the intrusion on May 11. The hackers breached several layers of its IT infrastructure and reached an internal Active Directory (AD in the graph below) to steal and upload data to a remote server. NTT says it took down the hacked systems as soon as it learned of the incident and is now upgrading its infrastructure.

April 3, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
New Automated Zoom Meeting Discovery Tool ‘zWarDial’ Shows Many Zoom Meetings Are Unprotected by Passwords as FBI Issues Warning of ‘Zoombombing’

According to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a substantial number of meetings at major corporations are not being protected by a password, which could lead to those meetings being “Zoom bombed” or eavesdropped upon. Each Zoom conference call is assigned a Meeting ID that consists of 9 to 11 digits. Naturally, hackers have figured out they can simply guess or automate the guessing of random IDs within that space of digits. The incidence of Zoombombing has reached such a peak that the FBI issued a warning earlier this week about the problem and guided how to keep meetings secure.

Related: TechBeacon, Thomas Brewster – Forbes, Slashdot, iTnews – Security, USA Today, bobsullivan.net, MacRumors, The Register – Motley Fool, Techerati, ExtremeTech, Fortune, MarketWatch.com – Software Industry News, E-Commerce Times, The Guardian,  BGR, CNN.com, WashingtonExaminer.com, Pocket-lint, The Verge, HealthITSecurity, SecurityWeek, iTnews – Security, SiliconANGLE,channelnews, Blog – Wordfence, FOX News, Big News Network, Inverse, Slashdot, The Verge,The Hill, Futurism, Rapid7, Motley Fool, rthk.hk Local, Mashable, Inverse, EFF, ExtremeTech, Verdict, Popular Science, Heavy.com, The Sun, TechTarget, The Sun, New Zealand Herald – Top Stories, Android Central , Tech Insider, Vox

Tweets:@iblametom

TechBeacon: Zoom: Just one click, and privacy went ‘boom’
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
USA Today: Do these things to keep hackers out of your Zoom calls
bobsullivan.net: As Zoom use explodes, so do Zoom problems. Here’s my security checklist
MacRumors: Zoom Updates Mac App Installer to Remove Controversial ‘Preflight’ Installation Method
Cyber News Group : Zoom now being sued through sharing personal data – UK government, however, defends its use
The Register – Security: Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’
Heimdal Security : SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure
Reddit – cybersecurity: Zoom has another security flaw. ‘Researchers at a company called Bleeping Computer have exposed another security flaw with the conferencing application Zoom—one that allows hackers to steal user passwords.’
US-CERT Current Activity: FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing
Infosecurity.US: The Continuing ZOOM Security Fails: A Litany Of Security Incompetence
Cult of Mac: 5 Zoom alternatives to keep you connected during COVID-19 crisis
Verdict: Zoom unveils 90-day plan to rebuild reputation
Motley Fool: Zoom Freezes All New Feature Rollouts to Shift Resources Toward Privacy and Safety
Techerati: Zoom halts development to plug security holes
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
MarketWatch.com – Software Industry News: Zoom Video lurches from boom to backlash amid privacy issues, ‘Zoom bombing’ attacks
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
The Guardian: ‘Zoom is malware’: why experts worry about the video conferencing platform
BGR: Zoom responds to backlash over privacy concerns
CNN.com: Zoom CEO apologizes for having ‘fallen short’ on privacy and security
WashingtonExaminer.com: ‘Zoom-bombing’ and privacy flaws plague app that has become immensely popular during coronavirus outbreak
Pocket-lint: Zoom pauses new features to focus on security as users grow 20x in three months
The Verge: Zoom quickly fixes ‘malware-like’ macOS installer with new update
HealthITSecurity: Zoom to Halt Feature Development to Bolster Privacy, Security for COVID-19
SecurityWeek: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
SiliconANGLE: Zoom CEO ‘deeply sorry’ after privacy issues, promises improvements
channelnews: Zoom Slammed Over Security Issues & China Server
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
FOX News: SpaceX bans its employees using Zoom over privacy concerns, report says
Big News Network: Elon Musk’s SpaceX bans Zoom over privacy concerns
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
The Verge: Zoom has disabled a feature that was exposing users’ LinkedIn profiles
The Hill: Zoom CEO says company reached 200 million daily users in March
Futurism: Experts Warn That Hackers Can Use Zoom to Take Over Your Computer
Rapid7: Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Motley Fool: Why Zoom Video Communications Stock Fell Today
rthk.hk Local: Privacy chief warns of video conference risks
Mashable: Zoom was secretly mining LinkedIn data and sharing it with some users
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
EFF: Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
Verdict: Zoom unveils 90-day plan to rebuild reputation
Popular Science: Check these privacy and security settings before your next Zoom video chat
Heavy.com: Zoom Bombing: 5 Fast Facts You Need to Know
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
channelnews: Zoom Slammed Over Security Issues & China Server
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
TechTarget: Risk & Repeat: Zoom security comes under fire
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
New Zealand Herald – Top Stories: Zoom boss ‘deeply sorry’ over security claims, expert unconvinced
Android Central : If you’re fed up with Zoom’s shenanigans, here’s out to delete your account
Tech Insider: Protect your Zoom meetings with a password now — otherwise, you’re leaving the door wide open for hackers to ‘Zoom-bomb’
Vox: Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems

@iblametom: New - Guess who spent over $1 million on Zoom tech in just a few days? CDC, FEMA and NIH. As in all the US gov bodies responding to the coronavirus crisis. This is where Zoom security and privacy needs to be much better.


