Twitter May 2016


Return to Twitter Index page

May 31, 2016  20160531-justiceA federal appeals court find that just labeling a clause “mandatory arbitration” does not make it “legal”. Class action ability for wage-and-hour violation was preserved in one district.  Story  Tweet

May 31, 2016  The laws regarding privacy, breach reporting and more for many countries around the world via an excellent web interface. Also downloadable for one country or all to PDF. Great stuff.  Story  Tweet

May 30, 2016  20160530-bairAnswers to the questions you really want answered, presented in an attractive format, call to you. Is it real or a siren song leading to malware?  Story  Tweet

May 30, 2016  Almost 80% of the US owns a smartphone.  Story  Tweet

May 30, 2016  Tumblr/Yahoo management say its no big deal, but some of your accounts were hacked in 2013. The data is out there and we just won’t mention how many. Other cyber security people found over 65 million accounts were exposed for years!  Story  Tweet

May 29, 2016  20160529-myspaceMySpace hacked exposing 360 million records taking 2016 exposures to date to 1.2 billion. Previous high was 2014 with 1.4 billion for the whole year. (chart). Story  Tweet

May 29, 2016  Pakistan’s #1 real estate web site hacked exposing an unknown number of registered users. Hacker reported weakness to them, but they didn’t “take it seriously”.   Story  Tweet

May 29, 2016  20160529-4Multiple grabs for power (or reducing consumer protections) that are pretty much missing from today’s “news”

Your email getting grabbed without a warrant. Story  Tweet

FCC ability to enforce net neutrality rules, gutted. Story  Tweet

Your cell phone hacked by public charging stations. Story  Tweet

Cybersecurity: wireless hack #1 … in 1903. Story  Tweet

May 29, 2016  Bad enough having an account hacked, but being turned into a PornBot?  Story  Tweet

May 28, 2016  20160526-goxBitcoin exchange Mt. Gox bankruptcy reveals numbers that just don’t add up by trillions of US dollars. Even reducing the difference by an order of magnitude the vanished value makes Madoff look like a rounding error.   This Update  Start of Story  Tweet

May 27, 2016  Another bank heist via SWIFT in 2013 not disseminated to the public or the banking community.  This Update  Start of Story  Tweet

May 27, 2016  AES-256 encrypted drives can be brute-forced. Surprise!   Story  Tweet

May 27, 2016  You highlight something on a web page and copy it, but is what wound up in your copy buffer only what you think you saw? Ah, maybe not so much.  Story  Tweet

May 27, 2016  USB charger is more than meets the eye. Not a Transformer, but a wireless snooper.  Story  Tweet

May 27, 2016  Cookies are so yesterday. How about tracking how your computer processes a sound to create a fingerprint and track you over 800,000 of the most commonly used domains including Google, Facebook, Yahoo and Twitter?   Story  Tweet

May 26, 2016  Cars getting ransomware via the computer-based equipment at the mechanic and entire fleets of cars being held for ransom.  This Update  Start of the Story  Tweet

May 26, 2016  When do you get told your information has been exposed? The EU gives companies 72 hours to make a disclosure or face stiff (very stiff) fines. The US has two draft bills, both out of committee, which are pale imitations and are unlikely to reach the House floor anytime soon let alone pass the Senate.  This Update  Start of the Story  Tweet

May 26, 2016  Using gestures as security has been successfully spoofed with a Lego robot continuing to make biometric security questionable.  This Update  Start of Spoofing  Biometrics  Tweet

May 25, 2016  New point of sale skimmers are overlaid in seconds. Could you spot one as it clones your card information?  Story  Tweet

May 24, 2016  20160524-swiftThe CEO of SWIFT bank transfer system is expected to announce the apparent: More banks were victims of theft via the SWIFT system than previously acknowledged. Well, uh-DUH!  This Update  Start of the Story  Tweet

May 24, 2016  20160524-rawlsNot convicted, not even charged, one man remains in jail for an eight month. Perhaps improperly, a judge used the All Writs Act to compel him to unlock storage devices using his passcode. In those drives there may be evidence he committed a crime. There was no evidence in three other devices. One judge ruled the 5th Amendment protects him from proving the passcode. Three days later another didn’t. Could this happen to you? Why you should turn off fingerprint=passcode functions.  The Whole Story  Tweet1  Tweet2

