Call 01865 845 700
Google+ account Linkedin account Twitter account YouTube account


MAY 21st 2018
BBC News



Children's phone data exposed on cloud server

The Apple and Android IDs of more than 10,000 children were left unprotected on Amazon cloud servers for months, reports ZDNet.

The data was found on one server run by Teensafe, which makes an app parents can use to monitor and control their child's phone use.

Also exposed were plaintext passwords, parents' email addresses as well as device names and unique identifiers.

The company shut the server down when it was told data was being exposed.

"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," Teensafe told ZDNnet.

The app maker has not yet responded to a request for a statement from the BBC.

The data-exposing server was found by security researcher Robbie Wiggins, who has previously found thousands of similarly misconfigured machines on Amazon Web Services.

MAY 21st 2018
The Register



Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole

Design blunder exists in Intel, AMD, Arm, Power processors

A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers.

These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances.

Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 (CVE-2018-3639) was disclosed by Microsoft and Google researchers.

MAY 21st 2018
BBC News



Greenwich University fined £120,000 for data breach

The University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner.

The fine was for a security breach in which the personal data of 19,500 students was placed online.

The data included names, addresses, dates of birth, phone numbers, signatures and - in some cases - physical and mental health problems.

It was uploaded onto a microsite for a training conference in 2004, which was then not secured or closed down.

In 2013 it was compromised and the information, which had been published alongside committee meeting minutes, was posted elsewhere.

In some cases it included individual students' study progress, including reasons why they had fallen behind, and copies of emails between them and staff.


MAY 21st 2018
SC Magazine



Securus hacked after reports cops used it for tracking location

A hacker swiped 2,800 logins and passwords from Securus, the company that US Senator Ron Wyden recently pilloried for letting law enforcement track phones..

The hacker at the very least snatched a spreadsheet that housed the data, according to Motherboard report.

The breach occurred on the heels of Wyden asking the US Federal Communications Commission (FCC) to investigate the wireless carriers that allow law enforcement to have “unrestricted access to the location data” of their customers after a former Missouri sheriff was indicted for, among other things, tracking the cell phones of numerous persons, including some state troopers, without the benefit of a court order. 

“This breach is another example of how supply-chain partners can impact your risk posture. There's a high likelihood that the credentials used by law enforcement for their Securus login are also used in other places by the same individuals,” said Tim Erlin, vice president of product management and strategy at Tripwire. “That means the accessed data is valuable not only as standard ‘personal data,' but potentially for access to law enforcement services.”

MAY 14th 2018
BBC News



PGP: 'Serious' flaw found in secure email tech

A widely used method of encrypting emails has been found to suffer from a serious vulnerability, researchers say.

PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive email.

Details about the vulnerability were released by the Suddeutsche Zeitung newspaper prior to a scheduled embargo.

Previously, the Electronic Frontier Foundation (EFF) had advised immediately disabling email tools that automatically decrypted PGP.

The problem had been investigated by Sebastian Schinzel, at Munster University of Applied Sciences.

After the embargo on releasing details about the vulnerability was lifted, Mr Schinzel and colleagues published their research revealing how the attack on PGP emails worked.

A website explaining the issue has also now been made public.

MAY 14th 2018
The Register



Wah, encryption makes policing hard, cries UK's National Crime Agency

Ever since Snowden it's been the default - report

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

"Since 2010, communication service providers have migrated to encrypted services 'by default', a process that accelerated following the Snowden disclosures," said the National Strategic Assessment of Serious and Organised Crime 2018.

"Now, the majority of internet traffic is encrypted and publicly available mobile device apps offer end-to-end encryption as standard."

Although the report acknowledged this meant enhanced privacy for users, the NCA warned the use of encryption "is impacting on law enforcement's ability to collect intelligence and evidence".

MAY 14th 2018
SC Magazine



ISO to introduce privacy standards for consumer goods

The ISO has brought together a team of privacy experts to develop the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service.

Cyber-security professionals have long been lamenting the lack standards in consumer goods accessing the internet, bringing vulnerabilities that undermine the data security of the individual and their employers.

Consequently the International Standards Organisation (ISO) has brought together a team of privacy experts to develop the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service, intended to offer protection throughout the whole life cycle. The new ISO project committee, ISO/PC 317, Consumer protection: privacy by design for consumer goods and services, will develop guidelines that are intended to both enforce compliance with regulations and generate greater consumer trust.

