Tag Archive for: adds

Ledger Adds Bitcoin Bounty and New Data Security After Hack

/in


Matt Johnson, Ledger’s new Chief Information Security Officer (CISO), had no choice but to hit the ground not just running but, well, sprinting. His first week of work entailed scrutinizing the fallout from an extensive data dump of customer information, among other areas such as data security and increased attacks that would come as a byproduct of bitcoin pumping. 

In the aftermath of the largest hack in company history, and a little over a week after Johnson started, the hardware wallet company Ledger has announced its first measures to address the data breach and ensure such a hack doesn’t happen again. 

These include working with blockchain analytics firm Chainalysis to hunt the hackers, offering a 10 BTC bounty for information leading to the hacker’s arrest and creating a comprehensive review of what information the company holds onto, where it’s stored and how long it’s retained. 

The Ledger hack

Ledger publicly revealed that customer information had been compromised in July 2020. At the time, the company estimated 9,500 customers had been affected by the hack. In the following months, CoinDesk documented a string of convincing phishing attempts executed by the hackers, including emails that mimicked official Ledger correspondence and text messages. 

Then, in December 2020, a data dump “exposed 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to people who had ordered Ledger’s devices, which store the private keys for cryptocurrency wallets,” as CoinDesk reported.  The number of people affected was much higher than the original estimate of 9,500.  

A rash of SIM swaps were reported in the days following the data dump and some customers started getting extortion emails, including threats of violence. 

Now, Ledger has released new information about the hack, revealing that it was likely due, in part, to rogue actors at Shopify, its e-commerce partner at the time. 

Shopify’s rogue agents

On Dec. 23, 2020, Ledger was notified by Shopify of an incident “involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported…

Source…

Signal adds encrypted group calls to keep your conversations secure

/in


Signal on Monday announced the launch of group calls which, like everything else on the platform, is end-to-end encrypted. The new feature, which builds on other group chat functionality introduced in October, is rolling out to to Signal on Android and iOS.

Starting a group call in Signal is easy. Now, when you open a group chat, you’ll see a video call button at the top. Once you start a call, the group will receive a notification saying that a call has started. That’s essentially how it works on every messaging app that supports group calls.

“Signal Group Calls are one of many features that we have designed with Signal Private Groups as a foundation, using our RingRTC library for handling frame encryption and the logic around setting up and joining calls,” the company wrote in a blog post.

According to Signal, group calls are only supported in the new style groups. However, legacy groups will be automatically updated to new groups in the coming weeks. Back when the new group features were released, Signal added mentions, admins, and group permissions.

The company said group calls are currently limited to five participants, but the company is hoping to expand that number soon. That’s quite limiting if you have a large group of friends or family you want to chat with, and is far fewer than what Google Meet and Zoom accommodates. These services also offer end-to-end encryption.

If you’re an existing Signal user, the addition of group calls makes the service that much better. It may not serve as a mainstream threat to Google Meet or Zoom, but the platform has many other features that make it a great app for communication — and everything is end-to-end encrypted, so there’s the added benefit of security.

Signal’s free group calling features are available on Android and iOS beginning today.

Source…

Nokia 7.2 adds 3-button navigation with new Android 10 Build & November Security update 2020

/in


Nokia 7.2 is now receiving a new Android 10 build (V2.390) with the November security update 2020. Check below for the update size, list of markets and the update changelog.

For all software update news related to other Nokia smartphones click here.

On the basis of tips received from our readers, we will collate a list of markets for the Nokia 7.2 for which November Security update is now available. So, do let us know if you have received the update in the comments section. You can also try the VPN trick for getting the update and see if it works.

List of markets:

Nokia 7.2 November update size:

The update size for Nokia 7.2 is a big 1.61 GB. You will either be prompted to download this update or you can check by going to Settings and searching system updates and then by checking for the update.

Nokia 7.2 November Security update changelog:

Nokia 7.2 is receiving stability improvements and UI enhancements with this new Android 10 build. As per tips shared by some of our readers it seems that Nokia 7.2 has received the 3-button navigation with this Android 10 build.

Thanks, Allen & Hotlain for the tip & screenshot. Cheers!!

Source…

Milestone Adds Encryption From Microsoft to XProtect VMS

/in


Milestone say XProtect 2020 R3 also offers a new multi-category search function that makes finding specific video evidence easier and faster, and more.

COPENHAGAN — Milestone Systems announces the release of XProtect 2020 R3 includes a new level of encryption from Microsoft called Cryptography New Generation (CNG), which is said to adhere to the highest level of cybersecurity and data protection on the market today.

XProtect’s new encryption modules include stronger data protection, increased cybersecurity, evidence authenticity and password-protected configuration, according to the company.

Embedding this encryption, also means that XProtect can now be configured to operate in a FIPS (Federal Information Processing Standards) 140-2 compliant mode. FIPS is a U.S. government computer security standard utilized in all software solutions deployed in U.S. federal agencies and regulated industries such as healthcare and finance.

Security operators are the eyes and ears of their organization. When an incident occurs, they are expected to provide video evidence immediately. This can sometimes be a challenging task, especially for installations with thousands of cameras recording 24/7.

Milestone say XProtect 2020 R3 also offers a new multi-category search function that makes finding specific video evidence easier and faster than ever.

Multi-category search allows the operator to combine and search across multiple search categories such as people, vehicles and location, as well as any search agents developed and integrated into XProtect by third-party technology partners.

As an example, operators can narrow their investigation to only contain video sequences that include blue vehicles AND male persons (this requires specific devices exporting metadata in ONVIF Analytics Specification-compliant format) and exclude those that only meet one of them.

XProtect 2020 R3 also offers expanded support for any 360° camera that delivers a complete round fisheye view.

The 2020 R3 release contains many more new and improved features and capabilities such as improved video rendering performance in the XProtect Smart Client, adaptive streaming for XProtect Mobile and…

Source…