May 24, 2016 Update  Noodles & Company may have been hacked for months before consumers were notified.  This Update  Start of the Story  Tweet

May 23, 2016  The Great Swiss Bank Heist that itself stayed secret for years. How a bank siphoned funds representing a considerable amount of other nation’s tax base and either caused, or exacerbated, the collapse of national economies.   Story  Tweet

May 23, 2016  In under 3 hours, 1,600 cards made from stolen data, were used by 100+ crooks to obtain yen equivalent of $13M from ATMs in Japan.  Story  Tweet

May 23, 2016  Network problems plague Yahoo for three days. Comcast east coast is all red from DC north to Maine.  Story  Tweet

May 23, 2016  Update to GPS and misadventures: This one involves the driving of a car into the Great Lakes by a sober driver whose actions didn’t quite mesh with the GPS.  This Update  Start of the Story  Tweet

May 23, 2016 Update:  Data from 5 more banks posted on line.  This Update   Start of the Story  Tweet

May 23, 2016  UK orders banks to review SWIFT security following more reports of bank theft.  This Update  Start of the Story  Tweet

May 23, 2016  Find government bug? Report, don’t hack. No response? Contact bigger voices. Don’t hack. You’ll lose.  Story  Tweet

May 23, 2016  InstaGram account validation email could be spoofed, but researcher figured it out, they fixed it quickly, and paid a bug bounty. Better than being convicted.  Story  Tweet

May 23, 2016  New Counter Drone Technology commands them to land using directed energy weapon.  Story  Tweet

May 23, 2016  Does Uber use your call phone’s battery level to apply surge pricing for their profit?  Story  Tweet

May 22, 2016  20160522-teslaTeslaCrypt leaves the ransomware business and breaks the lock allowing ESET to create a no-charge utility to unlock files. Wow!  Story  Tweet

May 22, 2016  Weather satellites attacked by hackers. GPS next?  Story  Tweet

May 22, 2016  New notification rules with heavy fines for non-compliance with 72-hour notification window. Does this apply to US companies doing business in the EU?  Story  Tweet

May 21, 2016  RunKeeper app tracks your exercise. Good. RunKeeper tracks you others times without telling you. Not so good.  Story  Tweet

May 20, 2016  20160520-cupidSocial scientists scrape data from dating web site and submit it for publication with personally identifiable information (PII) on 70,000 people.  Story  Tweet

May 20, 2016  Another unreported bank theft via SWIFT. 12 transfers in 10 days. The victim bank is suing, but why did neither bank report it to SWIFT?  This Update  Start of Story  Tweet

May 20, 2016  3,000+ exposed by Australian taxi booking and payment service whose database was on the internet without login requirements.  Story  Tweet

May 19, 2016  Update regarding the fetish porn website that exposed 100,000 accounts including emails ending in GOV and MIL.  This Update  Start of the Story  Tweet

May 19, 2016 Update to “Coin Counting – Their Way”  About a month after the story broke that coin counters were not counting accurately TD Bank closes all coin counters nationwide.  This Update  Start of the Story  Tweet

May 19, 2016  Noodles & Company get outside help to investigate possible card breaches at its hundreds of restaurants in over 30 states. Number exposed? Unknown!  Story  Tweet

May 18, 2016  dot-GOV and dot-MIL email addresses found in hacked fetish web site. Yes, really.  Story  Tweet

May 18, 2016  20160518-linkedinUpdate to 2012 LinkedIn breach: Reported at 6.5M four years ago and now confirmed at almost 170M. What the company is doing and what you should do … NOW!  This Update  Start of the Story  Tweet

May 18, 2016 Update  SWIFT banking weakness known before Bangladesh, but not sharing cybersecurity information helps crooks, not cops.  This Update  Start of the Story  Tweet

May 17, 2016  iOS 9.3.2 security update has a bad relationship with some iPad Pros leaving users with only bad choices.  Story  Tweet

