article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 271
article thumbnail

Windows Smart App Control, SmartScreen bypass exploited since 2018

Bleeping Computer

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [.]

122
122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

” Western Digital’s brief advisory includes a link to an entry in the National Vulnerability Database for CVE-2018-18472. Examine the CVE attached to this flaw and you’ll notice it was issued in 2018. We are actively investigating the issue and will provide an updated advisory when we have more information.”

Internet 330
article thumbnail

Welcoming the Romanian Government to Have I Been Pwned

Troy Hunt

You can read more about government access in the initial post from 2018. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

article thumbnail

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

Schneier on Security

The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and ­ if known ­ the attacker’s identity.

article thumbnail

De-anonymization Story

Schneier on Security

Carriers were caught in 2018 selling real-time location data to brokers , drawing the ire of Congress. The Pillar says it obtained 24 months’ worth of “commercially available records of app signal data” covering portions of 2018, 2019, and 2020, which included records of Grindr usage and locations where the app was used.

Mobile 360
article thumbnail

Welcoming the German Government to Have I Been Pwned

Troy Hunt

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department.