Mar.29

Mar.27

GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems

Researchers have identified a new malware family, dubbed GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses.
The malware has been in the wild since June 2017 and exhibits a number of unique characteristics, such as being written in the Go (Golang) programming language, avoiding military targets and tailoring malware binaries for each target, according to Cisco Talos, which first identified the malware and posted research about it on Monday[1]. Read More

Uncategorized,Security & Privacy,Cloud Security

Mar.23

Senate Gives Nod To Controversial Cross-Border Data Access Bill

The United States Senate on Thursday approved a controversial cross-border data access act, dubbed the CLOUD Act, that was part of the overall omnibus government spending bill.
Buried on page 2,201 of the government spending bill is the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), a provision that sets rules for how the government should handle accessing personal data that is stored by tech platforms abroad. For the US specifically, the bill would permit law enforcement to access citizens’ information that is stored on systems in a different country, given that they have a US court-approved subpoena. Read More

Uncategorized,Security & Privacy,Cloud Security

Mar.21

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Expedia-owned travel site Orbitz said Tuesday a possible breach of both its consumer and partner platforms may have led to the disclosure of 880,000 payment cards.
According to Expedia, criminals had access to Orbitz consumer and business partner platforms, but not the Orbitz.com website. The consumer side of the Orbitz business platform was open to attack during the first half of 2016, while the partner platform was open to attacked between Jan. 1, 2016 and Dec. 22, 2017, according to Expedia. Read More

Uncategorized,Security & Privacy,Cloud Security

Mar.20

Mar.19

Mar.19

IngressFS – March 2018 Results

699 Agents from 36 cities in 18 countries earned 90 million AP, gained 62 levels and walked 2,406 km during March’s First Saturday events around the world.
This month, the Enlightened had the most AP per agent (+6.2k) and most KM per agent (+0.10). The Resistance had the most agents (+37), most levels gained (+6), most AP earned (+2.6m) and most KM walked (+92). Read More

Niantic & Ingress

Mar.16

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown

In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities.
The limited time program is open until December  31, and offers up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of.[1] Read More

Uncategorized,Security & Privacy,Cloud Security

Mar.15

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

A misconfigured Amazon (S3) Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet.
The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based jewelry company that operates mainly under the name Limogés Jewelry. Read More

Uncategorized,Security & Privacy,Cloud Security

Mar.13