Gootloader inside out

TechCrunch recently did its annual write-up of badly handled data security incidents.  The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. “IoT products can be susceptible to a range of security vulnerabilities,” the U.S. Federal Communications Commission (FCC) said. “Under this program, qualifying consumer smart products that meet robust cybersecurity standards will…

Zack Whittaker reports: GPS tracking firm Hapn exposed the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen….

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that’s designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. “A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications,” Silverfort researcher Dor Segal said in a

Italy’s data protection watchdog fined OpenAI 15 million euros ($15.6 million) after wrapping up a probe into collection of personal data. The post Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data appeared first on SecurityWeek.

A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes. The post Google OAuth Flaw Leads to Account Takeover When Domain Ownership Changes appeared first on SecurityWeek.