Search Results for “Gizmodo”


May 29, 2020
Davey Alba / New York Times

Davey Alba / New York Times  
ACLU Sues Facial Recognition Company Clearview AI for Violating Illinois Law Forbidding Use of Face Scans Without Consent

The American Civil Liberties Union (ACLU) sued the facial recognition start-up Clearview AI, which claims to have helped hundreds of law enforcement agencies use online photos to solve crimes, accusing the company of “unlawful, privacy-destroying surveillance activities.” The suit claims that Clearview is violating a stringent Illinois law that forbids companies from using a resident’s fingerprints or face scans without consent. Each violation of the law could cost the company $5,000. The suit follows a report in the New York Times that the company had amassed a database of more than three billion photos across the internet, including from Facebook, YouTube, Twitter, and Venmo.

Related: BiometricUpdate, SC Magazine, Law360, Chicago Sun-Times – All, Gizmodo, The Verge, Daily Dot, Slashdot, Gizmodo AustraliaCNET, VentureBeat, PogoWasRight.org, Engadget, BuzzFeed News

Tweets:@alfredwkng

BiometricUpdate: China considers biometric data protection law to curb facial recognition abuses and secure PII
SC Magazine: Facial recognition fails accuracy test raises privacy concerns; ACLU sues Clearview AI | SC Media
Law360: Advocacy Orgs Say Clearview AI Broke Biometric Privacy Law – Law360
Chicago Sun-Times – All: ACLU sues Clearview AI, developer of controversial facial recognition technology used by CPD
Gizmodo: The ACLU Is Suing Shady Facial Recognition Startup Clearview AI for Being a Shady Facial Recognition Startup
The Verge: ACLU sues facial recognition firm Clearview AI, calling it a ‘nightmare scenario’ for privacy
Daily Dot: ACLU sues facial recognition company Clearview AI
Slashdot: ACLU Accuses Clearview AI of Privacy ‘Nightmare Scenario’
Gizmodo Australia: The ACLU Is Suing Shady Facial Recognition Startup Clearview AI for Being a Shady Facial Recognition Startup
CNET: Clearview AI faces lawsuit over gathering people’s images without consent
VentureBeat: ACLU sues facial recognition startup Clearview AI for privacy and safety violations
PogoWasRight.org: ACLU: We’re Taking Clearview AI to Court to End its Privacy-Destroying Face Surveillance Activities
Engadget: ACLU sues Clearview AI over alleged privacy violations
BuzzFeed News: The ACLU Is Suing Clearview AI To Stop “Privacy-Destroying Face Surveillance”

@alfredwkng: Clearview AI is getting sued for allegedly violating Illinois's biometric privacy law. If you are an Illinois resident and don't want your photo in Clearview's database, you have to agree to give them your photo. https://cnet.com/news/clearview


April 22, 2020
Ben Makuch / Vice News

Ben Makuch / Vice News  
Far-Right Groups Circulate Allegedly Hacked Email Addresses, Passwords for Gates Foundation, WHO, CDC Members, Data Likely Stems From Previous Data Breaches

A data dump of what appears to be outdated email addresses and passwords of members of the Gates Foundation, World Health Organization (WHO), Center for Disease Control and Prevention (CDC), and a virology center based in Wuhan, China, is circulating within a network of neo-Nazi extremists who claim the data was hacked. The goal of the data dump, which first appeared on conspiracy site 9chan, seems to be intimidation of governmental and non-governmental health organizations fighting against the COVID-19 pandemic. Although it is unclear, the leaked data appears to be an aggregation of previously-hacked usernames and passwords that was compiled from a previous data breach. Far-right extremists, particularly “accelerationists” who are seeking to hasten the collapse of society, are keenly interested in the spread of disinformation surrounding coronavirus. The dump migrated from 9chan to a Telegram channel with over 5,000 followers and links to neo-Nazi terrorist organizations Atomwaffen Division and The Base. The Bill and Melinda Gates Foundation said they had found no evidence of a data breach.

