Duncan Riley
Latest from Duncan Riley
Data supplier to US government provider exposes birth certificates on cloud storage
Some 750,000 birth certificates have been found expose online in a yet another story of a company that didn’t secure its cloud storage, but this story has a twist: The provider was a third-party supplier of data to the U.S. government. The unnamed company, detected by Fidus Information Security Ltd. and first reported today by TechCrunch, ...
Report: BMW and Hyundai targeted by APT32 hacking group
A threat group believed to have ties to the government of Vietnam is likely be behind the hacking of networks belonging to two car manufacturers: Bayerische Motoren Werke AG, better known as BMW, and Hyundai Motor Co. According to a report in German media Dec. 5, the attacks are believed to have taken place sometime in spring and allegedly involved ...
As Uber issues safety report, CEO calls sexual-assault numbers a ‘reflection on society’
Uber Technologies Inc. Chief Executive Dara Khosrowshahi has responded to the company’s safety report released Dec. 5 by saying in an interview that the sexual assaults were a “reflection on society.” The report found that 3,045 sexual assaults occurred in its vehicles in 2018, up slightly from 2,936 in 2017. Adjusted for increased ride growth, ...
Microsoft study finds 44M users using breached passwords
A new study from Microsoft Security has found that 44 million Microsoft and Azure cloud account holders were using passwords that were stolen in data breaches. The study, published late last week, analyzed more than 3 billion credentials known to have been stolen by hackers using third-party sources, then compared that data to credentials used on ...
Behavioral security analytics startup Cyberhaven raises $13M
Behavioral security analytics startup Cyberhaven Inc. today launched its main product with the announcement of $13 million in funding to further boost product development. The Series A round was led by Vertex Ventures and Costanoa Ventures and included Crane Venture Partners along with a number of individual investors. The company was founded in 2015 by a team of five ...
Data center provider CyrusOne hit by ransomware attack
Data center provider CyrusOne Inc. has suffered a ransomware attack knocking at least some of its customers offline. The attack, believed to involve a version of the REvil (Sodinokibi) ransomware, according to a report today by ZDNet, took place Dec. 4. A ransom note sent to the CyrusOne included its name at the top, suggesting that the attack ...
Huawei sues over ban on rural carriers buying its gear with government funds
Huawei Electronics Co. Ltd. today filed a lawsuit against the U.S. Federal Communications Commission in a bid to overturn a ban that prevents rural carriers from using a government fund to buy network equipment from the company. The ban, handed down Nov. 22, banned rural carriers from using funds for Huawei equipment, as well as ...
Report: five new iPhones in 2020, iPhone without Lightning connector in 2021
Famed analyst Ming-Chi Kuo is predicting that Apple Inc. will launch five new iPhones in 2020, but in a surprise, he’s predicting that in 2021 the company is planning to launch an iPhone without a Lightning connector. Kuo made the predictions in a research note from TF International Securities first reported today by Macrumors. As previously predicted by ...
UK retailer Sweaty Betty reports customer data stolen in Magecart attack
U.K. retailer Sweaty Betty is the latest victim of a so-called Magecart attack, as hackers inserted code on its website that intercepted and stole customer payment details. The hack was first disclosed in an email Tuesday to customers in which the company claimed it had been made aware of “unusual activity” on its website. The email ...
Bug bounty startup HackerOne suffers breach after analyst mistake
Bug bounty program startup HackerOne Inc. has suffered a security breach after accidentally giving a researcher the ability to read and modify some of its bug reports. The incident occurred because an analyst at Hackerone who was corresponding with the researcher provided a cURL command that mistakenly included a valid session cookie. That gave anyone ...