image
By Waqas Quora hacked – Change your password now. Another day, another data breach – This time Quora, a question-and-answer website, has suffered a massive data breach in which personal data of 100 million registered users has been stolen, the company said on Tuesday, December 4th. In a blog post, Quora's Chief Executive Adam D’Angelo explained that the […] This is a post from HackRead.com Read the original post: Quora hacked: Personal data of 100 million users stolen

Source

It is no secret how miserably Microsoft's 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements.

According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project codename “Anaheim” internally, that will replace Edge on Windows 10

Source

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users.

Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its

Source

image
By Waqas Sotheby's, an American multinational corporation and Auction House has become another victim of Magecart attack after hackers gained access to Sotheby's home website and inserted a card-skimming code aiming at customers’ credit card and banking data. Although Sotheby's detected the intrusion on 10th October 2018 the malware was present on its website and stealing personal and financial data of […] This is a post from HackRead.com Read the original post: Malware since 2017: Auction giant Sotheby's Home hit by Magecart attack

Source

The lawsuit alleges that NSO Group violated international law by allowing Pegasus to be used by oppressive regimes to hunt dissidents and journalists.

Source

image
By Uzair Amir Misconfigured ElasticSearch Servers Exposed Private Data of over 82 Million Users. A warning has been issued by Bob Diachenko, a HackenProof security researcher informing users in the US that around 73 gigabytes of data is identified in a “regular security audit” of publicly accessible servers on the Shodan IoT search engine. According to the researcher, […] This is a post from HackRead.com Read the original post: Private data of more than 82 million US citizens left exposed

Source

image
The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he'd just purchased as a surprise gift for his girlfriend. Dallas-based Web developer Brandon Sheehy discovered that slightly modifying the link in the confirmation email he received and pasting that into a Web browser revealed another customer's order, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer's credit card number. Sheehy said after discovering the weakness, his mind quickly turned to the various ways that crooks might exploit it. “My first thought was they could track a package of jewelry to someone's door and swipe it off their doorstep,” he said. “My second thought was that someone could call Jared's customers and pretend to be Jared, reading the last four digits of the customer's card and saying there'd been a problem with the order, and if they could get a different card for the customer they could run it right away and get the order out quickly. That would be a pretty convincing scam. Or just targeted phishing attacks.” Concerned that his own information was similarly exposed, Sheehy contacted Jared parent company Signet Jewelers and asked them to fix the data exposure. When several weeks passed and Sheehy could still view his information and that of other Jared customers, he reached out to KrebsOnSecurity. Scott Lancaster, chief information security officer at Signet, said the company did fix the problem for all future orders shortly after receiving a customer's complaint. But Lancaster said Signet neglected to remedy the data exposure for all past orders until contacted by KrebsOnSecurity. “When a customer first brought this matter to our attention in early November, we fixed it for all new orders going forward,” Lancaster said. “But we didn't notice at the time that this applied to all past orders as well as future orders.” Lancaster said the problem affected only orders made online through jared.com and kay.com, and that the weakness was not present on the sites of the company's other jewelry brands, such as Zales and Piercing Pagoda. Data exposures like these are some of the most common yet preventable for online retailers. In July, identity theft protection service LifeLock corrected an information disclosure flaw that exposed the email address of millions of subscribers. And in April 2018, PaneraBread.com remedied a weakness exposing millions of customer names, email and physical addresses, birthdays and partial credit card numbers. Sheehy said he's glad Signet has fully fixed the bug, but said he was annoyed that it seems like many companies fail to address or even acknowledge such failures unless and until they're confronted by the news media. “Being a Web developer, the only thing I can chalk this up to is complete incompetence, and being very lazy and indifferent to your customers' data,” he said. “This isn't novel stuff, it's basic Web site security.” Dec. 11, 10:37 a.m.: Corrected Sheehy's title.

Source

In this Newsmaker Interview, ‘breach hunter’ Chris Vickery explores a recent spate of breaches from Marriott, USPS and Dell EMC.

Source