article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains.

article thumbnail

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Surveillance Used by a Drug Cartel

Schneier on Security

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report.

article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 323
article thumbnail

Ubuntu Disables Spectre/Meltdown Protections

Schneier on Security

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off.

Malware 261
article thumbnail

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

Passive DNS records from DomainTools.com show that between 2016 and 2018 the domain was connected to an Internet server in Germany, and that the domain was left to expire in 2018. The Russian search giant Yandex reports this user account belongs to an “Ivan I.” ” from Moscow. ne ” instead of “ awsdns-06.net.”

DNS 363
article thumbnail

NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue

Security Boulevard

NIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws.