Spotify resets some account passwords citing ‘suspicious activity’

Music streaming giant Spotify has notified an unspecified number of users that the company has reset their account password, but has left dozens of users asking why. In an email, some Spotify users were told their password was reset “due to detected suspicious activity,” but gave no further details. Anyone else getting emails from Spotify […]

Continue Reading →

Google says some G Suite user passwords were stored in plaintext since 2005

Google says a small number of its enterprise customers mistakenly had their passwords stored on its systems in plaintext. The search giant disclosed the exposure Tuesday but declined to say exactly how many enterprise customers were affected. “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our […]

Continue Reading →

Identity platform Auth0 raises $103M, pushing its valuation over $1B

Auth0, a 2013-founded identity and authentication platform, has pushed into unicorn territory with a $1 billion valuation after raising $103 million in its latest Series E round. The round was led by Sapphire Ventures, with participation from K9 Ventures, Telstra Ventures and several others. In all, Auth0 total funding tops $210 million to date. Auth0 […]

Continue Reading →

Google recalls its Bluetooth Titan Security Keys because of a security bug

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says that the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty […]

Continue Reading →

‘Unhackable’ encrypted flash drive eyeDisk is, as it happens, hackable

In security, nothing is “unhackable.” When it’s claimed, security researchers see nothing more than a challenge. Enter the latest findings from Pen Test Partners, a U.K.-based cybersecurity firm. Their latest project was ripping apart the “unhackable” eyeDisk, an allegedly secure USB flash drive that uses iris recognition to unlock and decrypt the device. eyeDisk raised […]

Continue Reading →

Flaws in a popular GPS tracker leak real-time locations and can remotely activate its microphone

A popular GPS tracker — used as a panic alarm for elderly patients, to monitor kids, and track vehicles — contains security flaws, which security researchers say are so severe the device should be recalled. The Chinese manufactured white-label location tracker, rebranded and sold by over a dozen companies — including Pebbell by HoIP Telecom, […]

Continue Reading →

Hundreds of Orpak gas station systems can be easily hacked, thanks to hardcoded passwords

Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10. Orpak’s SiteOmat systems monitor the amount of fuel stored […]

Continue Reading →

Why your CSO, not your CMO, should pitch your security startup

Whenever a security startup lands on my desk, I have one question: Who’s the chief security officer (CSO) and when can I get time with them? Having a chief security officer is as relevant today as a chief marketing officer (CMO) or chief re boss. Just as you need to make sure your offering looks […]

Continue Reading →

Asus was warned of hacking dangers months ago, thanks to leaky passwords

A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network. One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share […]

Continue Reading →