Facial recognition company Clearview AI hit by data theft The controversial facial recognition company Clearview AI has notified its customers that a bad actor had “gained unauthorized access” to its entire customer list, which includes some of the most powerful law enforcement agencies in the United States. According to the notification obtained by the Daily Beast, the stolen information includes customer names, the user… Read More
FBI Says $140+ Million Paid to Ransomware Through the analysis of collected ransomware bitcoin wallets and ransom notes, the FBI states that victims have paid over $140 million to ransomware operators over the past six years. At the RSA security conference this week, FBI Special Agent Joel DeCapuaexplained how he used bitcoin wallets and ransom notes that were collected by the FBI,… Read More
Clearview AI loses entire database of faceprint-buying clients to hackers Clearview AI, the controversial facial recognition startup that’s gobbled up more than three billion of our photos by scraping social media sites and any other publicly accessible nook and cranny it can find, has lost its entire list of clients to hackers – including details about its many law enforcement clients. Source: sophos… Read More
FBI recommends using passphrases instead of complex passwords FBI suggests using longer passwords combining multiple words into a long string of at least 15 characters instead of short passwords with special characters Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity. The recommendations are part of the Protected Voices… Read More
European Commission has chosen the Signal app to secure its communications The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications. The news was first reported earlier this month by the Politico website, a message issued on the commission’s internal messaging boards asked employees of the European Commission to use Signal. Of course, Signal have to… Read More
Zyxel 0day Affects its Firewall Products, Too On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch… Read More
123 Million Records Leaked by Decathlon It was reported yesterday that French sporting retail giant Decathlon leaked over 123 million records through an improperly secured ElasticSearch server, leaving customer and employee details exposed. The leak was spotted by security researchers Noam Rotem and Ran Locar at VPNmentor on 12th February, Decathlon were notified four days later, the leak was investigated, and… Read More
Kr00k Wi-Fi Encryption flaw affects more than a billion devices A high-severity hardware vulnerability, dubbed Kr00k, in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k, that affects Wi-Fi chips manufactured by Broadcom and Cypress. The vulnerability could have a severe impact on the IT sector, the… Read More
After blowing $100m to snoop on Americans’ phone call logs for four years, what did the NSA get? Just one lead The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m – and resulted in just one useful lead over four years. That’s the upshot of a report [PDF] from the US government’s freshly revived Privacy and Civil Liberties Oversight Board (PCLOB). The… Read More
Android malware can steal Google Authenticator 2FA codes A new version of the ‘Cerberus’ Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts. Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication… Read More