Related: Fast Company, Tech Insider, Heavy.com, NBC News, Washington Post, protothemanews.com, Gizmodo Australia, Security News | Tech Times, Security Affairs, Zero Hedge, MSN, BGR, CNET, Gadgets Now, Daily Dot, DataBreachToday.com, The Independent

Tweets:@JaneLytv @JaneLytv

Fast Company: Gates Foundation, WHO hacks are part of a growing wave of attacks on science and health officials
Tech Insider: Neo-Nazis have got hold of 20,000 leaked email addresses and passwords allegedly belonging to WHO and the Gates Foundation, researchers say
Heavy.com: Bill Gates Hacked? Coronavirus Conspiracy Theories Rage
NBC News: Logins of WHO, Gates Foundation employees circulate on fringes of the internet
Washington Post: Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
protothemanews.com: Gates Foundation and WHO hacked with thousands of documents and e-mails leaked online
Gizmodo Australia: Right-Wing Extremists Appear To Be Circulating 25,000 Stolen WHO, NIH Passwords And Emails
Security News | Tech Times: 25,000 Email Addresses and Passwords from the CDC, WHO, Gates Foundation Were Dumped Online
Security Affairs: COVID-19 – Neo-Nazis spread a list of credentials for Gates Foundation, NIH, and WHO employees
Zero Hedge: Email Addresses And Passwords From WHO, NIH, Wuhan Lab, And Gates Foundation Dumped On 4chan
MSN : Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
BGR: Thousands of email addresses and passwords from CDC, WHO, and more leaked online
CNET: Passwords for WHO, CDC, Gates Foundation employees reportedly spread online
Gadgets Now: WHO, Wuhan Institute data hacked: Report
Daily Dot: Why the Gates Foundation, WHO were hacked at the same time
DataBreachToday.com: WHO, Gates Foundation Credentials Dumped Online: Report
The Independent: State-sponsored hackers target US government employees with fast food bait amid fog of coronavirus

@JaneLytv: Yesterday, links to a fake “hack” of the WHO, Gates Foundation, and CDC were posted to 4ch and anon conspiracy-focused Twitter accounts. As many have pointed out, the hoax hack was actually a compilation of old leaked email and password databases. Not a new or recent breach.
@JaneLytv: To confirm, I reached out to the Gates Foundation and the WHO. The Gates Foundation said they did not suffer any new breaches. The WHO confirmed that too, saying some of the published emails were genuine but nobody was able to use the credentials to log in. Statements below:


March 9, 2020
Nicole Hong / New York Times

Nicole Hong / New York Times  
Jury Deadlocked on Eight Counts Against Accused ‘Vault 7’ CIA Hacking Tool Leaker Joshua Schulte

In a mixed outcome for the U.S. government, a federal jury in Manhattan could not convict former C.I.A. software engineer Joshua Schulte of stealing a massive trove of classified hacking tools and leaking them to Wikileaks, the so-called Vault 7 leaks. The jurors deadlocked on eight counts, including illegal gathering and transmission of national defense information but did convict Schulte on two other counts, contempt of court and making false statements to the F.B.I.

Related: Digital Journal, Courthouse News Service, The Seattle Times, CBC, SecurityWeek, Stars and Stripes, AP Top News, The Hacker News, Cyberscoop, emptywheel, The Register, Gizmodo, The Washington Post, RT USA, Fifth Domain | Cyber, POLITICO

Tweets:@shanvav @zackwhittaker

Digital Journal: Jury hung in case of CIA coder accused of cyberweapon leak
Courthouse News Service: Ex-CIA Coder Gets Mistrial on 8 Counts Tied to ‘Vault 7’ Leak\
The Seattle Times: Jury in CIA leaks case fails to reach a verdict on most serious charges
CBC: Jury deadlocks on espionage charges in CIA ‘Vault 7’ leaks case
SecurityWeek: Minor Convictions for Ex-CIA Coder in Hacking Tools Case
Stars and Stripes: Former CIA coder convicted on minor charges in hacking tools case
AP Top News: Minor convictions for ex-CIA coder in hacking tools case
The Hacker News: Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial
Cyberscoop: Vault 7 court case ends in mistrial on most serious charges
emptywheel: Judge Crotty Declares a Mistrial in Joshua Schulte Case
The Register: Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI
Gizmodo: Jury Deadlocked in Case of Accused WikiLeaks Source Charged for ‘Vault 7’ CIA Leaks
The Washington Post: Jury fails to reach verdict on most serious chargesin CIA leaks case
RT USA: Assange trial rehearsal? Hung jury results in mistrial for former CIA tech accused of handing ‘Vault 7’ docs to WikiLeaks
Fifth Domain | Cyber: Minor convictions for ex-CIA coder in hacking tools case
POLITICO: Minor convictions for ex-CIA coder in hacking tools case

@shanvav: A NYC jury was unable to reach a verdict on the most serious charges against a former CIA engineer, Joshua Schulte (re theft of gov property/transferring gov defense info). The jury did find him guilty of contempt of court/lying to FBI. @CyberScoopNews
@zackwhittaker: Trial of Joshua Shulte, who's accused of leaking classified Vault 7 documents to WikiLeaks, ends in a mistrial.


