California lawmakers unanimously passed a new privacy bill on Thursday that would give residents of the state more control over the information businesses collect on them and impose new penalties on businesses that don’t comply. It is the first law of its kind in the United States. The so-called California Consumer Privacy Act of 2018… Read More


Further ReadingFacebook’s Cambridge Analytica scandal, explained [Updated]As Facebook tries to get ahead of public pressure about what the service does and doesn’t track about its users, a patent application has emerged which would enable something that the service’s detractors have long theorized and feared: silently triggered microphones that keep tabs on Facebook users. The patent,… Read More


A little-known Florida company may have exposed the personal data of nearly every American adult, according to a new report. Wired reported Wednesday that Exactis, a Palm Coast, Fla.-based marketing and data-aggregation company, had exposed a database containing almost 2 terabytes of data, containing nearly 340 million individual records, on a public server. That included… Read More


PROPagate is a relatively new code injection technique discovered last November. Back then, a security researcher found that an attacker could abuse the SetWindowSubclass API, a function of the Windows operating system that manages GUIs, to load and execute malicious code inside the processes of legitimate apps. The infosec research community deemed the technique innovative,… Read More


An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system’s distributions that would delete user files. Thankfully, the malicious code fails to trigger properly and users’ files remain safe. How the hacker gained access to Gentoo’s GitHub account still remains a… Read More


The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers. The company said it’s still investigating the breach with law enforcement and security firms. The sportswear company did not include a tally of affected customers,… Read More


The change was not only in name but also in the ransomware’s modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility. The purpose of DBGer incorporating Mimikatz is for lateral movement inside compromised networks.… Read More


Are bitcoin and ether securities? Finally, one of the biggest questions and debates in crypto has been answered by the SEC, officially. In an announcement at Yahoo Finance’s All Market Summit: Crypto in San Francisco on Thursday,the U.S. Securities and Exchange Commission Director of Corporate Finance William Hinman said that the commission would not be… Read More


Seventeen malicious Docker containers earned cryptomining criminals $90,000 in 30 days in what could be a harbinger of things to come. The figure may seem tame compared to some of the larger paydays that cryptojackers have earned. But, researchers at Kromtech Security Center warn containers are shaping up to be the next ripe target for… Read More


The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users’ servers for the past year. The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their… Read More