Summary

Total Articles Found: 52

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Woman stalked by sandwich server via her COVID-19 contact tracing info
  • Android users: watch out for this fake address bar trick
  • Zynga faces class action suit over massive Words With Friends hack
  • Ad blocker firms rush to fix security bug
  • Two zero days and 15 critical flaws fixed in July’s Patch Tuesday
  • Cloud computing giant PCM hacked
  • $50 DeepNude app undresses women with a single click
  • Facebook’s Libra cryptocurrency is big news but will it be secure?
  • Docker breach of 190,000 users exposes lack of two-factor authentication
  • NCSC: Secure your webcams now

LastPass: Keylogger on home PC led to cracked corporate password vault

Published: 2023-02-28 02:23:16

Popularity: 140

Author: Paul Ducklin

Keywords:

  • Data loss
  • breach
  • keylogger
  • LastPass
  • malware
  • Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

    ...more

    SHA-3 code execution bug patched in PHP – check your version!

    Published: 2022-11-01 14:09:10

    Popularity: 24

    Author: Paul Ducklin

    Keywords:

  • Cryptography
  • Vulnerability
  • cryptograhpy
  • CVE-2022-37454
  • PHP
  • sha-3
  • As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

    ...more

    Chrome and Edge fix zero-day security hole – update now!

    Published: 2022-09-05 15:12:58

    Popularity: 174

    Author: Paul Ducklin

    Keywords:

  • Google
  • Google Chrome
  • Vulnerability
  • chrome
  • CVE-2022-3075
  • Exploit
  • Patch
  • Zero Day
  • This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

    ...more

    Critical Samba bug could let anyone become Domain Admin – patch now!

    Published: 2022-07-27 21:15:15

    Popularity: 79

    Author: Paul Ducklin

    Keywords:

  • Vulnerability
  • CVE-2022-32744
  • password reset
  • Samba
  • It's a serious bug... but there's a fix for it, so you know exactly what to do!

    ...more

    Google patches “in-the-wild” Chrome zero-day – update now!

    Published: 2022-07-05 15:55:14

    Popularity: 162

    Author: Paul Ducklin

    Keywords:

  • Google
  • Google Chrome
  • Vulnerability
  • 0 day
  • chrome
  • CVE-2022-2294
  • vulnerability
  • zer-day
  • Zero Day
  • Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

    ...more

    Harmony blockchain loses nearly $100M due to hacked private keys

    Published: 2022-06-27 18:14:53

    Popularity: 13

    Author: Paul Ducklin

    Keywords:

  • Cryptocurrency
  • Data loss
  • crypto
  • ether
  • hack
  • Harmony
  • The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

    ...more

    Big bad decryption bug in OpenSSL – but no cause for alarm

    Published: 2021-08-27 01:03:21

    Popularity: 44

    Author: Paul Ducklin

    Keywords:

  • Cryptography
  • Uncategorized
  • Vulnerability
  • buffer overflow
  • CVE-2021-3711
  • CVE-2021-3712
  • openssl
  • vulnerability
  • The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

    ...more

    PHP community sidesteps its third supply chain attack in three years

    Published: 2021-04-30 16:37:04

    Popularity: 80

    Author: Paul Ducklin

    Keywords:

  • Vulnerability
  • Composer
  • Packagist
  • PHP
  • supply chain
  • Third time lucky! (The first two times were lucky, too, luckily.)

    ...more

    Woman stalked by sandwich server via her COVID-19 contact tracing info

    Published: 2020-05-14 12:52:57

    Popularity: 2329

    Author: Lisa Vaas

    Keywords:

  • Data loss
  • Privacy
  • Security threats
  • breach
  • contact tracing
  • coronavirus
  • COVID-19
  • cyberstalking
  • pandemic
  • pii
  • stalking
  • Subway
  • surveillance
  • She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details.