May 21, 2020
Russell Brandom / The Verge

Russell Brandom / The Verge  
Apple and Google Roll Out Support for Their Coronavirus Exposure Notification System, Three U.S. States, Twenty-Two Countries Sign Up

In a move that makes digital contact tracing one step closer to reality in the U.S. and other countries, Apple and Google rolled out support for their coronavirus exposure notification system, as implemented in an update to iOS and Android. The joint system uses a complex BLE Beacon protocol to allow users to track recent exposures to other users who have tested positive for COVID-19. Both tech giants pledge not to monetize the data and to shut down the system once the tracking is no longer needed. Three U.S. states have come forward to announce their own notification systems based on the app – Alabama, South Carolina, and North Dakota. The companies say 22 countries have separately received access to the API, although it declined to name specific nations.

Related: Business Insider, iMore, Android Central , Mic, Fortune, Roll Call, Future of Privacy Forum, Android Authority, iPhone Hacks, ET news, Tech Insider, WRAL Tech Wire, Gulf News Technology, LA Daily News, TIME, POLITICO, MacRumors, MacDailyNews, TechCrunch, xda-developers, Vox, MacRumors, iMore, Pocket-lint, Input, MacStories, Patently Apple, MacDailyNews, Gizmodo Australia, Slashdot, BBC, The Guardian, MacDailyNews, TechCrunch, POLITICO, Fortune, LA Daily News, TIME, IT News, iMore, channelnews, ZDNetMacRumors, MacDailyNews, Techdirt, xda-developers, Apple Newsroom, MacStories, Android Authority, Pocket-lint, Techradar, Vox

Tweets:@carolineha_ @lukOlejnik @LeoKelion @geoffreyfowler

Business Insider: Apple and Google are making their COVID-19 exposure tech available to public health agencies, which means you’ll soon have access to contact tracing apps (GOOG, GOOGL, APPL)
iMore: Apple and Google officially launch Exposure Notifications to fight COVID-19
Android Central : Apple and Google officially launch Exposure Notifications to fight COVID-19
Mic: The Trump administration demanded the U.N. remove abortion access from its pandemic response plan
Fortune: Apple, Google’s COVID-19 tracing tool is one big step closer to being put to use
Roll Call: Apple, Google release template for COVID-19 contact tracing apps
Future of Privacy Forum: FPF CEO: Will I Install an Exposure Notification App? Thoughts on the Apple-Google API
Android Authority: Google and Apple announce exposure notification API (Update: Now public)
iPhone Hacks: Apple Releases iOS 13.5 and iPadOS 13.5 with Exposure Notification API for Contact Tracing Apps
ET news: ‘Failed mishmash’ of privacy protections insufficient for NHS app users
Tech Insider: Apple and Google are making their COVID-19 exposure tech available to public health agencies, which means you’ll soon have access to contact tracing apps (GOOG, GOOGL, APPL)
WRAL Tech Wire: Apple, Google release technology for pandemic apps tracking COVID-19 exposure
Gulf News Technology: Apple, Google release technology for COVID-19 apps
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
POLITICO: Apple, Google release coronavirus-tracing software — but will it help?
MacRumors: Apple and Google Launch COVID-19 Exposure Notification API, Over 20 Countries Have Requested and Received Access
MacDailyNews: Apple TV+ faces dual challenges
TechCrunch: Apple and Google launch exposure notification API, enabling public health authorities to release apps
xda-developers: [Update 6: API Live] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
Vox: Apple and Google roll out their new exposure notification tool. Interest seems limited.
MacRumors: Apple Releases iOS and iPadOS 13.5 With Exposure Notification API, Face ID Mask Updates, Group FaceTime Changes and More
iMore: Apple releases iOS 13.5 with exposure notification API, Face ID updates
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
Input: iOS 13.5 is here with smarter Face ID unlock when you’re wearing a face mask
MacStories: Apple Releases iOS 13.5 with COVID-19 Exposure Notifications, Face ID Bypass for Masks, FaceTime Setting, and Apple Music Stories Sharing
Patently Apple: A Bitter Ex-Apple Sub-Contractor in Europe is demanding that action be taken against Apple for basically ‘wiretapping entire populations’ via Siri
MacDailyNews: Siri whistleblower goes public over ‘lack of action,’ says Apple should face consequences
Gizmodo Australia: Siri Whistleblower Goes Public To Protest Lack Of Consequences For Apple
Slashdot: Apple Whistleblower Goes Public Over ‘Lack of Action’
BBC: Apple and Google release marks ‘watershed moment’ for contact-tracing apps
The Guardian: Apple and Google release phone technology to notify users of coronavirus exposure
MacDailyNews: How to opt out of COVID-19 contact tracing in iOS 13.5
TechCrunch: Apple and Google launch exposure notification API, enabling public health authorities to release apps
POLITICO: Apple, Google release coronavirus-tracing software — but will it help?
Fortune: Apple, Google’s COVID-19 tracing tool is one big step closer to being put to use
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
WRAL Tech Wire: Apple, Google release technology for pandemic apps tracking COVID-19 exposure
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
IT News : Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets
iMore: Apple and Google officially launch Exposure Notifications to fight COVID-19
channelnews: Could Apple & Google’s COVID-19 Tracing Tech Make COVIDSafe Better?
ZDNet: Apple releases iOS 13.5 with COVID-19 contact tracing feature, Face ID improvements
MacRumors: Apple and Google Launch COVID-19 Exposure Notification API, Over 20 Countries Have Requested and Received Access
MacDailyNews: Apple TV+ faces dual challenges
Techdirt: The Case For Contact Tracing Apps Built On Apple And Google’s Exposure Notification System
xda-developers: [Update 6: API Live] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
Apple Newsroom: iPhone SE: A powerful new smartphone in a popular design
MacStories: Apple Releases iOS 13.5 with COVID-19 Exposure Notifications, Face ID Bypass for Masks, FaceTime Setting, and Apple Music Stories Sharing
Android Authority: Google and Apple announce exposure notification API (Update: Now public)
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
iMore: Apple releases iPadOS 13.5
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
Techradar: iOS 13.5 is here – why you should download it right away
Vox: Apple and Google roll out their new exposure notification tool. Interest seems limited.

