With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without
The Hacker News
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech.
In January, the New York Times exposed a public harassment campaign likely waged by one woman against the family of her former employer. Decades after being fired, the woman allegedly wrote dozens of fraudulent posts across the Internet, ruining the family’s reputation and often slipping past any repercussions.
Frequently, the websites that hosted this content refused to step in. And, in fact, depending on what anyone posts on major websites today, those types of refusals are entirely within a company’s right.
These stories frequently produce reactionary “solutions” to the Internet—from proposals to change one foundational law to requiring individuals to fully identify themselves for every online conversation. Those solutions, however, can often harm others, including government whistleblowers, human rights activists working against oppressive governments, and domestic abuse survivors.
Tune in to hear about the importance of online anonymity for domestic abuse survivors and why changing one key Internet law will not actually fix the problems we have today, on the latest episode of Lock and Code, with host David Ruiz.
You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.
We cover our own research on:
- The mystery of the Silver Sparrow Mac malware
- Clop targets execs, ransomware tactics get another new twist
- LazyScripter: From Empire to double RAT
- Scammers, profiteers, and shady sites? It must be tax season
Other cybersecurity news
- NCSC helps NurseryCam to secure itself (Source: The Register)
- Taking a peek behind the big-tech curtain (Source: Medium Blog)
- A tale of cloned attack tools (Source: Check Point Blog)
- Phishers imitate well-known shipping companies (Source: Tech Radar)
- Malware gangs forge alliances (Source: Threat Post)
Stay safe, everyone!
The post Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03 appeared first on Malwarebytes Labs.
Richard Royal has a hard life.
He lives in a corrupt, church-controlled dystopia, his family is soon broken, and the only joy to be had comes from the escapism of his full-immersion gaming.
Introduced to a new and very illegal game, he finds himself in the body of a dragon, on a quest to find a dark and evil power to serve. But the game is more than it seems, and the dragon is more than a beast. Soon Rich’s life is far, far more complicated than he ever expected. And the t
Only for today on Amazon:
Hacking: The Complete Beginner’s Guide To Computer Hacking: Your Guide On How To Hack Networks and Computer Systems, Information Gathering, Password … Online anonymity, IP Address, Privacy)
Price List: £19.99
Only for today on Amazon: £19.04
Eatstreet, the online food ordering service, disclosed a security breach that exposed customer payment card data and details of partners
EatStreet, an online and mobile food ordering service, disclosed a security breach that exposed customer payment card data and details of delivery and restaurant partners
Attackers breached the company network on May 3 stole data from its database. On May 17, the company discovered the intrusion and locked out the attacker.
Stolen data includes names, addresses, phone numbers, email addresses, as well as financial data (i.e. bank accounts, routing numbers, credit card numbers, expiration dates and card verification codes), billing addresses)..
“On May 3, 2019, an unauthorized third party gained access to our database, which we discovered on May 17, 2019. The unauthorized third party was able to acquire information that was in our database on May 3, 2019. We were able, however, to promptly terminate the unauthorized access to our systems when we discovered the incident.” reads the data breach notification letter sent to delivery and restaurant partners.
EatStreet currently offers its services to “over 15,000 restaurants in more than 1,100 cities,” the company’s Android app has over 100,000 installs as of June 5.
EatStreet promptly alerted the credit card payment processors and “hired a leading external IT forensics firm to respond to and investigate the incident. We audited our systems to validate that there was no other unauthorized access.”
At the time, law enforcement agencies are not investigating the incident:
“EatStreet continues to work with outside experts to identify other measures it can take to improve its security controls. While our investigation is ongoing, there was no law enforcement investigation that delayed notification to you.”
“In addition, we have enhanced the security of our systems, including reinforcing multi-factor authentication, rotating credential keys and reviewing and updating coding practices,”
According to ZDNet, the hacker who breached the company is Gnosticplayers, who made the headlines because between February and April disclosed the existence of some massive unreported data breaches in fifth rounds. The list of victims includes
The hacker took credit for the data breach while discussing with ZDNet about the Canva hack allegations last month.
At the time it is not clear the extent of the security breach, but the hacker claimed he stole over six million user records.
“In an email to ZDNet today, the hacker claimed he was in the possession of over six million user records he took from the company’s servers. Over the past few months, this hacker has stolen and put up for sale 1,071 billion user credentials from 45 companies. “
The post Eatstreet, the online food ordering service disclosed a security breach appeared first on Security Affairs.