Data loss

(get it in RSS or Atom)

Monday review - the hot 22 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Remote access breach via POS system sparks yet more consumer data leak fears

Remote access breach via POS system sparks yet more consumer data leak fears

A US supplier of point-of-sale (POS) equipment has informed its clients of a security breach in the remote access system it uses to log into clients' networks, meaning hackers could have used the system to steal payment data.

EFF sues NSA over hoarding of zero days

nsa-250

Wouldn't it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers.

Supreme Court refuses to drag Google out of its Street View privacy wreckage

Supreme Court won't drag Google out of its Street View privacy wreckage

Google's planning to slurp up ever more data, from wearables, fitness apps and more. It sure would be nice for Google if the Street View fiasco would fade away and stop reminding people of how they snooped on data and then lied about it, but the Supreme Court isn't disposed to helping it out on this one.

Canadian spam, New York taxis and Brazilian passwords - 60 Sec Security [VIDEO]

60ss-video-250

Canada goes "opt in", NYC makes a hash, and Brazil forgets its punctuation.

It's 60 Second Security for 28 June 2014!

Is that Google Glass wearer stealing your iPad passcode?

Tablet. Image courtesy of Shutterstock.

What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung's smartwatch and from almost 150 away using a HD camcorder, thanks to researchers' custom-coded, shadow-tracking recognition algorithm.

37% of Canadian Justice Department fail phishing awareness test

37% of Canadian Justice Department fail phishing awareness test

An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams.

Cupid Media "breached Privacy act" after storing users' passwords in plain text

Heart. Image courtesy of Shutterstock.

The Australian Privacy Commissioner has ruled that Cupid Media Pty Ltd breached the Privacy Act following a data breach which saw over 40 million customer records exposed.

Carwash POS systems hacked, credit card data drained

Carwash POS systems hacked, credit card data drained

Police in the US state of Massachusetts have busted what they say is a gang of thieves who were buying stolen credit cards and using them to buy gift cards that were then sometimes exhausted of their balance, washed clean of data and reloaded with more stolen credit card data.

'Yo' app hacked by college students, hires one of the hackers

'Yo' app hacked by college students

A Georgia Tech student claims he and two roommates were able to get any user's phone number, that they texted the founder (who, he said, called him back), to spam any user, and to send any text they want. Now it looks like one of them will be working for the company.

Privacy and iOS 8, USMS blunder and Cryptowall ransomware - 60 Sec Security [VIDEO]

60ss-video-250

One minute of fun with a serious side...

60 Second Security - 21 June 2014

Email gaffe unmasks 'anonymous' bidders in Bitcoin auction

Possible Bitcoin bidders outed by US government's "reply all" glitch

Somebody at the US Marshals Service goofed, cc'ing a list of 40 people who'd written to inquire about what was supposed to be an anonymous auction of the Bitcoins seized in the Fed's raid on Silk Road.

SSCC 152 - PF Chang's, TrueCrypt (still!), the Twitter worm and the cost of scammers [PODCAST]

chet-chat-logo-featured-250

Sophos security experts Chester Wisniewski and Paul Ducklin turn their attention on the week's security news.

As usual, they extract plenty of useful lessons during their insightful dissection of the latest issues...

Domino's Pizza hacked, customer database held to ransom

Domino's Pizza database stolen, passwords and toppings held for ransom

Hacker group, Rex Mundi, who claim to have cracked a Domino's Pizza database say they have stolen the details of more than 650,000 dough-loving customers. It says the data will be released later today if the pizza chain fails to pay a ransom of €30,000.

Google's after your health data with 'Google Fit' service

Dumbbells. Image courtesy of Shutterstock

Google's reportedly about to jump into the growing fitness data marketplace - a mosh pit that consumer advocates are already calling a privacy nightmare - to wrestle with Apple and Samsung for the data getting created by fitness trackers and health-related apps.

SSCC 151 - Measuring vulns, Apple and Wi-Fi privacy, Android ransomware and more [PODCAST]

sscc-151-250

It's our weekly security pocast!

Chester Wisniewski and Paul Ducklin dig into the latest security news for lessons we can all learn...

P.F. Chang's investigates possible credit card breach

PF Changs

Restaurant chain P.F. Chang's China Bistro says it is investigating claims of a data breach which may have led to debit and credit card details being posted on an underground forum.

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...

Latest OpenSSL flaws can lead to information leakage, code execution and DoS

Only two months after the Heartbleed vulnerability in OpenSSL captured global headlines we have another critical update for OpenSSL fixing 6 new flaws.

Naked Security now available in HTTPS

Padlock

You can now browse your favourite computer security news website and make it more difficult for the NSA to spy on you at the same time!