March 25, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Now Blocks All Third-Party Cookies by Default With the Release of Safari 13.1

Starting with the release of Safari 13.1 and through updates to the Intelligent Tracking Prevention (ITP) privacy feature, Apple now blocks all third-party cookies in Safari by default, thwarting the ability of online advertisers and analytics firms to use browser cookie files to track users as they visit different sites across the internet. Apple claims, however, that it was already blocking most third-party cookies anyway. Apple is following in the Tor browser footsteps to implement this privacy measure. Google’s Chrome v80 released in February supports third-party cookie blocking but won’t be fully rolled out to Chrome users until 2020.

Related: iPhone Hacks, The Verge, MacRumors, iMoreiMore, MacRumors, Gizmodo, iPhone Hacks, iPhone Hacks, iPhone Hacks, PhoneArena, BusinessLine – Home, fossBytesiMore, Techradar, Pocket-lint, Engadget, iMore, MacDailyNews, The Apple Post, Full Disclosure, Full Disclosure, Full Disclosure, The Register

Tweets:@1BlockerApp @johnwilander @johnwilander @johnwilander @johnwilander @johnwilander @johnwilander

iPhone Hacks: Safari browser adds Full Third-Party Cookie Blocking on iOS, iPadOS 13.4, macOS
The Verge: Apple updates Safari’s anti-tracking tech with full third-party cookie blocking
MacRumors: Safari in New Versions of iOS and macOS Includes Full Third-Party Cookie Blocking
iMore: Apple releases iPadOS 13.4 with trackpad and mouse support
iMore: Apple releases iOS 13.4 with iCloud Drive folder sharing
Gizmodo: Apple Will Now Let You Buy Apps for Mac and iOS as a Bundled Package
iPhone Hacks: Apple Releases iOS 13.4 and iPadOS 13.4 With iCloud Folder Sharing, Trackpad Support, More
iPhone Hacks: Apple Releases macOS 10.15.4 and tvOS 13.4
iPhone Hacks: Apple Releases watchOS 6.2 with IAP Support, Expands ECG Feature to More Countries
PhoneArena: The latest Safari will protect your privacy by blocking third-party cookies
BusinessLine – Home: Apple updates Safari browser to block third-party cookies
fossBytes: New Apple Privacy Feature Released 2 Years Before Google Promised It For Chrome
iMore: Apple beefs up web security and privacy in iOS 13.4
Techradar: Safari update delivers ‘significant improvement for privacy’
Pocket-lint: Safari now blocks all third party trackers, with Chrome only following in 2022
Engadget: Safari now blocks all third-party cookies by default
iMore: Apple releases iOS 13.4 with iCloud Drive folder sharing
MacDailyNews: Apple releases iOS 13.4
The Apple Post: Apple releases iOS 13.4 with iCloud Drive Folder Sharing, new Memoji, updated Mail app and more
Full Disclosure: APPLE-SA-2020-03-24-7 Xcode 11.4
Full Disclosure: APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
Full Disclosure: APPLE-SA-2020-03-24-5 Safari 13.1
The Register – Security: Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters… and something weird called iTunes for Windows

@1BlockerApp: Safari now fully blocks third-party cookies by default. This is a significant improvement for privacy since it disables login fingerprinting and brings other additional benefits.
@johnwilander: The long wait is over and the latest update to Safari's Intelligent Tracking Prevention is here: Full third-party cookie blocking and more https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/ Safari users, welcome to the future and a safer web!
@johnwilander: This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.
@johnwilander: Second, full third-party cookie blocking removes statefulness in cookie blocking. There were many who raised concerns over ITP's future back in January. Hopefully, they'll now help spread the message that ITP is not only OK, it's leading the way.
@johnwilander: Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you're logged in to and use it as a fingerprint. Not in Safari.
@johnwilander: Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web's original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari.
@johnwilander: Fifth, all script-writeable storage is now aligned with the 7-day expiry Safari already has for client-side cookies. Finally, delayed bounce tracking is now detected and dealt with just like regular bounce tracking. Stay safe everyone, and make sure to use a browser you trust.


