Articles for March 2017

Exclusive: The database contains more than 33 million records from government departments and large corporate clients which get sold onto marketers.

NEW YORK — Millions of records from a commercial corporate database have been leaked.

The database, about 52 gigabytes in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population.

Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million.

The purchased database contains dozens of fields, some including personal information such as names, job titles and functions, work email addresses, and phone numbers.

Source: Millions of records leaked from huge US corporate database | ZDNet

There are many Mac security myths circulating among users. So how can you tell if the advice you’re reading is fact or fallacy? Read on to find out!

Source: Mac security facts and fallacies – Malwarebytes Labs

Researchers say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities.

Source: An insecure mess: How flawed JavaScript is turning web into a hacker’s playground | ZDNet

There’s still plenty more phish in the sea, as workers can’t stop clicking on scam emails. Would these ones trick you?

Source: Phishing: Would you fall for one of these scam emails? | ZDNet

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.

It dubbed the first release as Vault 7.

Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA).

According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on.

Source: 10 Things You Need To Know About ‘Wikileaks CIA Leak’

A father was fined €956 after a German judge said that warning his 11-year-old son not to download anything online wasn’t explicit enough about online piracy. In fact, it was “negligent”, the court said.

According to Torrent Freak, the 11-year-old boy downloaded an audio book.

His father was away from home at the time of the copyright infringement. But his wife and son were at home, and as the case wound its way through a Leipzig court, it became clear that the boy was the pirate. But in a verdict that Torrent Freak dubbed “rather unique,” the court opted to hold the kid’s dad responsible.

Source: Dad ruled liable and fined for his son’s illegal download – Naked Security

Documents published on Tuesday by WikiLeaks claim to be evidence that the “CIA lost control of the majority of its hacking arsenal.”

According to the WikiLeaks files, it appears that the CIA has teams specifically dedicated to breaking into Apple products, including iOS, the software that runs on iPhones and iPads, and even Apple’s line of routers, AirPort.

The WikiLeaks files suggest that the CIA may have access to undiscovered and unreported bugs, or exploits, in iOS, the iPhone operating system.

“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said in a statement.

Source: Apple responds to the WikiLeaks files that suggested the CIA hacked iPhones

Everything you need to know about ransomware: how it started, why it’s booming, how to protect against it, and what to do if your PC’s infected.

Source: Ransomware: An executive guide to one of the biggest menaces on the web | ZDNet

What do you do if you’re violating local government regulations and you know the local authorities are looking for you? Maybe you lay low. But if you’re Uber, you supercharge everyday “hiding” with an integrated assemblage of industrial-strength code, data analytics and whatever creative low-tech methods you can conjure up. So the New York Times reports, and Uber admits.

According to the Times, Uber unleashed its Greyball program “to identify and circumvent officials who were trying to clamp down on the ride-hailing service. Uber used these methods to evade the authorities in cities like Boston, Paris and Las Vegas, and in countries like Australia, China and South Korea.” In some locations, says the NYT, Uber’s services were currently being “resisted by law enforcement”.

In other locations, such as Portland, Oregon, local government was taking the position that the low-cost UberX service is illegal – a claim that Uber vigorously disagreed with and chose to disregard.

Source: Uber under fire for ‘Greyball’ program used to dodge enforcement officials – Naked Security

Get ready everyone… there will be a new wave of Ransomware coming around the corner soon!

Ransomware operation provides malicious software in exchange for a slice of successful scores.

Source: New dark web scheme lets wannabe cybercriminals get in on ransomware – for free | ZDNet