A Fintech Horror Story: How One Company Prioritizes Cybersecurity
Editor’s Note: Dark Reading was able to verify that the issue Cerrudo found was present as of June 24, when we created an account on Veem and confirmed that the personal information and partial bank account information was visible to anyone else. We also confirmed that even after deleting the account, most of the information…
The price of stolen info: Everything on sale on the dark web
What is the price for personal information, including credit cards and bank accounts, on the dark web? Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses….
Microsoft Finds Major Security Flaws in Pre-Installed Android Apps
According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers. “Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could…
Researchers Devise New Type of Bluetooth LE Relay Attacks
Meant to provide significantly reduced power consumption and costs at communication ranges similar to those provided by Bluetooth, BLE is used for a broad range of applications in sectors such as automotive, healthcare, security, home entertainment, and more. BLE proximity authentication is typically to unlock or keep unlocked products such as cars, smart locks, access…
Why SOC 2 Compliance Is a Matter of (Zero) Trust
SaaS solutions are now so entwined in business users’ daily routines that they seem to meld into one experience — or simply put, “the way I work.” Yet the reality is there are many disparate cloud applications in play across a typical enterprise — 364 on average – which means a lot of complexity and…
How European Rulings Imperil Flagship Google Product
More than half of the world’s websites use Google Analytics to help their owners understand the behavior of users. The software, which deploys cookies to track user behavior, costs nothing in cash terms — though the vast trove of data helps to fuel Google’s massive profits. However, in 2020 the framework overseeing how personal data…
Web-Tracking ‘Cookies’ Meant to Protect Privacy: Inventor
California-based engineer and entrepreneur Lou Montulli said the original “cookie” he created decades ago was intended to make life online easier by letting websites remember visitors. Yet the technology has become a lightning rod, attacked for helping tech companies collect data on consumers’ habits key to the targeted web ad business that makes many billions…
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating. The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The bug could allow…
Apache Foundation Calls Out Open-Source Leechers
“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in their continued maintenance,” the ASF said in a position paper published ahead of a high-level White House meeting on open-source software security. “Only a tiny percentage of downstream companies (reusing the…
Europol Ordered to Delete Data Not Linked With Crime
The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019. As part of the investigation, the EDPS said it reprimanded Europol two years ago “for the continued storage of large volumes” of such data, “which poses a risk to individuals’ fundamental…
