Top 10 Stories

From 2007 through 2015, the US Transportation Security Administration (TSA) spent $1.5 billion trying to identify potentially dangerous travelers by observing their behavior through an ongoing program called SPOT. SPOT stands for "screening of passengers by observation techniques." And according to the TSA's own documents, obtained through a lawsuit filed by the American Civil Liberties Union (ACLU), the techniques employed by the agency to detect untrustworthy travelers are unscientific and unreliable.  View full story ORIGINAL SOURCE:...

Security researchers have stumbled upon a Windows Trojan that hackers are using to help with the distribution of the infamous Mirai Linux malware, used to infect IoT devices and carry out massive DDoS attacks. The Mirai malware was initially developed in late 2015 and early 2016, and only became a massive threat in the summer and autumn of 2016, when it spread to hundreds of thousands of routers and DVRs (deployed with smart cameras and...

An unknown actor whose targets and tactics resemble those of a Russian advanced persistent threat group has been compromising the websites of foreign embassies, ministries and organisations, in an attempt to infect certain site visitors with malware. According to a Tuesday blog post by Forcepoint, whose threat intelligence feeds uncovered the threat, the mysterious campaign is reminiscent of the Turla group, a Russian APT that notably infected US Central Command in 2008. View full story ORIGINAL SOURCE: SC magazine

There's a new branded bug in town, but thankfully it only hurts kit made by F5 Networks. “Ticketbleed” (so named for a similarity to the notorious 2014 Heartbleed) is specific to F5's Big-IP appliances and can strike when virtual servers running on those boxes are configured with a Client SSL profile that has the non-default Session Tickets option. View full story ORIGINAL SOURCE: The Register

HackerOne has announced that it managed to attract $40 million in Series C financing and it is now planning to use the cash to grow the platform even more. HackerOne is a bug bounty platform that’s used by thousands of companies across the world that are looking for researchers that can responsibly look for security flaws in exchange for cash rewards and credit. There are over 100,000 hackers working with HackerOne at this moment. View...

On Monday, the US House of Representatives – normally a body that can't agree on anything – voted unanimously to pass the Email Privacy Act (HR 387). The new legislation amends the 1986 Electronic Communications Privacy Act (ECPA), which states that Americans' emails that are unread or stored for more than 180 days can be requested and read by US law enforcement without a warrant. The new legislation insists the Feds go to a judge and get...

Seventy-six popular apps in the Apple App Store are vulnerable to silent interception of TLS-protected data due to a poor implementation of the cryptographic protocol. According to researcher Will Strafach, who wrote on Medium, the apps are vulnerable to man-in-the-middle attacks. Data that is normally protected by Transport Layer Security can now be read or manipulated before it is forwarded to the company’s servers. View full story ORIGINAL SOURCE: Softpedia

London-based payment processing firm GoCardless is warning customers that their personal information might have been exposed following the theft of 19 laptops from its offices last month. The "password protected" (not encrypted) laptops contained a file with customer personal data including email address, passport number, date of birth, and name. Leak of the data into the wrong hands might lead onto follow-up phishing scams or other potential malfeasance, such as identity theft. Payment data was...

Austria’s parliament blamed a Turkish Islamist hacker group for a cyber attack that took down the institution’s website for 20 minutes this past weekend. The Aslan Neferler Tim (ANT) group, also known as the Lion Soldiers Team, claimed the attack, says the parliamentary spokesperson, as reported by Reuters. The group’s website says it is a defender of the homeland, Islam, the nation and flag, although no political links are made. View full story ORIGINAL SOURCE: Softpedia

A hacker has reportedly leaked 1.3 million accounts from staffing platform Elance onto an underground hacking forum. The leaked database also allegedly contains hundreds of thousands of Yahoo and Gmail accounts. According to Yogev Mizrahi of data breach notification website Hacked-DB, the hack in which information of over 1 million registered users was stolen happened in 2009. However, the data has surfaced only now, 8 years after the data breach, HackRead reported. View full story ORIGINAL SOURCE:...