International privacy expert Dr Ann Cavoukian, in a video address at the ISO workshop “Consumer protection in the digital economy”, in Bali, Indonesia, last week, commented, referencing GDPR, saying, “Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy,” she added. “Prevention is needed.”

MAY 11th 2018
BBC News



Record $120m fine for nuisance robocalls

A man has been fined a record-breaking $120m (£88m) for making more than 90 million automated marketing telephone calls in the US.

Miami salesman Adrian Abramovich was accused of trying to sell holidays and timeshare properties with the unsolicited robocalls.

The fine is the largest the Federal Communications Commission (FCC) has ever issued.

Mr Abramovich said he had not intended to "defraud or cause harm".

But FCC chairman Ajit Pai said in a statement that the defence "isn't very convincing".

"Mr Abramovich doesn't dispute that he was responsible for placing 96,758,223 robocalls during a three-month period in 2016," he said.

"He doesn't dispute that all these robocalls were made without the recipients' consent."

MAY 8th 2018


UK Manufacturers Top Attack Target For Cyber Crooks

Study from NTT Security also finds ransomware infections grew by 350 percent last year

Manufacturing was the sector most attacked by cyber-criminals in the UK last year, a report from NTT Security has found, mirroring warnings from other agencies including the UK’s National Cyber Security Centre (NCSC) .

The firm’s Global Threat Intelligence Report 2018 found that finance was the most targeted sector worldwide, accounting for 26 percent of attacks, including ransomware, phishing denial-of-service and other techniques.

Banks were notably hit by denial-of-service attacks from the Webstresser and IoTroop botnets, among others, during the period covered.

In the UK, the manufacturing sector was hit by almost half of all attacks, at 46 percent, double the figure for attacks on manufacturing across the EMEA region.

May 8th 2018
The Register


Social networks have already violated the spirit of GDPR

Closing off researchers’ access to APIs in the name of ‘safety’ means we’ll never know how we’re being screwed

Every morning in recent weeks and for a couple more we’ll wake up to the same slew of emails from online services touting their new terms and conditions, and their “better for our users” privacy arrangements. Before thanking them it might be wise to consider the broader context for these unexpected acts of customer-focused kindness.

None of this has anything to do with the recent grilling Mark Zuckerberg received before the US Congress, an exercise that mostly revealed how few senators even knew the right questions to ask of the billionaire who enriches himself by eroding the privacy of others. Zuckerberg remains the walking, talking proof of Honoré de Balzac’s observation, “Behind every great fortune lies a great crime.”

The European Union, more aware of the dimensions of this theft than its counterparts in the USA, have passed a strict set of laws, together known as the General Data Protection Regulation (GDPR).

May 7th 2018
BBC News


Information watchdog seeks Cambridge Analytica data

Cambridge Analytica has been ordered to turn over information it has on US citizen David Carroll by the UK's data protection watchdog.

The data demand stems from legal action by Prof Carroll, who wants to know what information the firm holds on him.

The company is at the centre of a row over the way it grabbed data on millions of Facebook users.

Cambridge Analytica could face a steep fine if it does not comply before a 30-day deadline expires.

Political views

Prof Carroll - an associate professor at Parsons School of Design in New York - was prompted to find out what information it had gathered about him when it emerged that Cambridge Analytica had built up profiles of 240 million Americans.

MAY 4th 2018
SC Magazine


Multiple flaws in TP-Link EAP controller could give hackers free-rein

Privilege escalation and cross-site scripting vulnerabilities discovered allowing WiFi network takeover and with mitigations for all vulnerabilities difficult, patching is required.

Security researchers have found several flaws in software from TP-Link that could enable attackers to take over a Wi-Fi network.

According to a blog post by Core Security, the flaws exist in TP-Link's EAP Controller. This is software that enables organisations to manage wireless access points for a central console.

Vulnerabilities were found in the EAP Controller management software, allowing privilege escalation due to improper privilege management in the web application. Due to the use of a hard-coded cryptographic key the backup file of the web application can be decrypted, modified and restored back.

Also, the web application does not have Cross-Site Request Forgery protection and finally, two stored Cross Site Scripting vulnerabilities were found.

missed out on the news? check out the NEW ARCHIVE
  © Quadsys 2014  -  Site Map  |  Privacy Policy  |  Terms of Use  |  Cookies Information  
Cookies in Use