Search Results for “ZDNet”

May 13, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Misconfigured Elasticsearch Database Exposed Sensitive Records on Around 4 Million Panamanian Health Care Patients Reflecting Virtually All of the Country’s Citizens

A huge cache of data on a misconfigured Elasticsearch cluster exposed 3,427,396 records containing sensitive personal information on Panama citizens with “patient” labels, together with another 468,086 records labeled as “test patients, was discovered by security researcher Bob Diachenko. The roughly 3.5 million records Diachenko found contained a wide variety of information, ranging from the “patients” full names, dates of birth, national ID numbers, and addresses to their medical insurance numbers, e-mails, and phone numbers. Assuming there are not a substantial number of duplicates in the database, the 3.9 million records could represent nearly 97% of Panama’s 4.1 million population. Diachenko notified CERT Panama of the exposure and within 48 hours the database had been secured.

May 20, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Adding Recovery Phone Numbers to Google Accounts Can Block 100% of Automated Bots, 99% of Bulk Phishing Attacks and 66% of Targeted Attacks, Researchers

Adding a recovery phone number to Google accounts can in nearly every case prevent the most common kind of mass-scale attacks according to research conducted by Google with help from New York University and the University of California, San Diego. The research showed that simply adding a recovery phone number to a Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks. The researchers examined the use of recovery phone numbers during an investigation which looked into 350,000 hijacking attempts on 1.2 million users across Google’s 14 different login challenges. The year-long study, on wide-scale attacks and targeted attacks, was presented at a gathering of experts, policy makers, and users called The Web Conference.

May 13, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Hackers Can Exploit Two Flaws in Cisco’s 1001-X Router Used by Institutions to Take Over Any Router and Compromise Data, Commands Flowing Through It

The Cisco 1001-X router, which serves as the central hub for reliable connectivity at stock exchanges, corporate offices, and other big establishments has two vulnerabilities that hackers can exploit via a remote hack to take over any router, and compromise all the data and commands that flow through it, researchers at Red Balloon Security discovered. The first flaw is a bug in Cisco’s IOS operating system (not the same as Apple’s iOS) which would allow a hacker to remotely obtain root access to the devices. The second, more serious. vulnerability, dubbed Thangrycat, is a flaw in a Cisco security feature known as Trust Anchor, a “secure enclave” that allows hackers to bypass Cisco’s security feature but permit Trust Anchor to still report that the device is trustworthy. Cisco has released a patch for the iOS remote control vulnerability but says fixes are still months away from release with no workarounds.

Related: Thrangrycat, Cisco,ZDNet Security, Dark Reading: Vulnerabilities / Threats, Business Wire, Help Net Security, The Register – Security, CISO MAG, IT Pro, DataBreachToday.comThe Hacker News, Sensors Tech Forum

Chance Miller / 9to5Mac

Chance Miller / 9to5Mac  
Twitter Discloses ‘Bug’ That Caused It to Inadvertently Share iOS Location Data With ‘Trusted’ Partner

Twitter has disclosed a bug that caused it to inadvertently collect and share iOS location data with a “trusted partner.” Specifically, if a Twitter user used more than one account on Twitter for iOS and opted into using the precise location feature in one account, Twitter says it may have accidentally collected location data when for any other user account(s) on that same device for which the user had not turned on the precise location feature. The partner did not receive data such as the user’s Twitter handle or other unique account IDs that could have compromised user identities on Twitter. Moreover, Twitter said its plan to remove location data from the fields sent to the partner during an advertising process known as real-time bidding did not happen as planned but that it “implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city.”

Related: Twitter, Engadget, The Mac Observer, The Hill, TechCrunch, iTnews – Security, Slashdot, Daily Dot, Cyberscoop, Cyber Kendra,, Threatpost, ZDNet Security, AppleInsider,  iPhone Hacks, Threatpost

Julian Bajkowski / IT News

Julian Bajkowski / IT News  
Over Ten Million People in Australia Were Hit By Notifiable Data Breaches in Recent Quarter, Measurement Ceiling Bumped Up Due to Marriott Breach

The Office of the Australian Information Commissioner (OAIC) was forced to lift the ceiling on its quarterly notifiable data breaches report, adding a new increment of 10+ million Australian affected by data breaches, a range that had previously topped out at 1,000, 000 to 10,000,000. The expansion of the range was due to the massive Marriott customer data hack that hit around 500 million people globally at the end of 2018. However, for the quarter ending March 31st 2019 notifiable data breach notifications in Australia landed at 215 compared to 262 for the previous quarter, statistics that are not that illuminating given that majority of data breaches in the period involved the personal information of 100 individuals or fewer (68 percent of data breaches).