Matthew Panzarino / TechCrunch

Matthew Panzarino / TechCrunch  
Apple Updates Privacy Policy for Apple Card to Share More Data With Financial Partner Goldman Sachs

Apple is updating its privacy policy for Apple Card to enable sharing more anonymized data with Goldman Sachs, its financial partner. The company says this move will make it better able to assign credit to new customers. Apple is changing the privacy policy for Apple Card with iOS to share a richer, but still anonymized, set of data with Goldman Sachs to create a new model that it says could expand credit availability to consumers. A fallback option for customers who do not want to opt into the Goldman Sachs data sharing initiative is for Apple to examine the user’s purchase history for Apple products. Apple will now also be adding more detail to its internal transactions.

Related: iDownloadBlog.comMore, PYMNTS.com, Cult of Mac, MacRumors, Gizmodo, The Register

Tweets:@geoffreyfowler


April 3, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Twitter Fixes Glitch That Stored Files and DMs in Firefox Cache for Seven Days

Twitter disclosed a bug on its platform that impacted users who accessed their platform using Firefox browsers, saying that its platform stored private files inside the Firefox browser’s cache, a folder where websites store information and files temporarily. This retention meant that for users who accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading their Twitter data archive or sending or receiving media via Direct Message, that information may have been stored in the browser’s cache even after the user logged out of Twitter. The cache retention was set for seven days. Twitter fixed the problem by ensuring the Firefox browser cache will no longer store users’ personal information.

Related: BleepingComputer.com, Gizmodo, Twitter, Slashdot

Tweets:@EmreSevinc @mike_conley


April 10, 2020
Mark Gurman / Bloomberg

Mark Gurman / Bloomberg  
Apple and Google Form Rare Alliance to Partner on Opt-In COVID-19 Contact Tracing Technology That Will Be Managed by Public Health Authorities

Apple and Google unveiled a rare partnership to add opt-in contact tracing technology to their smartphone platforms that will alert users if they have come into contact with a person with COVID-19, a system has the potential to monitor about a third of the world’s population. The companies said the technology would be deployed in two steps: In mid-May, the companies will add the ability for iPhones and Android phones to wirelessly exchange anonymous information via apps run by public health authorities. The companies will also release frameworks for public health apps to manage functionality. The much longer-term second step entails both companies adding the technology directly into their operating systems so that the contact-tracing software works without having to download an app. The combination of both the massive data caches that both Google and Apple maintain on their users combined with the power of state and local governments has some public interest, privacy and security advocates concerned over privacy and surveillance abuses even if the technology can ultimately save lives.

Related: Financial Times Technology, Daring Fireball, The Apple Post, Android Central, Tom’s Guide, Cult of MacTIME, Fortune, New on MIT Technology Review, iMore, TechCrunch, MacDailyNews, Mercury News, WCCFtech, Pocket-lint, Axios, RT News, SlashGear, iClarified, iPhone Hacks, Tom’s Guide, The Next Web, Gizmodo, Mashable, MacRumors, POLITICO, Tech Insider,  Apple, Google (PDF), Washington Post, The Verge

Tweets:@tim_cook @aslavitt @lukOlejnik @RonDeibert · @ashk4n @natfriedman @kurtopsahl @lukOlejnik @jsnell @fs0c131y @Khanoisseur

