Tag Archives: privacy

10Fold – Security Never Sleeps – 35

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Security researchers have found that nearly all versions of the Magento e-commerce platform allows hackers to embed malicious JavaScript code insider customer registration forms on millions of e-commerce sites. A symantec partner has allegedly been caught running a tech support scam by leveraging bogus threats to sell overpriced security software. Sixteen lawmakers are trying to end congress’ gridlock by offering new bills that would help ensure student and employee privacy. Blockchain has emerged as a more secure, transparent, faster and less expensive financial alternative and continues to push for adoption throughout various industry.

Bug In Magento Puts Millions Of E-Commerce Sites At Risk Of TakeOver – Publication: Ars Technica – Reporter name: Dan Goodin

Millions of online merchants are at risk of hijacking attacks made possible by a just-patched vulnerability in the Magento e-commerce platform. The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition prior to and, respectively, according to researchers from Sucuri, the website security firm that discovered and privately reported the vulnerability. It allows attackers to embed malicious JavaScript code inside customer registration forms. Magento executes the scripts in the context of the administrator account, making it possible to completely take over the server running the e-commerce platform.

Symantec Partner Caught Running Tech Support Scam – Publication: Network World – Reporter name: Gregg Keizer

According to San Jose, Calif.-based Malwarebytes, Silurian Tech Support ran a scam in which its employees, who billed themselves as support technicians, used obscure but harmless entries in Windows’ Event Viewer and Task Manager to claim that a PC had been overwhelmed by malware, then leveraged those bogus threats to sell overpriced copies of Symantec’s Norton security software and an annual contract for follow-up phone support.

5 Things Congress Should Learn From New State Privacy Bills – Publication: Wired – Reporter name: Any Greenberg

On Wednesday 16 states’ lawmakers, with the advice and coordination of the American Civil Liberties Union, introduced bills designed to shore up Americans’ privacy on a long list of issues that federal lawmakers have either ignored or allowed to become paralyzed in Congress’s endless gridlock. That collective legislative push, which the ACLU is calling Take CTRL, addresses everything from student and employee privacy to new police surveillance techniques. The bills, together, would cover more than a 100 million Americans, by the count of the ACLU’s advocacy and policy counsel Chad Marlow.

How Will Bitcoin And Blockchain ‘Cross The Chasm’? An Analysis Of 5 Strategies – Publication: Forbes – Reporter name: Laura Shin

Blockchain, or distributed ledger, technology is more secure, transparent, faster and less expensive than current financial systems. And it has applications in other sectors like identity issuance, land titles, provenance and more. But for all its superiority, it finds itself in what disruptive innovation author Geoffrey Moore would call “the chasm”: Right now, tech enthusiasts and other people who have strong reason to prefer this technology over existing options have adopted it, but the companies in the space now need to attract users outside the core believers.

10Fold – Security Never Sleeps – 29

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  The US Intelligence director’s email has been hacked by the same person who claims to have hacked the CIA directors email a few months ago. As of today Silk Road is officially gone but the secret sever remains. The pew research center has released a new survey on the privacy gap between consumers and tech vendors. Lastly, a newly released password from the juniper network raises fears of further backdoor eavesdropping fears.

US Intelligence Director’s Personal E-mail, Phone Hacked – Publication: Ars Technica – Reporter name: Sean Gallagher

The same individual or group claiming to be behind a recent breach of the personal e-mail account of CIA Director John Brennan now claims to be behind the hijacking of the accounts of Director of National Intelligence James Clapper. The Office of the Director of National Intelligence confirmed to Motherboard that Clapper was targeted and that the case has been forwarded to law enforcement.

The Silk Road’s Dark-Web Dream Is Dead – Publication: Wired – Reporter name: Andy Greenberg

Not so long ago, the Silk Road was not only a bustling black market for drugs but a living representation of every cryptoanarchist’s dream: a trusted trading ground on the Internet where neither the government’s laws nor the Drug War they’ve spawned could reach. Today, that illicit narco-utopia is long gone, its once-secret server in an evidence storage room and its creator Ross Ulbricht fighting a last ditch appeal to escape life in prison.

New Study Highlights Privacy Gap Between Consumers And Tech Vendors – Publication: Wall Street Journal – Reporter name: Elizabeth Dwoskin

Americans are willing to share sensitive information with businesses in the name of safety and efficiency, a new study found. But they’re less enthusiastic about exchanging personal details in return for better advertising or offers–especially when those details reveal their physical location, researchers said. The Pew Research Center has found in recent years that users of mobile and desktop computers are anxious about online privacy. The nonprofit’s latest study, published on Thursday, aimed to learn whether consumer anxiety waxed or waned in specific scenarios. Conclusion: It does.

Et tu, Fortinet? Hard-coded Password Raises New Backdoor Eavesdropping Fears – Publication: Ars Technica – Reporter name: Dan Goodin

Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday.