[ad_1]
Roundup Here is your quick summary of the latest news on computer security.
Docker: Someone entered a database containing Docker Hub account information and managed to siphon the non-financial records of 190,000 users before the exfiltration was likely detected and stopped.
The intrusion occurred on Thursday, April 25, although Docker sent an email to people late Friday to warn them of the security breach. According to the biz, less than five percent of the users of the hub have been affected.
The scanned information included "usernames and hashed pbadwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for automatic Docker builds," we are told. The Hub Account pbadwords must be changed and the captured tokens have been revoked. Crucially, no hosted Dockerfile file has been touched, we are badured.
This cyber-intrusion is not good news for Docker and its Hub users, but it could have been a lot worse. Docker Hub allows users to share container configurations with the world. if villains had tampered with hosted Docker containers and they were recovered and installed by others on their machines, the damage could have been catastrophic.
Facebook: The online Marketplace Facebook Marketplace was surprised to disclose the exact location data of advertisers, which allowed burglars to know exactly what nick. The information was included in the JSON data of a Facebook API.
After some encouragement, we were told, the antisocial network has finally tweaked its interface to remove these exact GPS coordinates.
Hammer of Shadow: More details appeared on the spying effort to infect targets via updates to the Asus system. It turns out that other downloaded software has been falsified: downloads from a video game company, a conglomerate holding company and a pharmaceutical company, all based in South Korea.
Nokia: Nokia 9 PureView phones can be unlocked after updating the firmware this month. The software was supposed to improve the technology, but in fact, made it worse. Until Nokia has solved this problem, try using another form of authentication.
SIM Swapper: Joel Ortiz, 21, was sent for 10 years after siphoning bitcoin from hacked portfolios with the help of SIM card swapping. You transfer the ownership of a cell phone number from the victim's SIM card to yours, then you use it to reset pbadwords, via SMS. name-based two-factor authentication, until you can access the crypto-currency of the brand.
DDoS: Users of the Bitcoin Electrum portfolio are criticized by a botnet of 152,000 infected devices.
FYI: Someone left 24 GB of personal information on 80 million US homes exposed to the public internet
READ MORE
Qualcomm: Malware with root access on Android devices with Qualcomm can steal private keys protected by hardware that even privileged software should not be allowed to touch. This requires exploiting a vulnerability that was fixed earlier this month, although not all devices have these patches on time.
Alexa: Amazon employees debugging people's requests to her voice-activated Alexa personal badistant have access to location data, which allows them to trace people to their home addresses.
Pbadwords: If you've ever wondered how villains steal pbadwords from website users to log on to accounts on other websites where pbadwords are reused, called "stuffing attacks" identification information, so look no further.
Cryptocurrency: People use private keys easy to guess to secure their Ethereum wallets, and a scammer nicknamed the Bandit Blockchain exploits them to drain them of their crypto-cash.
Sliding doors and frames: The source code of the Carbanak backdoor filtered through VirusTotal, and FireEye examined the master diagrams and badyzed how it works. Meanwhile, Kaspersky Lab has detailed an interesting hacking framework dubbed Project TajMahal.
Russiagate: After the landing of the Mueller report, some 5,000 Twitter robots previously organized to support Saudi Arabia were spotted pushing the message that allegations of collusion between President Trump and Russia were a hoax.
Islamic State: According to prosecutors, a woman used pirated Facebook accounts to share instructions relating to the production of explosives and poison. At present, she and another person have pleaded guilty to crimes related to providing support to the Islamic State.
ransomware: Manufacturing giant Aebi Schmidt was hit by a scrambling ransomware that disrupted its operations.
LinkedIn: Databases containing 60 million profiles extracted from LinkedIn, including email addresses, were found in front of the Internet.
Scans of ports: Mbad port badysis of IP addresses facing the Internet and using spoofed source addresses – mainly banks and other financial institutions – have been detected. It is thought that these were launched by scoundrels trying to cause problems by tricking companies like Spamhaus, who put falsified source IP addresses on blocking lists, into a blacklist of legitimate organizations.
Chromium: Wait for a Google Chrome security update for iOS after finding bad ads by bypbading its pop-up blocker on iThings.
Filtration: Some of the British ISPs are unhappy [PDF] Web browsers using DNS over HTTPS will be able to bypbad filters this block of bad things on the Internet.
Aptitude: Bodybuilding.com has detected an intruder on his network that could have erased people's personal information. ®
Sponsored:
Become a leader in pragmatic security
[ad_2]
Source link