Financial Times Technology: Apple and Google join forces to develop contact-tracing apps
Daring Fireball: Draft Technical Documentation for Apple and Google’s Privacy-Preserving Contact Tracing
The Apple Post: Apple and Google partner on new coronavirus contact tracing technology
Android Central : Apple and Google announce partnership to help track COVID-19 infections
Tom’s Guide: Apple and Google teaming up to fight coronavirus with contact tracing
Cult of Mac: Apple and Google team up to build COVID-19 contact tracing apps
TIME: Apple, Google Announce COVID-19 Smartphone Contact Tracing in Rare Partnership
Fortune: Apple, Google bring coronavirus contact-tracing to 3 billion people
New on MIT Technology Review: Apple and Google are building coronavirus tracking into iOS and Android
iMore: Apple and Google announce partnership to help track COVID-19 infections
TechCrunch: Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android
MacDailyNews: Apple and Google team on cross-platform COVID-19 contact tracing tool
Mercury News: Coronavirus: Apple, Google to work on contact tracing tech
WCCFtech: Apple and Google Partner to Launch a Joint COVID-19 Contact Tracing Framework
Pocket-lint: How Apple and Google plan to use your phone to track COVID-19
Axios: Apple, Google team up on coronavirus contact tracing
RT News: Apple and Google debut Bluetooth-based contact-tracing platform to combat Covid-19…and end privacy?
SlashGear: Apple and Google team up to use phones for coronavirus contact-tracing
Axios: Apple, Google team up on coronavirus contact tracing
iClarified: Apple and Google Announce Partnership to Build Contract Tracing Functionality Into iOS and Android
iPhone Hacks: Apple and Google Collaborating on Bringing COVID-19 Contact-Tracing Tech
Tom’s Guide: Apple and Google teaming up to fight coronavirus with contact tracing
The Next Web: Apple and Google team up to build a coronavirus tracking system
Gizmodo: Apple and Google Are Teaming Up to Build Coronavirus-Tracking Tech. Hold Your Applause.
Mashable: Google and Apple team up to support coronavirus contact tracing
MacRumors: Apple and Google Partner on Opt-In COVID-19 Contact Tracing Technology to Be Added to iPhone and Android Smartphones
WCCFtech: Apple and Google Partner to Launch a Joint COVID-19 Contact Tracing Framework
POLITICO: Apple, Google team up on big effort to trace coronavirus cases
Tech Insider: Apple and Google are teaming up to create a way for your smartphone to alert you if you’ve come into contact with someone infected with the coronavirus (AAPL, GOOG, GOOGL)
Apple: Apple and Google partner on COVID-19 contact tracing technology
Google: Contact Tracing (PDF)
Washington Post: Apple, Google debut major effort to help people track if they’ve come in contact with coronavirus
The Verge: Apple and Google are building a coronavirus tracking system into iOS and Android

@tim_cook: Contact tracing can help slow the spread of COVID-19 and can be done without compromising user privacy. We’re working with @sundarpichai & @Google to help health officials harness Bluetooth technology in a way that also respects transparency & consent.
@aslavitt: BREAKING: New infrastructure for contract tracing is coming to our phones using Bluetooth. Strong privacy protections— but I hope EVERYONE opts in for one another. This is time to pull together in new ways. Thank you to @Apple & @Google
@lukOlejnik: Cryptography specification of the Google-Apple contact-tracing API protocol is here (https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf). #COVID?19
@RonDeibert ·: Important observations from @ashk4n on @Apple and @Google plans to roll-out contact tracing apps for #COVID19 . Down pointing backhand index
@ashk4n: BIG MOVE: @Apple and @Google are creating API's to permit health authorities implement 'Contact Tracing' apps that monitor Bluetooth signals and identify whether individuals have been in contact with someone that has been infected by #COVID19 https://washingtonpost.com/technology/2020/04/10/apple-google-tracking-coronavirus/ THREAD:
@natfriedman: Huge thanks to Apple and Google for building privacy-preserving contact tracing into iOS and Android. Tech is emerging as a pillar of civilization and a critical reservoir of competence.
@kurtopsahl: Apple and Google announced a joint Bluetooth based proximity API for contract tracing, to be used by approved apps. Later they will be building this functionality into the underlying iOS/Android platforms.
@lukOlejnik: Will integrate this with their operating systems? "in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms" #COVID?19
@jsnell: Apple has experience with something similar to contact tracing thanks to the new Find My system. Probably gave them a head start. Good to see Apple and Google doing this and emphasizing consent and privacy.
@fs0c131y : Contact tracing apps will not defeat the #Covid19... even with the support of Apple and Google... A contact tracing app is for sure a way to monitor a population, #PrivacyByDesign or not. Don’t give your privacy to your gov or the GAFA against something which is not even working
@Khanoisseur: Apple and Google are partnering on technology for smartphones that will alert users if they’ve come into contact with a person with Covid-19 (but could be useful later for HIV, Ebola and other diseases). People must opt in and “privacy advocates” may fight this.


April 14, 2020
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Over 500,000 Zoom Accounts Gathered Through Credential Stuffing Attacks Are Available for Sale on Dark Web

Over 500,000 Zoom accounts gathered through credential stuffing attacks are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free, according to cybersecurity firm Cyble. The accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations. Cyble was able to purchase approximately 530,000 Zoom credentials for less than a penny each at $0.0020 per account.