    ...more

    Tor browser fixes bug that allows JavaScript to run when disabled

    Published: 2020-03-17 12:16:27

    Popularity: 148

    Author: John E Dunn

    Keywords:

  • Privacy
  • Security threats
  • Vulnerability
  • Web Browsers
  • anonymity
  • browser privacy
  • Firefox
  • Java
  • JavaScript
  • NoScript
  • the onion router
  • Tor
  • tor browser
  • The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.

    ...more

    Zynga faces class action suit over massive Words With Friends hack

    It's charging subpar password security and lousy user notification: Zynga has yet to notify users to warn them of the breach, the suit says.

    ...more

    NCSC: Secure your webcams now

    We don't want to see what you do behind closed doors, but lots of hackers would be happy to pull up a chair to view that video stream.

    ...more

    Mozilla bans Firefox extensions for executing remote code

    Mozilla’s policy is unambiguous - add-ons must be self-contained and not load remote code, which opens up the user to all sorts of risks.

    ...more

    FBI asks Apple to help it unlock iPhones of naval base shooter

    This could signal a renewed war between Apple and law enforcement over breaking encryption.

    ...more

    Twitter turns off SMS texting after @Jack hijacking

    Two problems, Twitter says: vulnerabilities that mobile carriers need to fix & its reliance on linked numbers for 2FA.

    ...more

    Serious flaws in six printer brands discovered, fixed

    There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.

    ...more

    Chrome Incognito mode detection fix busted by researchers

    Published: 2019-08-15 11:40:42

    Popularity: None

    Author: None

    🤖: "browser snooped"

    Remember that Chrome update that stopped websites from detecting Incognito mode? Well, researchers claim to have found a way around it.

    ...more

    Two zero days and 15 critical flaws fixed in July’s Patch Tuesday

    Patch Tuesday July 2019 offers fixes for a total of 77 vulnerabilities, including 15 marked critical, rounded out by two zero-day flaws.

    ...more

    Cloud computing giant PCM hacked

    Published: 2019-07-01 12:33:36

    Popularity: 522

    Author: Danny Bradbury

    Keywords:

  • Data loss
  • gift cards
  • hack
  • The attackers allegedly stole admin credentials for Office 365 accounts, and planned to use stolen data to conduct gift card fraud.

    ...more

    $50 DeepNude app undresses women with a single click

    Published: 2019-06-28 12:25:37

    Popularity: 483

    Author: Lisa Vaas

    Keywords:

  • Fake news
  • Government security
  • Machine Learning
  • Privacy
  • Artificial intelligence
  • deepfakes
  • DeepNude
  • GANs
  • machine learning
  • sextortion
  • "I'm not a voyeur, I'm a technology enthusiast,” says the creator, who combined deepfake AI with a need for cash to get ka-CHING!

    ...more

    Facebook’s Libra cryptocurrency is big news but will it be secure?

    Published: 2019-06-20 13:57:47

    Popularity: 397

    Author: John E Dunn

    Keywords:

  • Cryptocurrency
  • Facebook
  • Social networks
  • Blockchain
  • cryptocurrency
  • Facebook Libra
  • identity
  • MasterCard
  • PayPal
  • Visa
  • wire fraud
  • Unless you’ve been under a rock, you’ll know that earlier this week Facebook announced plans for a new global cryptocurrency for absolutely everyone called Libra.

    ...more

    Docker breach of 190,000 users exposes lack of two-factor authentication

    Published: 2019-04-30 10:48:08

    Popularity: 397

    Author: John E Dunn

    Keywords:

  • Data loss
  • Security threats
  • 2FA
  • data breach
  • MFA
  • password breach
  • The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.

    ...more

    Android users: watch out for this fake address bar trick

    Published: 2019-04-30 14:38:05

    Popularity: 1221

    Author: Danny Bradbury

    Keywords:

  • Android
  • Google
  • iOS
  • Mobile
  • Operating Systems
  • Organisations
  • Phishing
  • Security threats
  • Technologies
  • chrome
  • css
  • Fake URL
  • phishing
  • When is an address bar not an address bar? When it's a fake.

    ...more

    ExtraPulsar backdoor based on leaked NSA code – what you need to know

    Published: 2019-04-25 14:58:33

    Popularity: 0

    Author: Paul Ducklin

    Keywords:

  • Malware
  • Backdoor
  • DOUBLEPULSAR
  • ExtraPulsar
  • malware
  • NSA
  • Shadow Brokers
  • A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.

    ...more

    NYPD forgets to redact facial recognition docs, asks for them back

    Published: 2019-04-24 11:12:56

    Popularity: 77

    Author: Lisa Vaas

    Keywords:

  • Law & order
  • Privacy
  • Center on Privacy & Technology
  • Clare Garvie
  • facial recognition
  • Georgetown University Law Center
  • lawsuit
  • NYPD
  • The privacy think tank had them for 20 days, and one of the docs was already displayed at a conference, but the NYPD is still clawing them back.

    ...more

    Phone fingerprint scanner fooled by chewing gum packet

    Published: 2019-04-23 14:41:35

    Popularity: 0

    Author: Paul Ducklin

    Keywords:

  • Vulnerability
  • biometrics
  • fingerprint
  • Nokia
  • security bypass
  • A video has surfaced claiming to show someone unlocking a Nokia 9 by tapping a gum packet against the fingerprint scanner.

    ...more

    Ad blocker firms rush to fix security bug

    Published: 2019-04-17 10:59:56

    Popularity: 741

    Author: Danny Bradbury

    Keywords:

  • Adblocker
  • Google
  • Security threats
  • Web Browsers
  • ad blockers
  • AdBlock
  • Adblock Plus
  • browser security
  • eyeo GmbH
  • uBlock
  • vulnerability
  • If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.

    ...more

    Feds swoop in, snatch mobile phone tracking records away from ACLU

    Published: 2019-03-08 00:45:42

    Popularity: None

    Author: None

    🤖: "Surveillance squadrons"

    After the Feds seized the surveillance records, US Marshals then moved the physical records 320 miles away, meaning the ACLU wouldn’t be able to learn how, and how extensively, police use sno…

    ...more

    NIST’s new password rules – what you need to know

    Published: 2019-03-07 23:27:59

    Popularity: None

    Author: None

    A lot of password rules are there simply “because we’ve always done it that way.” NIST aims to fix that, and here’s how.

    ...more

    Feds swoop in, snatch mobile phone tracking records away from ACLU

    Published: 2019-03-07 23:13:22

    Popularity: None

    Author: None

    After the Feds seized the surveillance records, US Marshals then moved the physical records 320 miles away, meaning the ACLU wouldn’t be able to learn how, and how extensively, police use sno…

    ...more

    Chrome bug that lets sites secretly record you ‘not a flaw’, insists Google

    Published: 2019-03-07 23:01:09

    Popularity: None

    Author: None

    Definitely not a security issue, says Google, as it moves to address flaw that could have you inadvertently starring in someone else’s movie

    ...more

    Debian move marks beginning of the end for TLS 1.0 and 1.1

    Published: 2019-03-07 22:54:47

    Popularity: None

    Author: Kim Crawley

    TLS 1.20 fixes a vulnerability so now’s the time to check that the software you use and the software you manage supports it

    ...more

    Equifax website hit by malvertising – will the pain never end?

    Published: 2019-03-07 22:48:05

    Popularity: None

    Author: Paul Ducklin

    The proverb “it never rains but that it pours” could have been written for Equifax – this time, malvertising.

    ...more

    Flash 0-day in the wild – patch now!

