Archive

Archive for August 12, 2019

¡Ya no más contraseñas! Ahora Google permitirá loguearte con el sensor de huellas

August 12, 2019 Leave a comment
Categories: Internet Tags: , ,

DEF CON Voting Village: It’s About ‘Risk’

August 12, 2019 Leave a comment

DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process.

from Dark Reading: https://ift.tt/2OVIZK6
via IFTTT

LG patenta un móvil con doble pantalla plegable y dos sensores fotográficos

August 12, 2019 Leave a comment
Categories: Internet Tags: , ,

Verizon Sells Tumblr, Still No Porn Though

August 12, 2019 Leave a comment


Verizon Sells Tumblr, Still No Porn Though
Once hailed as the next social media unicorn, Tumblr sold to Yahoo for an astonishing $1.1 billion in 2013. This week, it is being reported that the company sold for much, much less than that to Automattic, the company that owns WordPress.

August 12, 2019 at 06:03PM
via Digg https://ift.tt/2ySfrSK

Categories: Internet Tags: , ,

Researchers Show How SQLite Can Be Modified to Attack Apps

August 12, 2019 Leave a comment

New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.

from Dark Reading: https://ift.tt/33yMyJF
via IFTTT

Security Flaws Discovered in 40 Microsoft-Certified Device Drivers

August 12, 2019 Leave a comment

Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system.

from Dark Reading: https://ift.tt/2YO5Xri
via IFTTT

SEC Investigating Data Leak at First American Financial Corp.

August 12, 2019 Leave a comment

The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.

First American Financial Corp.

In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.-based First American [NYSE:FAFexposed some 885 million documents related to real estate closings over the past 16 years, including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images. No authentication was required to view the documents.

The initial tip on that story came from Ben Shoval, a real estate developer based in Seattle. Shoval said he recently received a letter from the SEC’s enforcement division which stated the agency was investigating the data exposure to determine if First American had violated federal securities laws.

In its letter, the SEC asked Shoval to preserve and share any documents or evidence he had related to the data exposure.

“This investigation is a non-public, fact-finding inquiry,” the letter explained. “The investigation does not mean that we have concluded that anyone has violated the law.”

The SEC did not respond to requests for comment.

Word of the SEC investigation comes weeks after regulators in New York said they were investigating the company in what could turn out to be the first test of the state’s strict new cybersecurity regulation, which requires financial companies to periodically audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. First American also is now the target of a class action lawsuit that alleges it “failed to implement even rudimentary security measures.”

First American has issued a series of statements over the past few months that seem to downplay the severity of the data exposure, which the company said was the result of a “design defect” in its Web site.

On June 18, First American said a review of system logs by an outside forensic firm, “based on guidance from the company, identified 484 files that likely were accessed by individuals without authorization. The company has reviewed 211 of these files to date and determined that only 14 (or 6.6%) of those files contain non-public personal information. The company is in the process of notifying the affected consumers and will offer them complimentary credit monitoring services.”

In a statement on July 16, First American said its now-completed investigation identified just 32 consumers whose non-public personal information likely was accessed without authorization.

“These 32 consumers have been notified and offered complimentary credit monitoring services,” the company said.

First American has not responded to questions about how long this “design defect” persisted on its site, how far back it maintained access logs, or how far back in those access logs the company’s review extended.

from Krebs on Security https://ift.tt/2ZX67ch
via IFTTT