Security

Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).

Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, these passwords are for Dahua DVRs running very old firmware that is vulnerable to a five-year-old vulnerability.

Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs.

The ubiquitous mobile phone is a convenient and essential part of your personal and business lives. But is it secure if it’s lost or stolen? Not likely.

A German web-hosting firm has suffered a severe data breach because one of its customers reportedly owed money to the attacker. The company only learned of the breach when the hacker announced it himself, on its support forum.

On Jan. 29, the attacker compromised customer names, company names, various addresses, telephone numbers, DomainFactory passwords, dates of birth, bank names and account numbers, and Schufa scores (German credit score).

Cybersecurity analysts RiskIQ have identified the hacker group Magecart as the origin of the skimmer code placed on Ticketmaster websites, and suggested the number impacted by their theft of payment details is likely significantly worse than first thought.

Ticketmaster is a subsidiary of Live Nation, the world’s largest entertainment ticketing sales and marketing company. Last month we reported how potentially millions of Ticketmaster customers’ payment details had been accessed by a hacker group.

Criminals recently stole code-signing certificates from router and camera maker D-Link and another Taiwanese company and used them to pass off malware that steals passwords and backdoors PCs, a researcher said Monday.

 It just keeps happening. A hacker has targeted a company selling Android spyware marketed to monitor children, employees, and previously romantic partners.

This data breach is the latest in an ever increasing list of vigilante hackers focusing on the consumer spyware industry, some parts of which have been linked to illegal stalking and spying by abusive partners.

The personal data of millions of Timehop customers has been compromised after a hacker gained access to its cloud-based backend computing environment.

Timehop, a service that plugs into users’ social media platforms and shows them memories from the past, disclosed the data breach on Sunday.  The company said that last week on July 4, a data breach resulted in hackers swiping the names, email addresses and phone numbers of millions of customers. The hackers also stole social media “access tokens,” provided to Timehop by social media services, for up to 21 million customers.

Looking back at the first six months of 2018, there haven't been as many government leaks and global ransomware attacks as there were by this time last year, but that's pretty much where the good news ends. Corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated.

Here are the big digital security dramas that have played out so far this year—and it's only half over.

Smart home devices are quickly proliferating across the the world. Millions of new devices are coming online every year, be it through an Echo or Nest or anything in between.

Each one of these devices in the ever-expanding internet of things produces huge troves of data. That information is increasingly becoming a focal point for Cellebrite, the wildly profitable Israeli firm most famous for its cracking open encrypted iPhones on behalf of law enforcement and intelligence agencies.