    Published: 2019-03-07 22:47:58

    Popularity: None

    Author: None

    Patch Tuesday came and went without a Flash update, and then…

    ...more

    Hackers hired for year-long DDoS attack against man’s former employer

    Published: 2019-03-07 22:43:50

    Popularity: None

    Author: None

    Using a paid service meant he couldn’t be traced but the FBI tracked him down

    ...more

    Google drops new Edge zero-day as Microsoft misses 90-day deadline

    Published: 2019-03-07 22:30:49

    Popularity: None

    Author: Paul Ducklin

    Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days” period, so the flaw is now public.

    ...more

    Critical Flash update. Patch now!

    Published: 2019-03-07 22:28:47

    Popularity: None

    Author: Mark Stockley

    Can you really take another three years of this?

    ...more

    Microsoft patches RDP vulnerability. Update now!

    Published: 2019-03-07 22:28:40

    Popularity: None

    Author: None

    Microsoft has released a preliminary fix for a vulnerability rated Important and which is present in all supported versions of Windows in circulation.

    ...more

    350,000 cardiac devices need a security patch

    Published: 2019-03-07 22:23:19

    Popularity: None

    Author: None

    The devices are vulnerable to cybersecurity attacks and at risk of sudden battery loss.

    ...more

    Cloudflare mistakes own 1.1.1.1 DNS for DDoS attack

    Published: 2019-03-07 22:19:26

    Popularity: None

    Author: John E Dunn

    When is a DDoS attack not a DDoS attack? When it’s caused by your own recently-launched DNS service.

    ...more

    Prisoners exploit tablet vulnerability to steal nearly $225K

    Published: 2019-03-07 22:15:11

    Popularity: None

    Author: None

    364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.

    ...more

    ‘Unhackable’ Bitfi hardware rooted within a week

    Published: 2019-03-07 22:14:51

    Popularity: None

    Author: None

    Getting root access and patching firmware doesn’t count as successful hacking, apparently.

    ...more

    Drive away a Tesla today (even if it isn’t yours)

    Published: 2019-03-07 22:10:55

    Popularity: None

    Author: Paul Ducklin

    Raspberry Pi’s processing power versus Tesla’s Model S cryptography – victory for the little guy!

    ...more

    Could TLS session resumption be another ‘super cookie’?

    Published: 2019-03-07 22:07:12

    Popularity: None

    Author: John E Dunn

    Researchers think they’ve spotted a tracking technique that nobody has been paying attention to – TLS session resumption.

    ...more

    Passcodes are protected by Fifth Amendment, says court

    Published: 2019-03-07 22:05:58

    Popularity: None

    Author: None

    The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.

    ...more

    HTTP/3: Come for the speed, stay for the security

    Published: 2019-03-07 22:05:16

    Popularity: None

    Author: None

    Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.

    ...more

    Update now! Microsoft and Adobe’s January 2019 Patch Tuesday is here

    Published: 2019-03-07 21:59:55

    Popularity: None

    Author: John E Dunn

    After a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.

    ...more

    Update now! Microsoft and Adobe’s January 2019 Patch Tuesday is here

    Published: 2019-03-07 21:59:53

    Popularity: None

    Author: John E Dunn

    After a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.

    ...more

    Update now! Chrome and Firefox patch security flaws

    Published: 2019-03-07 21:58:20

    Popularity: None

    Author: John E Dunn

    Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux.

    ...more

    Hacker talks to baby through Nest security cam, jacks up thermostat

    Published: 2019-03-07 21:58:16

    Popularity: None

    Author: None

    Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.

    ...more

    Flash “security bypass” list hidden in Microsoft Edge browser

    Published: 2019-03-07 21:57:10

    Popularity: None

    Author: John E Dunn

    Until this month, the Edge browser could bypass its own warnings about Flash content on 58 websites, thanks to a hidden list.

    ...more

    Let’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself

    Published: 2019-03-07 21:56:55

    Popularity: None

    Author: Bill Brenner

    Checking that a website uses HTTPS is one way of checking if it’s legitimate – but what happens when the scammers are buying SSL certificates that include the name of the company they&#…

    ...more

    end