Dec. 9, 2018
Ericsson has confirmed that a fault with its software was the source of yesterday’s massive network outage, which took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries. In a statement, Ericsson said that the root cause was an expired certificate, and that ‘the faulty software that has caused these issues is being decommissioned.’ The statement notes that network services were restored to most customers on Thursday, while UK operator O2 said that its 4G network was back up as of early Friday morning.
Sep. 21, 2018
Canadian retailer NCIX filed for bankruptcy and closed 10 months ago. They were the premiere PC hardware retail store in Canada and even did a sizable business on the other side of the border. However, as Travis Doering of Privacy Fly found out, the company did not go quietly away without doing some damage to their customer’s security first.
Doering recounts meeting up with a Craigslist seller claiming to have NCIX’ Database servers for only $1500 CAD. This includes a Database Server from NCIX and a Database Reporting Server, allegedly legally obtained via Able Auctions. Prior to NCIX shutting down, their assets were sold off through this company.
Jun. 13, 2018
In Florida, the site of recent mass shootings such as at the Stoneman Douglas High School and the Pulse nightclub, more than a year went by in which the state approved applications without carrying out background checks. This meant the state was unaware if there was a cause to refuse a licence to allow somebody to carry a hidden gun – for example, mental illness or drug addiction. The reason is dismayingly banal: an employee couldn’t remember her login.
May. 22, 2018
The mobile app, TeenSafe, bills itself as a ‘secure’ monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re calling and when, access their web browsing history, and find out which apps they have installed. Although teen monitoring apps are controversial and privacy-invasive, the company says it doesn’t require parents to obtain the consent of their children. But the Los Angeles, Calif.-based company left its servers, hosted on Amazon’s cloud, unprotected and accessible by anyone without a password.
May. 12, 2018
EE, the largest cell network in the UK with some 30 million customers, has secured a critical code repository after a security researcher found anyone could log in with the default username and password. An anonymous security researcher, who goes by the handle Six and is founder of Project Insecurity, discovered a Sonarqube portal on an EE subdomain, which the cell giant uses to audit the code and discover vulnerabilities across its website and customer portal. But EE hadn’t changed the default password on the the downloadable portal software — ‘admin’ for both the username and password.
May. 9, 2018
Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers. At worst, miscreants can, potentially, ‘gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine. The vulnerabilities can be exploited by malware running on a computer, or a malicious logged-in user.
May. 6, 2018
On Friday, the Nuclear Regulatory Commission announced that Idaho State University may face an $8,500 fine after losing one gram of weapons-grade plutonium. Although this quarter-sized amount of plutonium is nowhere near enough to make a nuclear weapon, it is enough to make a dirty bomb that spreads radiation, according to the Associated Press.
Source: vice.com
May. 4, 2018
According to thebroadcaster ABC, the data were supposed to have been destroyed when a sub-contractor after the dismantled a data centre. The sub-contractor did not provide the bank the documentation to confirm this the disruption of the magnetic data tapes, anyway the bank tried to downplay the situation confirming that the records don’t include passwords, PINs or other financial or sensitive information.
Mar. 2, 2018
A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates.
Source: arstechnica.com