The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday March 13, 2019

Billions of records have been breached and you may be part of it, even if you've never heard of the service that was compromized.

Billions of records have been breached and you may be part of it, even if you've never heard of the service that was compromized.

'have i been pwned?' informed us that 763,117,241 people have had their records leaked by a company called Verifications IO.

Andrew Martin, CEO & founder of cybersecurity company DynaRisk, has since revealed the true number of leaked records is much higher, exceeding 2 billion records.

An unprotected MongoDB database was discovered by security researcher Bob Diachenko. Having cross-referenced the data, sitting there in plain text, with the have i been pwned site, Diachenko was able to conclude this was fresh to the market new information and not just a dump of previously breached data as has been seen with the recent Collection 1 leak. After doing some more investigative work, Diachenko was able to track the database back to the Verifications IO enterprise email validation service.

You're not alone if you've never heard of Verifications IO. But you may still be a victim. This company validates bulk email lists for companies wanting to remove inactive addresses from newsletter mailouts.

Diachenko says that "although not all records contained the detailed profile information about the email owner, a large amount of records were very detailed." That detail included commonplace breach data such as email addresses and phone numbers, but went far beyond the basics as well. Information such as dates of birth, mortgages amounts and interest rates and social media accounts related to the emails in question. But it doesn't stop there, you can also throw in basic credit scoring data, company names and revenue figures as well.

apply the basics of good cybersecurity hygiene. Which means being alert to the phishing risk, applying more skepticism than usual to unexpected emails, text messages, social media communications and even snail mail that want you to check a link out, open an attachment and so on. If threat actors have got hold of this data then it provides all the ammunition they require in order to appear like a trustworthy organization in their communications.

Source: www.forbes.com

Sent to us by: Jeff Weston

Efforts to recover millions in crypto-cash from the digital wallets of a man who died without revealing passwords to access them have hit a snag: The wallets have been found to be empty.

Efforts to recover millions in crypto-cash from the digital wallets of a man who died without revealing passwords to access them have hit a snag: The wallets have been found to be empty.

The discovery was made by a firm appointed to oversee QuadrigaCX after the death of founder Gerald Cotten.

It expected to find the wallets full of C$180m ($137m; £105m) in crypto-cash deposited by the coin exchange's customers.

Mr Cotten, who died in India in December, had sole responsibility for handling the funds and coins passing through the site.

The master key to unlock the wallets was held on Mr Cotten's laptop but he died without letting anyone else know the passphrase to unlock the device. Most of the digital cash that customers deposited with the exchange was supposed to be kept in "cold storage" to prevent it being hacked or stolen.

The cash represented the virtual currency holdings of 115,000 QuadrigaCX customers.

Mr Cotten's death forced the closure of QuadrigaCX and auditor Ernst & Young was appointed to wind it up.

Its investigation has secured access to Mr Cotten's laptop but also revealed that the digital wallets had been cleaned out months before he died.

In a report on its discovery, E&Y investigators said they did not know what had happened to the bitcoins they expected to find in storage.

However, the company said, it found evidence that Mr Cotten had 14 other user accounts "created outside the normal process" that may have been used to trade on the QuadrigaCX exchange.

E&Y is now trying to gather information about the trading done via these other accounts to see if it can trace how much crypto-cash passed through them.

A reward of $100,000 has been offered for information about where the exchange's cash has gone.

Source: www.bbc.com

Sent to us by: Roy W. Nash

Sorry Amazon: Philadelphia has banned cashless stores.

Sorry Amazon: Philadelphia has banned cashless stores.

Last week, Philadelphia's mayor signed a bill that would ban cashless retail stores. The move makes Philadelphia the first major city to require that brick-and-mortar retail stores accept cash. Besides Philadelphia, the state of Massachusetts has required that retailers accept cash since 1978.

The law takes effect July 1, and it will not apply to stores like Costco that require a membership, nor will it apply to parking garages or lots, or to hotels or rental car companies that require a credit or debit card as security for future charges. Retailers caught refusing cash can be fined up to $2,000.

Amazon, whose new Amazon Go stores are cashless and queue-less, reportedly pushed back against the new law, asking for an exemption. Philadelphia lawmakers said that Amazon could work around the law under the exemption for stores that require a membership to shop there, but Amazon told the city that a Prime membership is not required to shop at Amazon Go stores, so its options are limited.

A top official in Philadelphia's Chamber of Commerce said that the ban will prevent Philadelphia from modernizing with the rest of the country. Cashless companies argue that cash slows down transactions when change needs to be counted and creates security risks for employees locking up at the end of the night.

Supporters of the new law, however, say that not accepting cash hurts poorer residents who may not be able to afford or qualify for a credit card or who want to avoid fees that come with changing cash into a prepaid debit card. Additionally, privacy advocates say that being forced to use a digital form of payment to buy things is a de facto requirement to share records of their purchases with third-party companies.

A New York City councilman is pushing a similar measure, and New Jersey's legislature has also passed a bill to require storefronts to accept cash, though the governor of that state has not signed the bill yet.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Have a Windows update that is messing up Windows 10? Now it'll automatically remove and block itself to allow Microsoft to fix the problem.

Have a Windows update that is messing up Windows 10? Now it'll automatically remove and block itself to allow Microsoft to fix the problem.

Windows 10 is not exactly the definition of simplicity. Patch Tuesday always seems to introduce new problems (the latest being crippled game performance), and the underlying behavior of the Windows 10 update process will melt your brain. The latest development in the saga isn't actually the introduction of troublesome updates, though. This time around, Microsoft is removing them automatically and without any user input.

In a Microsoft Support page discussion, a user asked "Why were recently installed updates removed?" and here is Microsoft's official response: "To ensure that your device can start up and continue running as expected, Windows will also prevent problematic updates from installing automatically for the next 30 days. This will give Microsoft and our partners the opportunity to investigate the failure and fix any issues. After 30 days, Windows will again try to install the updates."


Right now this process of auto-removing problematic updates appears to focus on startup trouble, and Microsoft says it will only execute this measure once all other repairs have been attempted.

What's certain is that Microsoft will not only delete the updates it determines are preventing normal OS operation, it will also block them from being installed for the next 30 days. Microsoft says this will give ample time for it and its partners to "investigate the failure and fix any issues."

Source: www.forbes.com

Sent to us by: Roy W. Nash