An investigation into a ransomware attack on a North Carolina county's computer network showed personal information posted for sale on the "dark web," the county said. The Chatham County network was hit on Oct. 28 with ransomware that originated in a phishing email with a malicious attachment, The News & Observer of Raleigh reported Tuesday. It encrypted much of the county's network infrastructure and associated business systems, the county announced. READ MORE...
Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support. The outage started Saturday when the Kia Owners Portal went offline and began displaying an error message stating that Kia was "experiencing an IT service outage that has impacted some internal networks." The company's phone self-help services are also impacted, with the customer support numbers stating that they have server issues. READ MORE...
An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has "misleading" data-collection policies. ByteDance-owned TikTok has skyrocketed in popularity, with more than 2 billion downloads on the Google Play and Apple App Store marketplaces. The complaint was filed by the European Consumer Organisation (BEUC), made up of consumer-privacy watchdog groups from 32 countries. READ MORE...
Starting next month, LastPass will no longer allow a free account to be used on multiple types of devices (computers and mobile) at the same time. LastPass is a password manager that allows you to synchronize and auto-fill your login credentials throughout multiple platforms, including Windows, iOS, Android, and almost all web browsers. Today, LastPass began emailing customers of their Free service with news that starting on March 16th, 2021, users will no longer be allowed to use the service. READ MORE...
The OpenSSL Project on Tuesday announced the availability of patches for three vulnerabilities, including two that can be exploited for denial-of-service (DoS) attacks and one related to incorrect SSLv2 rollback protection. The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition. READ MORE...
A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera's video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said. The issue exists in the manufacturers' implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. It's possible to misconfigure its implementation. READ MORE...
Palo Alto Networks today announced it plans to purchase Bridgecrew, a cloud-based security platform for software developers, for around $156 million. Bridgecrew espouses a so-called "shift left" strategy for developers, where developers and DevOps teams can ensure and enforce security infrastructure during the entire software development process. Some 70% of the Fortune 100 are customers of Bridgecrew's Prisma Cloud service. READ MORE...
Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines. The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. READ MORE...