Related: Boing Boing, Newsweek, Security Affairs, DataBreaches.net, Lowyat.NET, CyberSecurity Help s.r.o., ITProPortal, PhoneArena, WCCFtech, E-Commerce Times, E-Commerce Times, NDTV, ET news, Ubergizmo, MacRumors, Mashable, The Sun, Gadgets Now, TechNadu, Fast Company, Help Net Security, fossbytes, The Sun, ComputerWeekly: IT security, MobileSyrup.com, How-To Geek, Gizchina.com, Anomali Blog, Deccan Chronicle, BGR,  ibtimes.sg : Top News, WCCFtech, Tech Insider, Gizmodo Australia, BetaNews, Tom’s Guide, Security News | Tech Times, NewsBytes App

Tweets:@TroyHunt

Boing Boing: For sale on the dark web: +500,000 Zoom accounts, some at less than a penny each
Newsweek: More Than 500,000 Zoom Account Credentials Being Sold on Dark Web for Less Than a Penny Each
Security Affairs: 500,000+ Zoom accounts available for sale on the Dark Web
DataBreaches.net: Over 500,000 Zoom accounts sold on hacker forums, the dark web
Lowyat.NET: Over 500,000 Zoom Accounts Compromised And Sold Via Dark Web
CyberSecurity Help s.r.o.: 500,000+ Zoom accounts found for sale on the dark web
ITProPortal: 500,000 Zoom accounts for sale online
PhoneArena: Cybersecurity firm finds more than 500,000 Zoom accounts for sale on the Dark Web
WCCFtech: Over 500,000 Zoom Accounts Have Been Sold or Shared on the Dark Web
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
NDTV : 500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report
ET news: Half a million Zoom accounts sold or gifted by hackers
Ubergizmo: Over 500,000 Zoom Accounts Are Being Sold On The Dark Web
MacRumors: Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums
Mashable: 500,000 Zoom accounts are being sold on the dark web
The Sun: More than 500,000 hacked Zoom accounts are being sold on Dark Web for pennies – change your password now
Gadgets Now: Hackers gave 5 lakh Zoom account credentials for free on Dark Web: Report
TechNadu: Half a Million Zoom Accounts Are Currently for Sale on the Dark Web
Fast Company: Half a million Zoom logins are available on the dark web for less than a cent each
Help Net Security: Will Zoom manage to retain security-conscious customers?
fossbytes : Latest Zoom Security Issue: 500,000 Zoom Accounts Sold On Dark Web
The Sun: More than 500,000 hacked Zoom accounts are being sold on Dark Web for pennies – change your password now
ComputerWeekly: IT security: Coronavirus: Zoom user credentials for sale on dark web
MobileSyrup.com: Zoom to allow paying users choose which data centres route their calls
How-To Geek: Over 500 Million Zoom Accounts Found for Sale on the Dark Web
Gizchina.com: More than 500,000 Zoom accounts have been sold on the dark web by hackers
Anomali Blog: Weekly Threat Briefing: Firefox Zero-Day, CoViper Malware, Loncom Packer, MS-SQL Campaign, and More
Deccan Chronicle: Zoom security woes worsen: 500,000 Zoom accounts sold on dark web, says report
Bgr : Zoom: Over 5 lakh accounts hacked, sold for ‘less than a penny’ on the Dark Web
ibtimes.sg : Top News: More than 500,000 Zoom accounts hacked, sold on the dark web adding to its security woes
WCCFtech: Over 500,000 Zoom Accounts Have Been Sold or Shared on the Dark Web
Tech Insider: Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each
Gizmodo Australia: 500,000 Zoom Account Breaches Reminds Us Not To Be Sloppy With Passwords
BetaNews: Hundreds of thousands of stolen Zoom accounts for sale on hacker forums for next to nothing
Tom’s Guide: Over 500,000 Zoom accounts being sold on dark web: Protect yourself now
Security News | Tech Times: Over 500,000 Accounts on Zoom Are Being Sold on Hacker Forums and the Dark Web
NewsBytes App: Five lakh Zoom accounts are being sold on dark web

@TroyHunt: Another day, another credential stuffing attack: “These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches”


May 5, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
GoDaddy Tells Users That Unauthorized Party Used Their Web Hosting Account Credentials to Connect to Their Hosting Accounts via SSH

Domain registration and web hosting giant GoDaddy notified some of its customers that on October 19, 2019, an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. GoDaddy said it has not yet found any evidence of the attackers adding or modifying any files on the impacted accounts’ hosting. The company said only the hosting accounts were affected as part of the incident, while the main GoDaddy accounts were not accessible to the attackers. GoDaddy reset customers’ passwords, advised customers to check their hosting accounts, and offered one year of Website Security Deluxe and Express Malware Removal at no cost.

