Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month

To protect query privacy, browser maker will run everything through Cloudflare

On Friday, Mozilla said it plans to implement the DNS-over-HTTPS (DoH) protocol by default in its Firefox browser, with a slow rollout starting in late September.

Under development since 2017, DoH transfers domain-name queries – which try to match domain names with server IP addresses – over a secure, encrypted HTTPS connection to a DNS server, rather than via an unprotected, unencrypted bog-standard DNS connection.

Complete Article on The Register

If Uncle Sam could quit using insecure .zip files to swap info across the ‘net, that would be great, says Silicon Ron Wyden

Influential US Senator Ron Wyden (D-OR) is not happy about Uncle Sam’s employees using insecure .zip files and other archive formats to electronically transfer information.

The Oregon Democrat today sent a letter [PDF] to Walter Copan, director of America’s National Institute of Standards and Technology (NIST), asking that the standards body put together a guidance document for government workers on alternatives to .zip archiving tools.

Complete article on wired.com

Radiohead Dropped 18 Hours of Unreleased Music to Screw Pirates

ON TUESDAY, RADIOHEAD guitarist and composer Jonny Greenwood made an announcement on Twitter and Facebook: The band had been “hacked,” and the perpetrator attempted a $150,000 shakedown to prevent the public release of the files. In response? Radiohead dumped all of it online for free. You can stream it below for the next 18 days, or buy it on Bandcamp for about $23. All proceeds will go to a climate protest organization called Extinction Rebellion.

Complete article on wired.com

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Complete article on krebsonsecurity.com

Maker of America’s license-plate, driver recognition tech hacked, camera images swiped

The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America’s land border.

The CBP issued a statement outlining how it learned on May 31 that the unnamed contractor, against Uncle Sam’s privacy rules and security measures, copied license plate scans and traveler pictures to its own network, only to have that network invaded by hackers and the data stolen.

Complete article on theregister.co.uk

The dark web knows too much about me

We asked cybersecurity experts to scour the dark web for our personal information. What they found was disturbing.

What do Dunkin’ Donuts, Fortnite, Sprint and the Dow Jones company all have in common? They’ve all suffered from massive hacks in 2019 alone.

After every data breach, victim data often surfaces on the encrypted “hidden” internet known as the dark web, a network of sites that can only be accessed with special security software. Dark web markets operate like the ecommerce websites we shop on every day, but often trade in illicit goods like drugs, weapons and stolen data.

Complete article on cnet.com

A Year Later, Cybercrime Groups Still Rampant on Facebook

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.

Complete article on krebsonsecurity.com

How Call Centers are the Weakest Links in Authentication Chain

As companies increase their cybersecurity defenses, fraudsters are now targeting call centers with easily obtained and plentiful personally identifying information and they are sharing it too.

A report from TRUSTID confirms that call center professionals are being inundated with social engineering attempts from fraudsters looking to takeover customer accounts.

The results spotlighted six insights…

Complete article on securitymagazine.com

How Walmart Uses a Purple Team to Improve Cyber-Resilience

Few if any, organizations on the planet operate at the size and scale of Walmart. Scale isn’t just about normal retail operations either; it also comes in play with how the organization handles its own security resiliency testing.

In a session at the RSA Conference here, Jason O’Dell, director of incident response and hunt at Walmart, explained how the world’s largest retailer uses an innovative approach known as purple teaming at scale to improve security and reduce risk.

Complete article on eweek.com

The Windows 10 security guide: How to safeguard your business

How do you configure Windows 10 PCs to avoid common security problems? There’s no software magic bullet, unfortunately, and the tools are different for small businesses and enterprises. Here’s what to watch out for.

It is tempting to think that the process of securing a Windows 10 device can be reduced to a simple checklist. Install some security software, adjust a few settings, hold a training session or two, and you can move on to the next item on your to-do list.

Alas, the real world is far more complicated than that.

Complete article on zdnet.com