Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States. Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

Friday Squid Blogging: Human Cells with Squid-Like Transparency

I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

Zoom Removes Data-Mining LinkedIn Feature

Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service used for sales prospecting. When users enter a web conference meeting,...

Emergency Surveillance During COVID-19 Crisis

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With th...

ACLU Sues Over U.S. Airport Facial-Recognition Technology

The American Civil Liberties Union ACLU has filed suit the Department of Homeland Security DHS over its use of facial recognition technology in airports, decrying the government’s “extraordinarily dangerous path” to normalize facial surveillance as well as its secrecy in making specific details o...

ACLU Sues Over U.S. Airport Facial-Recognition Technology

The American Civil Liberties Union ACLU has filed suit the Department of Homeland Security DHS over its use of facial recognition technology in airports, decrying the government’s “extraordinarily dangerous path” to normalize facial surveillance as well as its secrecy in making specific details o...

Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

Download: Definitive 'IR Management and Reporting' Presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

New Bill Proposes NSA Surveillance Reforms

A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency NSA to vacuum up the call records of millions of Americans. The “Safeguarding Americans’ Private Records Act” was...

Access Misconfiguration for Customer Support Database

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be...

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack...

TikTok's First Transparency Report Doesn't Tell the Full Story

The app says it didn’t receive any requests for user information from China during the first half of 2019. That might not reassure skeptics...

Making Container Deployment and Analysis Self-Service for Development

Team Riptide was tasked with creating an environment for our developers that removes operational burdens. We wanted to provide them with infrastructure, best practices, automation, and self-service tooling so that they could focus on innovation. The result is an internal system we call “Mosaic,”...

TikTok Banned By U.S. Army Over China Security Concerns

With backlash swelling around TikTok’s relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. TikTok, a social media app used to create and share short form videos, is owned by Beijing-based parent...

Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. What Findomain can do? It table gives you a idea why you should use findomain and what it can do for you. The domain used for the test was aol.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure...

CVE-2019-8512

CVE-2019-8512 concerns iOS (Exchange ActiveSync) where a user may inadvertently permit an enterprise administrator to remotely wipe their device without proper disclosure. The issue is described as fixed in iOS 12.2; remediation is to update to iOS 12.2 or later. The publicly documented impact is...