May 17, 2016  A ‘botnet of 1M computers performing major click-fraud on advertisers including AdSense.  Story  Tweet

May 17, 2016  Mobile banking app so flawed all you need is an account number to transfer funds anywhere you want. Bank took 12 days to reply to notification from security researcher. Another researcher: There is much worse.  Story  Tweet

May 17, 2016  Cybersecurity software is supposed to end vulnerabilities, not create them. CyberSecurity FAIL!!!  Story  Tweet

May 17, 2016  Would you like on line voting? Do you want your vote to count or be stolen undetected? Cybersecurity isn’t there yet.   Story  Tweet

May 16, 2016  Apple pulls cybersecurity app from AppStore despite its excellent functionality. Why?   Story  Tweet

May 16, 2016  Thousands of compromised computers on the “Dark Cloud” host criminal web sites, send spam and more. DNS changes rapidly so tracing the IP address can’t actually find the system. Is yours one of these?  Story  Tweet

May 16, 2016  Samsung Pay tokens have a weakness to be revealed at Black Hat in Las Vegas.  Story  Tweet

May 14, 2016  20160514-twitterTwitter cuts off intelligence services from alerts based on datamining the tweet feed.  Story  Tweet

May 14, 2016  US House of Representatives blocks Google Apps and Yahoo email as ransomware comes calling at our nation’s capitol.  Story  Tweet

May 14, 2016  Eight good reasons why not to migrate to Windows10.  Story  Tweet

May 14, 2016  A processing chip in Android devices has a back door that is powerful and not really concealed. It might have been for development, but it made it into production worldwide. ooops!  Story  Tweet

May 13, 2016  20160512-wendysWendy’s breach started in late 2015, first reported by independent security researcher (not the company) and half a year later they can not, or will not, report the exact number of stores infected with malware?  This Update  Start of the Story  Tweet

May 13, 2016  20160513-swiftSWIFT bank fund transfer system hacked again.  This Update  Start of the Story  Tweet

May 13, 2016  In 2014 FBI writes to police chief: Don’t use evidence provided by StingRay and create something else for trial use.  Story  Tweet

May 13, 2016  20160513-wendysThe delay in making the breach public cost credit unions considerably and a class action complaint was filed.  This Update  Start of the Story  Tweet

[ Sorry to have missed two days. Storms in Central US damaged computer equipment despite uninterruptable power supplies and surge protectors. Replacing equipment and reconfiguration took a long day and we’re still catching up. -ed ]

May 10, 2016  Bank hack exposes 100,000+ Visa and MasterCard accounts, bank statements and more.  Story  Tweet

May 10, 2016  Expose a vulnerability in an election database, post a video, get interviewed by the police months later and even later get arrested based on the evidence you provided. Or, avail yourself of the right to remain silent and get arrested for “obstruction of justice”.  Story  Tweet

May 10, 2016  Apparently whatever you are doing is less important than when Windows 10 decides to do an update. Didn’t even ask before interrupting a live presentation.  Story  Tweet

May 10, 2016  Android users BEWARE! Some apps on the play store come with a little extra, a malware infection that not only swipes your data, but turns your phone into an evil ‘botnet minion.  Story  Tweet

May 09, 2016  20160509-panamaPanama Papers names trustees of a university, a medical school and more. What a web.  This Update  Start of Story  Tweet

May 08, 2016  One Ring Scam – the cell phone rings once. Do you call back? Maybe not if the call came from these locations.  Story  Tweet

May 08, 2016  FBI ransomware payment guidance made clear: Don’t pay. So what are you to do?  Story  Tweet

May 08, 2016  HTTPS maybe not so “S”. Multiple patches available for OpenSSL. Without updating, the contents can be duplicated and decrypted.   Story  Tweet

May 08, 2016  Why is the lodging industry such a frequent target of charge card thieves? Turns out Sutton’s Law (that is where the money is) is only one reason.  Story  Tweet

May 08, 2016  April 2016 Summary: A third of the way through 2016 we have 399 breaches exposing 696.1 million records. That is more exposures than all of 2015.  2016 summary  Tweet