Related: ZDNet Security, IT Wire, ARN, : Top News, The Register – Security, CSO Online, OAIC

March 28, 2018
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
FBI Put Little Effort into Unlocking San Bernardino Shooter’s iPhone Until ‘Eve’ of Public Fight with Apple, OIG

The FBI could have done more itself to try to unlock the iPhone of the San Bernardino shooter before it launched a public legal battle against Apple to force the Cupertino giant to unwillingly unlock the device, a report from the Department of Justice Office of Inspector General (OIG) said. In 2016, the FBI under Director James Comey engaged in a high-profile fight over encryption with Apple after the Bureau claimed it could not unlock the shooter’s phone, saying it had no technical way to gain access to the phone’s contents. However, the OIG’s report says the FBI didn’t attempt to work with technology vendors on a solution until the “eve” of a February 16, 2016 lawsuit against Apple nor did two tech teams charged with finding a solution communicate with each other until late in the fight. After retreating in the face of Apple’s defiance, the FBI ultimately found a vendor to hack into the shooter’s phone.

Related:  Washington Post World, Associated Press, Axios, TechCrunch, WCCFtech, ZDNet Security, Mercury News Tech InsiderMacRumors, The Hill: CybersecuritySlashdot, Reuters, DOJ OIG (PDF)

Sheera Frenkel / New York Times

Sheera Frenkel / New York Times  
Facebook to Roll Out Centralized Security and Privacy System Following Brutal Criticism, Stock Price Plummet

In response to the recent massive controversy over its security and privacy policies, which has seen its company lose tens of billions in stock market value, Facebook said it will roll out a centralized system for its users to control their privacy and security settings. The new system, to be rolled out globally over the coming weeks, will allow people to change their privacy and security settings from one central location rather than having to go to roughly 20 separate sections across the social media platform.  The new section will let users know the personal information the social network keeps on them, such as their political preferences or interests, and download and review a file of data Facebook has collected about them. Facebook will also clarify what types of apps people are currently using and what permissions those apps have to gather their information in addition to allowing users to opt out of sharing certain traits. Facebook also plans to clarify what information is collected by third-party apps that plug into Facebook as well as provide the ability to delete the apps.

Related: Re/code, Axios, CNBC Technology, Mashable, Investor’s Business Daily, USA Today,, iAfrikan, Inc.comSecurityWeek,, Freedom to Tinker, The SunFortune, TechCrunch, Mashable, Tech Insider, News : NPRSouth China Morning PostThe Sun, Memeburn, Tech InsiderCBC , Courthouse News Service, TribLIVE, Sputnik InternationalStars and Stripes, FOX News, ReutersTelecompaper Headlines,, App Advice,, Los Angeles Times, Gizmodo,  Reuters, TechradarTribLIVE, Star Tribune, QuartzNeowin,, ZDNet, Tech Insider, Quartz, Engadget, Mercury News, Bloomberg, Gizmodo, The Next Web, CNBC TechnologyGadgets Now, iPhone HacksThe HillSputnik International, Inverse, Pacific Standard – Medium, The Verge, SecurityWeek, TechWeekEurope UKCNET News, SlashGear, The Financial Express,,, TIME

