U.S. states have reached a settlement over the mammoth 2014 Home Depot breach that will net them $17.5 million, plus an agreement from the home improvement retailer to strengthen its data security practices. The breach, which compromised 56 million payment card across the U.S., still ranks among the biggest data breaches ever. It's been an expensive cleanup. Years after the attack, Home Depot estimated the cost at about $179 million and said it was likely to continue growing. READ MORE...
Specialty networking solutions provider Belden on Tuesday disclosed a data breach resulting in the theft of employee and business information. The company said the incident involved "unauthorized access and copying of some current and former employee data, as well as limited company information regarding some business partners." Belden said its employees detected unusual activity on some servers, which third-party forensic experts determined was the result of a "sophisticated attack." READ MORE...
It's still a mystery to researchers at the University of Michigan and The University of Electro-Communications (Tokyo) - just what physically enabled them to inject commands into the embedded microphones of Amazon Alexa, Google Home, and other digital voice assistant devices via laser pointers. The team in 2019 used light to remotely control Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri by exploiting a vulnerability in their so-called MEMS microphones. READ MORE...
Scammers are taking advantage of the Minecraft sandbox video game's wild success by developing Google Play apps which appear to be Minecraft modpacks, but instead deliver abusive ads, according to researchers. Since July, Kaspersky researchers have found more than 20 of these apps and determined that they have been downloaded on more than a million Android devices. READ MORE...
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found. The vulnerability has been patched last week and, by now, web hosting providers have hopefully upgraded their installations. Still, admins of sites that are managed through cPanel should check whether their provider did perform the update (and demand they do it if they haven't). READ MORE...
Two popular apps from Baidu collected data on Android phones and uploaded it to the Internet, potentially allowing the apps to track the user, network security firm Palo Alto Networks stated in an analysis of the apps published on Nov. 24. The Baidu Search Box and Baidu Maps applications, which have more than 6 million downloads from the US Google Play Store, both collected a variety of device identifiers from the phone on which the applications were installed. READ MORE...
A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs. Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer. Present on the list of vulnerable targets are IPs belonging to high street banks, telecoms, and government organizations from around the world. READ MORE...