May 07, 2016  20160507-w2sEver feel like your W2 has all the protection of a bag of peanuts at a baseball game? 400K+ exposed at W2 portal.  Story  Tweet

May 07, 2016  Liberty Reserve founder sentenced to 20 years. Cyber currency held to be massive money laundering system that processed over six billion dollars on behalf of crooks.  This Update  Start of the Story   Tweet

May 07, 2016  Facebook’s repository of facial images created a biometric library collected in violation of Illinois Biometric Information Privacy Act (BIPA). A year into the lawsuit the judge refused to dismiss. More.  This Update  Start of the Story  Tweet

May 06, 2016  20160506-dridexDridex banking trojan arose January 2015, killed off in October 2015, rises again to target banking customers in the USA!  Story  Tweet

May 06, 2016  Your GPS can give you the most direct route through Death Valley, but will you live to get home again?  Story  Tweet

May 06, 2016  20160506-atmNew skimmers farther inside the ATM that insert skimmers.  Story  Tweet

May 06, 2016  Cell site emulators trick all cell phones into revealing identification and location. For “national security” and “serious crime” only. Yet these multi hundred-thousand dollar tools were used to chase the theft of $60 of chicken wings. That thief got away. Are we getting the facts?  Story  Tweet

May 05, 2016  Over one billion credentials for sale at $1.00. Eliminating duplicates, still over 150 million including Gmail, Microsoft/Hotmail and Yahoo.  Story  Tweet

May 05, 2016  US Marshal Scam Update: Some of the crooks making these calls are already in jail, but not because they were caught for this crime.  This Update  Start of the Story  Tweet

May 05, 2016  What happens when a major web site that tracks exposed credentials is itself hacked and exposed? Nothing good.  Story  Tweet

May 05, 2016  Your face can’t hide anymore as recognition tools harvest millions of available images via social media. Intelligence services, security personnel, and sex workers are all vulnerable to exposure.  Story  Tweet

May 04, 2016  Samsung “SmartThings” interface can control thousands of internet-of-things devices. Unfortunately it isn’t well protected and control of those devices can be had by crooks. Your home security system, lights, thermostat, toaster … all under criminal control.  Story  Tweet

May 04, 2016  Instagram pays $10K to 10-year old for finding significant vulnerability. How secure is it when a 10-year old can hack it?  Story  Tweet

May 03, 2016  ADP portal weakness allows crooks to access unregistered (unused) accounts for employees of 640,000 companies using readily available information.  Story  Tweet

May 03, 2016  Theranos, a high flying company and a tech media darling, was supposed to revolutionize medical testing. So how did it fly so high before traditional investigation and journalism revealed The Emperor Has No Clothes?  Story  Tweet

May 03, 2016  FBI Alert on nation-state actors doing bad things via attachments. If you have these symptoms…  Story  Tweet

May 02, 2016  Involuntary manslaughter gets maybe a year in jail. Hacking a car, even if you cause no damage, gets life? Are we being heavy handed with crooks or discouraging the security researchers who are finding so many ways modern cars are vulnerable?   Story  Tweet

May 01, 2016  Update to “Qatar National Bank Hack”: The bank has admitted unauthorized access exposing … agents of MI5?  This Update  Start of the Story  Tweet

May 01, 2016  Microsoft Office 365 was found to be massively vulnerable in December 2015 by two security researchers. At exposure risk were business Outlook, Skype, cloud storage and more. How long did this last?  Story  Tweet

May 01, 2016  Closing cost scam – scares people that their house won’t close unless they wire money to this account. Don’t do it! Someone’s email account was hacked and you are being scared to turn off your rational brain and become a victim.  Story  Tweet

May 01, 2016  Since 2014 Waze Navigation of Israel has a vulnerability that exposes users to stalking (there is a work around) and the system to ghost-car injection making for false traffic reporting.  Story  Tweet

May 01, 2016  Since 2015 Facebook “completely owned” by a hacker who found internal networks and installed keyloggers. Found by another hacker seeking bounty you’d think Facebook would be concerned. Their response was … something else.  Story  Tweet


[ Some tweets tweaked for clarity
or revised URLs -ed ]
Return to Twitter Index page