PINDROP BLOG

Category: Privacy

May 16, 2017
DocuSign Says Breach Led to Phishing Campaign
A recent compromise of a system at DocuSign, the electronic document signing vendor, led to a phishing campaign that’s hitting some of the company’s customers right now. Officials at DocuSign said they had noticed an increase in phishing emails to some customers and users in recent days and began investigating whether the company’s eSignature service…
Read More →
April 28, 2017
Chrome Will Label More HTTP Pages Insecure
Google is continuing its assault on the unencrypted web, with a change coming to Chrome later this year that will mark any HTTP page on which a user enters data as “not secure”. In January, Google released Chrome 56, the first version of the browser that included a warning for pages that send confidential data…
Read More →
April 24, 2017
Google Patches Unicode Domain Phishing Bug in Chrome
Google has patched a dangerous issue in Chrome that enabled attackers to spoof legitimate domains in the browser by using unicode characters rather than normal ones. That vulnerability is the result of the way that Chrome handles some unicode characters and it’s not necessarily a new issue. Security experts have known about the underlying problem…
Read More →
April 10, 2017
Senate Bill Seeks to Reinstate Broadband Privacy Rule
Now that President Trump has signed into law legislation that eliminates an FCC rule that prevented broadband providers from selling users’ private information, some members of Congress have introduced a new bill that would restore the rule. Sen. Ed Markey (D-Mass.) has drafted the bill and introduced it in the Senate in the hopes of…
Read More →
March 29, 2017
Users Face Uncertain Future After Rollback of Broadband Privacy Rule
The House of Representatives on Tuesday to repeal a set of landmark privacy protections for Internet users, issuing a total rebuke of Internet policies enacted under the Obama administration. Privacy advocates had worked frantically to urge voters to contact their representatives about the resolution, which allows broadband providers to sell customers’ data without prior consent. The…
Read More →
March 28, 2017
Congress Asks FCC for Urgent Action on Mobile Security
Congressional leaders are continuing to pressure federal agencies to address shortcomings in the security of the telecommunications infrastructure, specifically to warn consumers about weaknesses that can open them up to remote surveillance. In a letter sent Tuesday, Rep. Ted Lieu and Sen. Ron Wyden asked FCC Chairman Ajit Pai to take “swift action” to resolve…
Read More →
March 23, 2017
Critical Vulnerabilities Found in LastPass Extensions
For the second time in a few months, LastPass had to address serious security flaws in its password manager browser extensions, this time in both Google Chrome and Mozilla Firefox. The two new vulnerabilities, one involving a website connector bug and the other being a Firefox based message hijacking bug, were discovered by Tavis Ormandy,…
Read More →
March 20, 2017
Trump Administration Hopes to Have Cybersecurity Strategy Done Soon
A top Trump administration information security official said the White House hopes to have a national strategy for cybersecurity completed in the next two months, with a view toward having it implemented within two years. The new administration has circulated a draft of an executive order related to cybersecurity, but hasn’t said much more publicly…
Read More →
March 17, 2017
US-CERT Warns of Security Impact of SSL Interception
The Department of Homeland Security’s US-CERT group has issued an advisory warning enterprises that many security appliances that perform HTTPS inspection through a man-in-the-middle position don’t correctly verify certificate chains before forwarding traffic, weakening the security benefits of TLS in the process. The advisory comes after a recent paper by security researchers from Google, Mozilla, Cloudflare,…
Read More →
March 16, 2017
Congress Pushes DHS For Answers on SS7 Security
A year after flaws in SS7, one of the underlying protocols in the cell network came to the public’s attention, two powerful members of Congress are asking the secretary of Homeland Security how DHS has addressed the threat and whether the department has sufficient resources to detect and defeat SS7-related attacks. The flaws in SS7, a…
Read More →