Re/code: Facebook is making it easier to see all the personal data it collects about you
Axios: Facebook puts privacy settings front and center
CNBC Technology: Facebook is making data settings and privacy tools easier for users to find
Investor’s Business Daily: Facebook Revises Privacy Tools To Give Users More Control Over Data
USA Today: Facebook changes its privacy setting: What you need to know Facebook Says “It’s Time” Its Privacy Tools Are Easier To Find
iAfrikan: Facebook now has a central place to view and edit all your privacy settings How Facebook Is Going to Change Everything Again
SecurityWeek: Facebook Announces New Steps to Protect Users’ Privacy Take charge of privacy: Make accounts on Facebook, WhatsApp & Google safe
Freedom to Tinker: When The Choice Is To Delete Facebook Or Buy A Loaf Of Bread
The Sun: Facebook has new privacy settings – here’s how you can use them
Fortune: Facebook Is Making It Easier for Users to See Their Data – and Delete It – as Criticism Grows
TechCrunch: It was not consent, it was concealment 
Mashable: After you-know-what, Facebook is making its privacy settings easier to find
Tech Insider: How to find the little-known ‘kill switch’ that lets you use Facebook with the maximum amount of privacy (FB)
News : NPR: Facebook Changes Privacy Controls As Criticism Escalates
South China Morning Post: Amid global outcry, Facebook will introduce new features allowing users to download and delete their data
The Sun: Facebook has new privacy settings – here’s how you can use them
Memeburn: Too little too late? Facebook tweaks its Privacy Settings, adds ‘Access Your Information’ page
Tech Insider: Facebook is overhauling its privacy settings in response to the Cambridge Analytica scandal (FB)
CBC : Facebook beefs up privacy tools as scrutiny heightens
Courthouse News Service: Facebook Revamps Privacy Tools as Tighter EU Rules Draw Near
TribLIVE: Facebook launches easier access to privacy tools
Sputnik International: Facebook Introducing New Privacy Tools for Better Control of Personal Data
Stars and Stripes: Facebook makes its privacy controls simpler as company faces data reckoning
FOX News: Facebook data scandal prompts redesign of settings, privacy pages
Reuters: Facebook to introduce new privacy controls in wake of data scandal
Telecompaper Headlines: Facebook updates privacy settings, plans new terms of service Facebook Says “It’s Time” Its Privacy Tools Are Easier To Find
App Advice: What Facebook Knows About You May Be Surprising and Disturbing Facebook is making its privacy settings easier to find
Los Angeles Times: Under attack, Facebook unveils new ways to find privacy shortcuts
Gizmodo: Facebook Says It’s Putting All Your Privacy Settings in One Place, Which It Was Going to Do Anyway, So There
Reuters: Facebook tweaks privacy tools to ease discontent over data leak
Techradar: Facebook overhauls privacy settings following Cambridge Analytica scandal
TribLIVE: Facebook launches easier access to privacy tools
Star Tribune: Facebook says it’s making privacy settings easier to navigate
Quartz: Facebook is rushing out a new design for privacy settings
Neowin: Facebook pushes new privacy tools it has been working on “for some time” Facebook overhauls its privacy tools and makes them easier to find
ZDNet: Facebook’s new privacy settings: Look out for these shortcuts, data delete options
Tech Insider: Facebook gains after announcing new privacy tools (FB)
Quartz: Facebook is cutting its terrible privacy settings down to one screen
Engadget: Facebook is making it easier to delete your data
Mercury News: Facebook revamps privacy settings menu in response to outcry
Bloomberg: Facebook Revamps Privacy Settings Menu in Response to Outcry – Bloomberg
Gizmodo: Facebook Says It’s Putting All Your Privacy Settings in One Place, Which It Was Going to Do Anyway, So There
The Next Web: Facebook makes its privacy tools easier to find
CNBC Technology: Facebook is making data settings and privacy tools easier for users to find
Gadgets Now: Facebook has a new plan to make your data safe
iPhone Hacks: Facebook Makes It Easier To Find Its Privacy Tools
The Hill: Facebook controversy stokes digital privacy debate
Sputnik International: India Issues Notice to Facebook Over Cambridge Analytica Data Breach – Ministry
Inverse: Facebook Is Getting a New Privacy Tool After Scandals: What to Know
Pacific Standard – Medium: PS Picks: The Reporting on Cambridge Analytica and How Facebook Doesn’t Protect Your Privacy
The Verge: Facebook responds to privacy crisis by making privacy tools easier to find
SecurityWeek: Facebook Announces New Steps to Protect Users’ Privacy
TechWeekEurope UK: Facebook Tweaks Privacy Tools After Cambridge Analytica Scandal
CNET News: Facebook now lets you scrub your data — for real this time – CNET
SlashGear: Facebook privacy settings finally get a long-needed update
The Financial Express: Cambridge Analytica data scandal effect? Facebook privacy settings revamped Facebook makes changes to privacy features amid data scandal Facebook Has Played Us All
TIME: Facebook Just Revealed 3 Major Changes to Its Privacy Settings

May 10, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
Unhackable USB Stick eyeDisk Shows It’s Hackable, Wireshark Analysis Revealed Password in Plain Text

A USB stick dubbed eyeDisk that uses iris recognition to unlock the drive claims to be “unhackable” but was shown to reveal the device’s password in plain text when using the popular network packet analyzer known as Wireshark, David Lodge of Pen Test Partners reports. When Lodge activated the packet sniffing, he saw his password in plain text along with another “16-byte hash, which is about the right size for md5 and doesn’t match the hash of the password, so it could be the iris hash.