@carolineha_: By the way, Apple + Google's API — the backbone that public health authorities can use to build exposure notification apps — went out today. The companies said today that "a number" of US states and 22 countries on 5 continents have requested access
@lukOlejnik: Here's how Google Play will verify that the contact tracing apps are actually from "national health authorities". Seems the system may behave differently if there's a risk of "high risk of transmission". What does it mean? I don't know! #COVID?19 https://support.google.com/googleplay/and
@LeoKelion: Apple and Google have delivered - now public health authorities get to see if there's real advantage in adopting their Covid-19 contact tracing model. But there may be some teething issues along the way
@geoffreyfowler: Apple and Google’s coronavirus exposure software is here, along with iOS 13.5 Now we’re waiting for apps that that use it. So far, we just know 3 states saying they’re going to try: Alabama, South Carolina and North Dakota.


October 30, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Over 21 Million Fortune 500 Company Login Credentials Found on the Web, More Than 16 Million Compromised During Past Year

Over 21 million (21,040,296) credentials belonging to Fortune 500 companies, amid which over 16 million (16,055,871) were compromised during the last 12 months, with up to 95% of the credentials appearing in unencrypted or plaintext format, researchers at application security firm ImmuniWeb discovered. ImmuniWeb discovered the credentials by crawling multiple resources, like markets in the Tor network, web forums, Pastebin, IRC channels, social networks, and messenger chats. Of the total 21 million records, only 4.9 million of them were unique, “suggesting that many users are using identical or similar passwords.” Insecure passwords, such as “password” or one of its variants, were rife with “password” listed as one of the top five easily guessed passwords.

November 14, 2019
Joe Uchill / Axios

Joe Uchill / Axios  
Over Half of Fortune 500 Companies Had an RDP Exposure Over Two-Week Time Period Studied, 80% of Defense and Aerospace Companies Had at Least One Exposure

Over a two-week period, the computer networks at more than half of the Fortune 500 group of companies left a remote access protocol dangerously exposed to the internet, according to researchers at 451Group and security firm Expanse. The joint study found that 53.4% of Fortune 500 companies had a remote desktop protocol (RDP) exposure over a two-week period scanning for open RDP ports. RDP is a way of offering virtual access to a single computer and is often used by IT workers to gain access to employees’ computers when troubleshooting. Around 80% of hospitality industry companies and just under 80% of defense and aerospace companies had at least one exposure, even though defense and aerospace are among the most security-conscious sectors.

August 24, 2017
Richard Chirgwin / The Register

Richard Chirgwin / The Register  
Two-Thirds of Fortune 500 Companies Haven’t Adopted Anti-Email Spoofing Tool DMARC

Two-thirds of Fortune 500 companies have yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC), a primary specification in the the Internet Engineering Task Force’s domain-based message authentication tool RFC 7489, according to  cybersecurity company Agari’s latest DMARC Adoption Report. The rate of adoption of the anti-email spoofing measure was similar for companies in the UK’s FTSE 100 and even higher for Australian companies.