Related: ZDNet Security, Reddit – cybersecurity, Security Week, Naked Security, Cyber Kendra, IT Pro, Computer Business Review, GlobalSecurityMag, Techradar, Spyware news, SC Magazine, Security Affairs, The Register – Security, Threatpost, Teiss, Dark Reading: Vulnerabilities / Threats, Computer Business Review, Security Affairs, Infosecurity Magazine, HackRead, Bloomberg, Blog – Wordfence, TechRepublic, Security Brief, Dashlane Blog, Blog – Wordfence, The Register – Security, Threatpost, Gizmodo Australia

ZDNet Security: GoDaddy reports data breach involving SSH access on hosting accounts
Reddit – cybersecurity: GoDaddy reports data breach involving SSH access on hosting accounts
Security Week: GoDaddy Informs Users of Data Breach
Naked Security: GoDaddy – “unauthorized individual” had access to login info
Cyber Kendra: Hackers Access GoDaddy SSH Account through Hosting
IT Pro: GoDaddy admits it fell victim to a data breach in October | IT PRO
Computer Business Review: Domain Registrar GoDaddy Admits to a Data Breach From October
GlobalSecurityMag : GoDaddy confirms data breach – comments from Netwrix
Techradar: Best WordPress hosting 2020
Spyware news: GoDaddy breach: unauthorized attacker gained access to hosting accounts
SC Magazine: GoDaddy takes seven months to discover data breach | SC Media
Security Affairs: GoDaddy discloses a data breach, web hosting account credentials exposed
The Register – Security: GoDaddy breach: SSH file compromise saw 28,000 users’ logins go AWOL with malicious bods
Threatpost: GoDaddy Hack Breaches Hosting Account Credentials
Teiss: GoDaddy confirms October data breach impacted hosting accounts
Dark Reading: Vulnerabilities / Threats: Breach Hits GoDaddy SSH Customers
Computer Business Review: Domain Registrar GoDaddy Admits to a Data Breach From October
Security Affairs: GoDaddy discloses a data breach, web hosting account credentials exposed
Infosecurity Magazine: GoDaddy Suffers Data Breach
HackRead: GoDaddy suffers data breach after hackers access SSH accounts
Bloomberg: GoDaddy Breach Compromised Credentials of 28,000 Customers
Blog – Wordfence: 28,000 GoDaddy Hosting Accounts Compromised
TechRepublic: GoDaddy data breach shows why businesses need to better secure their customer data
Security Brief: GoDaddy reveals widespread data breach
Dashlane Blog: GoDaddy Hacked: Number of Affected Users Unclear
Blog – Wordfence: 28,000 GoDaddy Hosting Accounts Compromised
The Register – Security: GoDaddy breach: SSH file compromise saw 28,000 users’ logins go AWOL with malicious bods
Threatpost: GoDaddy Hack Breaches Hosting Account Credentials
Gizmodo Australia: GoDaddy Was Apparently Hacked Last Year, So Check Your Hosting Account Credentials


Abner Li / 9to5 Google

Abner Li / 9to5 Google  
Google Is Enforcing a New Two-Factor Account Security Measure for Unsecured Nest Users

Google is now starting to enforce a new two-factor account security measure for its Nest cameras, specifically for unsecured Nest users that have not migrated to a Google Account or enrolled in two-factor authentication where a code gets texted. The new mandatory measure is meant to “reduce the likelihood of an unauthorized person accessing your Nest account, even if they have your Nest username and password,” Google said. The tighter security measure comes months after a string of incidents in which hackers gained access to Google rival Amazon’s Ring home security cameras and posted scary videos on the Internet of terrorized homeowners speaking to nameless, faceless voices on their Ring systems.

Related: Tech Advisor – Security, Android Police, MacRumors, The Verge, MobileSyrup, Engadget, Gizmodo, Android Central, Fast Company, Google Nest Help