May 9, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
U.S. Prosecutors Bring Charges Against Chinese National for His Role in Hacking Large Businesses, Allege He Was Involved in 2015 Anthem Data Breach

U.S prosecutors have brought charges against a Chinese national, Fujie Wang, for his alleged involvement with an “extremely sophisticated hacking group” operating in China which targeted large businesses in the United States, including a computer intrusion and data breach of Indianapolis-based health insurer Anthem which occurred in 2015 and which resulted in the theft of 78.8 million records. The four-count indictment alleges that Wang and other unnamed members of the hacking group, including another individual charged as John Doe, began in February 2014 to gain entry to the computer systems of Anthem and three other U.S. businesses, identified in the indictment as Victim Business 1, Victim Business 2 and Victim Business 3, installing malware and tools on the compromised computer systems to further compromise the computer networks of the victim businesses so that they could better identify the personally identifiable information they wished to steal.

Related: Wall Street Journal, CNET,,,Threatpost, CNET News, New York Times,, Reuters, Dark Reading: Attacks/Breaches, Channel News Asia, Digital Journal, ZDNet Security, Cyberscoop, The Hill: Cybersecurity, OODA Loop, The Hacker News, The Register – Security, South China Morning Post, POLITICO, AP Breaking News, – Software Industry News, TIME,, Ars Technica

Wall Street Journal: Chinese National Indicted on Hacking Charges Related to Anthem Breach
CNET: Justice Department indicts Chinese hackers allegedly behind Anthem breach Member of Sophisticated China-Based Hacking Group Indicted for Series of Computer Intrusions, Including 2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78 Million People Member of Sophisticated China-Based Hacking Group Indicted for Series of Computer Intrusions, Including 2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78 Million People
Threatpost: Chinese Hackers Behind 2015 Anthem Data Breach Indicted
New York Times: Two From China Are Charged in 2014 Anthem Data Breach Chinese national indicted on hacking charges in Anthem breach
Reuters: U.S. charges Chinese national in hacks of Anthem, other businesses
Dark Reading: Attacks/Breaches: US DoJ Indicts Chinese Man for Anthem Breach
Channel News Asia: US indicts Chinese hackers over giant 2015 data breach
Digital Journal: US indicts Chinese hackers over giant 2015 data breach
ZDNet Security: US charges one of the Anthem hackers
Cyberscoo0p : Chinese national indicted for 2015 Anthem breach
The Hill: Cybersecurity: Chinese nationals indicted for Anthem data breach, other cyber intrusions into U.S. companies
OODA Loop: Justice Department charges Chinese hacker for 2015 Anthem breach
The Hacker News: U.S. Charges Chinese Hacker For 2015 Anthem Data Breach
The Register – Security: Uncle Sam accuses Chinese pair of romping through Anthem’s servers for almost a year
South China Morning Post: Chinese ‘hacker’ Wang Fujie who obtained details of 78 million people is charged in US with ‘one of the worst data breaches in history’
POLITICO: Chinese nationals charged for Anthem hack, ‘one of the worst data breaches in history’
AP Breaking News: 2 Chinese men indicted for hacking Anthem, 3 other companies – Software Industry News: The Wall Street Journal: Feds indict Chinese national on hacking charges, including 2015 Anthem data theft
TIME: A Smackdown in the Kennedy Clan Summons Up the History of Presidents and Vaccines Feds Charge Chinese National With 2015 Anthem Data Breach
Ars Technica: Feds charge Chinese national in 2015 breach of health insurer Anthem

Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Hacking Collective ‘Fxmsp’ Is Actively Marketing Data Breaches at Three U.S. Antivirus Vendors

A collective of Russian and English-speaking hackers that calls itself “Fxmsp” is actively marketing the spoils of data breaches at three US-based antivirus software vendors, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed. Fxmsp is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. Fxmsp had managed to steal source code that included code for antivirus agents, analytic code based on machine learning, and “security plug-ins” for Web browsers, according to the researchers.