A new Snowden leak a few days ago revealed that the NSA and GCHQ conducted a complex hack operationÂ that focused on obtaining the secure encryption keys that protect mobile communications in devices with SIM cards. A subsequent report revealed that the goal of spy agencies might have been a lot bigger, as they may have been hunting for other security keys that would letÂ them deploy spyware on any mobile device with a SIM card inside, and users would have no idea that anything had happened. FROM EARLIER: Gemalto confirms hack, but denies massive SIM keys theft Gemalto acknowledged the hack, but downplayed it, saying it couldn't have resulted in a mass-theft of SIM card keys. The company also said that
Mozilla patched multiple critical security vulnerabilities in the latest version of its Firefox browser.
By Paul Carsten BEIJING (Reuters) - China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance. Others put the shift down to a protectionist impulse to shield China's domestic technology industry from competition. The lists cover smaller-scale direct purchases of technology equipment, and central government bodies can only buy items not on the list as part of a competitive tender process. Chief casualty was U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but had none left by late 2014, a Reuters analysis of official data shows.
The car service says a database was breached in May 2014 by an unauthorized third party.
Cybercriminals have been hijacking the Internet connections of users in Brazil by modifying Domain Name System (DNS) settings in their routers, researchers at Proofpoint reported on Thursday.
7 hours ago Security Assumptions and the Real WorldIT Toolbox Blogs View Synopsis+1
Seeing a locked gate or door is not enough to accept safety. All of us must begin asking questions, looking beyond what we want to see: controls that make us feel safe: like a properly configured firewall that does nothing to stop the implementation of advanced malware?
Breach was discovered last year, database was accessed in May.
22 hours ago Congress Averts DHS Partial ShutdownInfoRiskToday View Synopsis+1
Lamakers Fund the Department for Seven DaysCongress, at the 11th hour, passed a bill to fund the Department of Homeland Security for the next seven days, averting for now a partial shutdown that would have curtailed some cybersecurity programs.
20 hours ago Uber Suffers Data Breach Affecting 50,000Forbes View Synopsis+1
On Friday February 27th the popular car service, Uber, made it known that they had suffered a data breach on May 13th 2014. The breach itself wasn't discovered until September 17, 2014 and the notification only went out just a few hours ago. I'm fairly certain that it is Friday [...]
A collection of notable security news items for the week ending February 27, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
When crypto researchers set out to discover the best way to undermine encryption software, they did so believing it would help them eradicate backdoors in the future. Here's what they found.
The post How To Sabotage Encryption Software (And Not Get Caught) appeared first on WIRED.
A Debian initiative for reproducible builds sheds light on the least transparent part of the open source development process. Find out what's been completed in this security project.
The US Federal Communications Commission (FCC) has passed net neutrality rules, which include reclassifying broadband as a telecommunications service; prohibiting broadband providers from throttling or speeding up connections for a fee; and prohibiting providers from making paid prioritization deals.......
1 day ago <i>Data and Goliath</i> Book TourSchneier blog View Synopsis+1
Over the next two weeks, I am speaking about my new book -- Data and Goliath, if you've missed it -- in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello.
5 hours ago Selecting Reliable Disk SystemsIT Toolbox Blogs View Synopsis+1
Over the last few years disk drives have become more reliable. Still, they do occasionally fail, and you need to be prepared for that eventuality. You have numerous choices of interfaces, drive capacities and fault-tolerant configurations. W...
8 hours ago TalkTalk 'fesses up to MEGA data breachThe Register View Synopsis+1
Noticed an increase in scamming late last year
TalkTalk has admitted to a major breach of sensitive user information, which may have led to some customers handing over bank data to hackers.