Sign Up Now!

Sign up and get personalized intelligence briefing delivered daily.

Sign Up

Articles related to "security"

OnlyFans says it wasn’t hacked after hundreds of performers’ videos leak online

  • More than 1.6TB worth of videos and images from OnlyFans has been leaked online.
  • Steve Pym, OnlyFans’ marketing chief, said on Twitter that the company has “found no evidence of any breach of our systems” and that the leaked files appear to “be curated from multiple sources, including other social media applications.” The statement was first reported by Motherboard.
  • The leak contains photos and videos from hundreds of people, generally attributed to specific OnlyFans’ usernames.
  • Rather than a hack, the leak seems to be the result of OnlyFans customers acquiring the photos and videos individually, then sharing them with others and compiling them into a large file for free.
  • Because photos and videos can be taken from the site, it’s easy for them to be reshared elsewhere later, depriving the platform’s users of revenue.

save | comments | report | share on

Clearview AI's Facial Recognition Tech Is Being Used By The Justice Department, ICE, And The FBI

  • The United States’ main immigration enforcement agency, the Department of Justice, retailers including Best Buy and Macy’s, and a sovereign wealth fund in the United Arab Emirates are among the thousands of government entities and private businesses around the world listed as clients of the controversial facial recognition startup with a database of billions of photos scraped from social media and the web.
  • In a January interview with the New York Times, Ton-That said the company was working with 600 law enforcement agencies across the country and had provided the software, which can be used on a desktop computer or through a mobile app, to the FBI and Department of Homeland Security.
  • According to documents reviewed by BuzzFeed News, people associated with 2,228 law enforcement agencies, companies, and institutions have created accounts and collectively performed nearly 500,000 searches — all of them tracked and logged by the company.

save | comments | report | share on

Steven Seagal charged by Securities and Exchange Commission with failing to disclose payments

  • According to the SEC, Seagal failed to disclose he was promised $250,000 in cash and $750,000 worth of B2G tokens for his work.
  • The promotions came six months after the SEC's 2017 DAO Report warning that coins sold in ICOs may be securities.
  • In accordance with the anti-touting provisions of the federal securities laws, any celebrity or others who promotes a virtual token or coin that is a security must disclose the nature, scope, and amount of compensation received in exchange for the promotion.
  • The SEC's order found that Seagal violated the anti-touting provisions of the federal securities laws.
  • Without admitting or denying the SEC's findings, Seagal agreed to pay back $157,000, the amount he actually received, plus more than $16,000 in interest, and a fine of another $157,000, the government order says.

save | comments | report | share on

Steven Seagal settles with SEC over 2018 cryptocurrency promotion

  • Steven Seagal, best known for fighting off bad guys with roundhouse kicks in movies like Above the Law, has settled a case with the Securities and Exchange Commission over promoting a cryptocurrency on social media.
  • The action star will pay $314,000, and won’t be allowed to promote any security — digital or otherwise — for three years.
  • Seagal “failed to disclose he was promised $250,000 in cash and $750,000 worth of B2G tokens in exchange for his promotions,” which included posts plugging Bitcoiin2Gen and its initial coin offering in 2018, the SEC says.
  • Seagal’s promotion of the coin came a few months after the SEC issued a report that categorized ICOs as securities.
  • And Bitcoiin2Gen received a cease-and-desist order from the state of New Jersey in March 2018 for “fraudulently offering unregistered securities in violation of the Securities Law.” Seagal’s tenure as its brand ambassador ended later that month, Coindesk reported.

save | comments | report | share on

Pen testers mom breaks into a state prison and infects wardens computer

  • Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security.
  • She was confident, given that professional experience, that she could pose as a state health inspector to gain access to the prison.
  • A professional pen tester would be able to assess an organization's digital security in real time and plant back doors tailored to what they found on the specific network.
  • To help get her in the door, Black Hills made Rita a fake badge, a business card, and a "manager's" card with John's contact info on it.
  • The thumb drives would beacon back to her Black Hills colleagues and give them access to the prison's systems.
  • At the end of the "inspection," the prison director asked Rita to visit his office and suggest how the facility might improve its food service practices.

save | comments | report | share on

Trump defends huge cuts to the CDC’s budget by saying the government can hire more doctors ‘when we need them’ during crises

  • "When we need them, we can get them back very quickly." The president said that some of the experts targeted by the cuts "hadn't been used for many years," and that additional federal money and new medical staffers could be obtained swiftly since "we know all the good people." The remarks come amid warnings from CDC experts that the virus' spread in the US was "inevitable" and urged Americans to prepare.
  • Don Moynihan, a public management professor at Georgetown University, said in a tweet that "once you have gutted institutional capacity you cannot, in fact, quickly restore it." Appropriating federal money to the CDC would require a bill from Congress that passes both chambers and gets Trump's signature, said Bobby Kogan, the chief mathematician for the Senate Budget Committee.

save | comments | report | share on

Facial recognition company Clearview’s client list stolen by “intruder”

  • Clearview AI, which contracts with law enforcement after reportedly scraping 3 billion images from the web, now says someone got “unauthorized access” to its list of customers.
  • A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.
  • In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.
  • It also created a resource that drew the attention of hundreds of law-enforcement agencies, including the FBI and the Department of Homeland Security, according to that report.

save | comments | report | share on

#todayilearnedBefore You CTF (Capture the Flag), Get Your Environment Ready

  • But to address this task, you'll need to have a means of writing the code best suited to your development style, whether that's using an IDE, text editor, or the command console.
  • Another option is to install all the software/program you think you'll need locally to your existing dev environment.
  • Sometimes you'll need code more than software, but most beginner-friendly CTFs will make clues available by opening files in software programs.
  • During CTFs, this can be useful for identifying whether it's a stream capture, which can then be examined in Wireshark, or whether it's a document, image, audio file, etc.
  • You'll likely need to examine network traffic and extract files from the stream for further analysis.
  • You'll likely need to use Python to write some basic scripts or programs to handle input/output.

save | comments | report | share on

The case against smart baby tech

  • The popular iBaby family of internet-connected cameras recently joined this club when a cybersecurity company found vulnerabilities in its M6S model.
  • Bitdefender, the aforementioned security company, just released the results of its research on the iBaby device as part of its partnership with PCMag. The report details several ways potential hackers can remotely access iBaby’s monitors.
  • However, when Bitdefender notified iBaby that its M6S smart baby monitor contained potential vulnerabilities that give hackers access to baby videos, its response was a whole lot of nothing.
  • While this data can be an attractive selling point for new parents, some experts doubt that super-smart baby devices are necessary, and there’s not currently any scientific evidence that suggests otherwise.
  • That depends on what makes you more nervous: not being able to see your baby at all times or owning an internet-connected video camera that could malfunction or, in rare instances, give a random hacker access to your home.

save | comments | report | share on

DOJ plans to strike against encryption while the Techlash iron is hot

  • I explained last month that the techlash has now gained enough momentum that law enforcement may have a fighting chance of getting its anti-encryption wish, under the guise of protecting children, in the form of a terrible bill called the EARN IT Act. That bill doesn’t look much like Australia’s Assistance and Access Act or the UK’s IP Act -- in fact it doesn’t mention the word “encryption” at all -- but right now it’s the lead contender for the DOJ to get an “encryption-limiting law” passed in the U.S. Exploiting the techlash is a strategy I’ve been calling law enforcement out for since October 2017.
  • (Never mind that it won’t work out the way he thinks.) In a Congress already dithering over passing a federal privacy law, the child safety rationale may prevail, at the expense of the many interests that encryption protects -- privacy not least among them.

save | comments | report | share on