Over 100 million IoT devices and servers are vulnerable because of 20-year-old TCP/IP stacks

Over 100 million IoT devices and servers are vulnerable because of 20-year-old TCP/IP stacks

In context: Security researchers at Forescout and JSOF have uncovered a set of nine vulnerabilities within four commonly used TCP/IP stacks.However, Forescout created an open-source script to help administrators track down vulnerable IoT devices and servers on the network.

Senators Offer to Let NSA Hunt Cyber Actors Inside the US

Senators Offer to Let NSA Hunt Cyber Actors Inside the US

A bipartisan group of senators offered to help expand the National Security Agency’s authorities allowing the spy agency to hunt domestically for signals intelligence against foreign adversaries that U.S. officials have said are behind a string of recent attacks, like the recent SolarWinds hack.

New 5G protocol vulnerabilities allow location tracking

New 5G protocol vulnerabilities allow location tracking

Security researchers have identified new vulnerabilities in the 5G protocol that could be abused to crash network segments and extract user data, such as location information.

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report.“The Hobby Lobby incident is the latest example of why we need to take public cloud threat vectors so seriously,” said Douglas Murray, CEO at Valtix, told Threatpost.

Clubhouse says it will improve security after researchers raise China spying concerns

Clubhouse says it will improve security after researchers raise China spying concerns

The company told SIO that it was going to roll out changes “to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers” and said it would hire an external security firm to review and validate the updates.

Biden Wants to Shut Down Credit Bureaus – What Would That Mean for You?

Biden Wants to Shut Down Credit Bureaus – What Would That Mean for You?

(To watch Roy’s track record, click here) Roy is broadly in line with the rest of Wall Street, which has assigned SWKS 13 Buy ratings and 7 Holds over the past three month -- and sees the stock growing about 15% over the next 12 months, to a target price of $205.69.

UK rules against the use of general warrants to hack into citizen’s devices

UK rules against the use of general warrants to hack into citizen’s devices

The United Kingdom (UK) High Court has ruled that the country’s security and intelligence agencies can no longer use “general warrants” as legal writ for property interference, aka hacking.

Eyes Everywhere: Amazon's Surveillance Infrastructure and Revitalizing Worker Power

Eyes Everywhere: Amazon's Surveillance Infrastructure and Revitalizing Worker Power

Open Markets Institute’s latest report, “Eyes Everywhere: Amazon's Surveillance Infrastructure and Revitalizing Worker Power,” illustrates the dangers of Amazon’s pervasive worker surveillance and the solutions that can be employed to stop that surveillance.

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

Private Internet Access Next Generation Network comes out of beta

Private Internet Access Next Generation Network comes out of beta

Private Internet Access users will soon be able to access our Next Generation network of hardened VPN servers – which will be exiting a recently announced beta .Private Internet Access releases Next Generation VPN servers with security and speed improvements.

Private Internet Access to expand network with 30 geo-located regions

Private Internet Access to expand network with 30 geo-located regions

These geo-located regions will still be bare metal VPN servers located in safe data centers under privacy-respecting regulations as is our standard for performance.In 2019 , Private Internet Access closed down its Brazilian exit gateways due to internet regulations in the region that could be used to attempt to force VPN servers to log.

Farewell from Cliqz

Farewell from Cliqz

People asked us over the last years how Cliqz could fail.And most of all, we failed to convince the political stakeholders, that Europe desperately needs an own independent digital infrastructure.Most of all, we did not fail creating an amazing and passionate team around Cliqz.

Vac - What Would a WeChat Replacement Need?

Vac - What Would a WeChat Replacement Need?

We want something that is self-sovereign, private, censorship-resistant and open that allows individuals and groups of people to communicate and transact freely.In order to get a lot of the features WeChat provides, we need the ability to do three things: communicate, store data, and transact with people.

China’s “New IP” proposal to replace TCP/IP has a built in “shut up command” for censorship

China’s “New IP” proposal to replace TCP/IP has a built in “shut up command” for censorship

In it, the Chinese government and its state controlled telecommunications service and hardware providers (i.e. Huawei) make the case that TCP/IP is broken and won’t scale for use in the future internet which will include things like holographs and space-terrestrial communications.

Britain Knows It’s Selling Out Its National Security to Huawei

Britain Knows It’s Selling Out Its National Security to Huawei

On Tuesday, much to the chagrin of the United States, the British government announced its decision to allow the Chinese telecommunications company Huawei involvement in the rollout of the country’s next-generation 5G mobile network that will run everything from self-driving cars and remote health services to industrial production.

Paris P2P Festival #0 - Paris P2P (& Cryptography)

Paris P2P Festival #0 - Paris P2P (& Cryptography)

My current project is a sort of phase-two of cjdns, building a blockchain called PKT in order to create a bandwidth market so that anyone capable of running fiber and pointing antennas can participate in building the infrastructure of the new internet.

Don’t Trust. Verify.

Don’t Trust. Verify.

We don’t want you to blindly trust us, so now you can verify.

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections.But to avoid having this technology deployment produce such a powerful centralizing effect, EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves.

Home Affairs pushes for cyber spy powers

Home Affairs pushes for cyber spy powers

The Department of Home Affairs is pushing ahead with moves to expand the powers of Australia’s cyber spy agency, the Australian Signals Directorate, to potentially embed ASD within the corporate computer systems that run the nation’s banks, telecommunications and other critical infrastructure.

Banning end-to-end encryption being considered by Trump team- 9to5Mac

Banning end-to-end encryption being considered by Trump team- 9to5Mac

Senior Trump administration officials met on Wednesday to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement can’t break — a provocative step that would reopen a long-running feud between federal authorities and Silicon Valley.

Report: Smart Transportation Systems Pose ‘Profound’ Privacy Risks

Report: Smart Transportation Systems Pose ‘Profound’ Privacy Risks

As Americans hand over more of their personal data to use public transportation systems, the government must do more to ensure their privacy is being protected, according to a recent report.

DHS warns of 'strong concerns' that Chinese-made drones are stealing data

DHS warns of 'strong concerns' that Chinese-made drones are stealing data

Washington (CNN) — Chinese-made drones may be sending sensitive flight data to their manufacturers in China, where it can be accessed by the government there, the US Department of Homeland Security warned in an alert issued Monday obtained by CNN.

Why 5G is a huge future threat to privacy

Why 5G is a huge future threat to privacy

The same news item includes details about the concerns of Christopher Krebs, director of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency: First, Krebs said, “the quality of the engineering is not great, and so there are a number of vulnerabilities that are left open on the box, so China and other capable actors – Russia, Iran, North Korea – could exploit the vulnerabilities”.

IARPA Needs More Training Data for Video Surveillance Algorithms

IARPA Needs More Training Data for Video Surveillance Algorithms

The training data would improve the tech’s ability to link together footage from a large network of security cameras, allowing it to better track and identify potential targets.

Microsoft Launches Decentralized Identity Tool on the Bitcoin Blockchain

Microsoft Launches Decentralized Identity Tool on the Bitcoin Blockchain

York Rhodes, a programme manager on Microsoft’s Blockchain Engineering Team, mentioned to CoinDesk that the Microsoft team has been working for a year on a key signing validation software founded on public networks like Bitcoin or Ethereum, and one that can handle a great number of throughput than the underlying Blockchain on which it is run.

How German and US authorities took down the owners of darknet drug emporium Wall Street Market

How German and US authorities took down the owners of darknet drug emporium Wall Street Market

The PGP public key for [WSM administrative account] ‘TheOne’ is the same as the PGP public key for another moniker on [another hidden service] Hansa Market, ‘dudebuy.’ As described below, a financial transaction connected to a virtual currency wallet used by FROST was linked to ‘dudebuy.’ [The BKA] located the PGP public key for ‘TheOne’ in the WSM database, referred to as ‘Public Key 1’.

The Customer Identity Infrastructure that Cruise Line Passengers Don’t See

The Customer Identity Infrastructure that Cruise Line Passengers Don’t See

The Customer Identity Infrastructure that Cruise Line Passengers Don’t See. Yash Rathi. Cruise lines are well-known for their innovation in creating enormous ships and fun stuff to do on them. But what travelers like me don’t see is the infrastructure that makes them possible: a customer identity solution.

Google and other tech giants are quietly buying up the most important part of the internet

Google and other tech giants are quietly buying up the most important part of the internet

And if you step back and just look at intracontinental cables, Google has fully financed a number of those already; it was one of the first companies to build a fully private submarine line.

Exploding sneakers are only one reason for passing IoT cyber-security regulations

Exploding sneakers are only one reason for passing IoT cyber-security regulations

Sometimes shipped with factory-set, hardcoded passwords and often unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack Hacker-created IoT botnets can direct enormous swarms of connected sensors like thermostats or sprinkler controllers to cause damaging and unpredictable spikes in infrastructure use, leading to things like power surges or reduced availability of critical infrastructure on a city or state-wide level.

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers.