Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.
...moreSummary
Total Articles Found: 52
Top sources:
Top Keywords:
- Security threats: 11
- Vulnerability: 10
- Privacy: 7
- Data loss: 6
- Google: 4
Top Authors
- Paul Ducklin: 13
- John E Dunn: 11
- Lisa Vaas: 7
- Danny Bradbury: 4
- Kim Crawley: 1
Top Articles:
- Woman stalked by sandwich server via her COVID-19 contact tracing info
- Android users: watch out for this fake address bar trick
- Zynga faces class action suit over massive Words With Friends hack
- Ad blocker firms rush to fix security bug
- Two zero days and 15 critical flaws fixed in July’s Patch Tuesday
- Cloud computing giant PCM hacked
- $50 DeepNude app undresses women with a single click
- Facebook’s Libra cryptocurrency is big news but will it be secure?
- Docker breach of 190,000 users exposes lack of two-factor authentication
- NCSC: Secure your webcams now
LastPass: Keylogger on home PC led to cracked corporate password vault
Published: 2023-02-28 02:23:16
Popularity: 140
Author: Paul Ducklin
Keywords:
SHA-3 code execution bug patched in PHP – check your version!
Published: 2022-11-01 14:09:10
Popularity: 24
Author: Paul Ducklin
Keywords:
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
...moreChrome and Edge fix zero-day security hole – update now!
Published: 2022-09-05 15:12:58
Popularity: 174
Author: Paul Ducklin
Keywords:
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
...moreCritical Samba bug could let anyone become Domain Admin – patch now!
Published: 2022-07-27 21:15:15
Popularity: 79
Author: Paul Ducklin
Keywords:
It's a serious bug... but there's a fix for it, so you know exactly what to do!
...moreGoogle patches “in-the-wild” Chrome zero-day – update now!
Published: 2022-07-05 15:55:14
Popularity: 162
Author: Paul Ducklin
Keywords:
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...
...moreHarmony blockchain loses nearly $100M due to hacked private keys
Published: 2022-06-27 18:14:53
Popularity: 13
Author: Paul Ducklin
Keywords:
The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
...moreBig bad decryption bug in OpenSSL – but no cause for alarm
Published: 2021-08-27 01:03:21
Popularity: 44
Author: Paul Ducklin
Keywords:
The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.
...morePHP community sidesteps its third supply chain attack in three years
Published: 2021-04-30 16:37:04
Popularity: 80
Author: Paul Ducklin
Keywords:
Third time lucky! (The first two times were lucky, too, luckily.)
...moreWoman stalked by sandwich server via her COVID-19 contact tracing info
Published: 2020-05-14 12:52:57
Popularity: 2329
Author: Lisa Vaas
Keywords:
She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details.
...moreTor browser fixes bug that allows JavaScript to run when disabled
Published: 2020-03-17 12:16:27
Popularity: 148
Author: John E Dunn
Keywords:
The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.
...moreZynga faces class action suit over massive Words With Friends hack
Published: 2020-03-05 11:03:22
Popularity: 741
Author: Lisa Vaas
Keywords:
It's charging subpar password security and lousy user notification: Zynga has yet to notify users to warn them of the breach, the suit says.
...moreNCSC: Secure your webcams now
Published: 2020-03-04 11:57:54
Popularity: 339
Author: Lisa Vaas
Keywords:
We don't want to see what you do behind closed doors, but lots of hackers would be happy to pull up a chair to view that video stream.
...moreMozilla bans Firefox extensions for executing remote code
Published: 2020-01-28 10:38:31
Popularity: 283
Author: John E Dunn
Keywords:
Mozilla’s policy is unambiguous - add-ons must be self-contained and not load remote code, which opens up the user to all sorts of risks.
...moreFBI asks Apple to help it unlock iPhones of naval base shooter
Published: 2020-01-09 11:41:31
Popularity: 188
Author: Lisa Vaas
Keywords:
This could signal a renewed war between Apple and law enforcement over breaking encryption.
...moreTwitter turns off SMS texting after @Jack hijacking
Published: 2019-09-06 09:41:13
Popularity: 100
Author: Lisa Vaas
Keywords:
Two problems, Twitter says: vulnerabilities that mobile carriers need to fix & its reliance on linked numbers for 2FA.
...moreSerious flaws in six printer brands discovered, fixed
Published: 2019-08-15 13:03:19
Popularity: 207
Author: Danny Bradbury
Keywords:
There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.
...moreChrome Incognito mode detection fix busted by researchers
Published: 2019-08-15 11:40:42
Popularity: None
Author: None
🤖: "browser snooped"
Remember that Chrome update that stopped websites from detecting Incognito mode? Well, researchers claim to have found a way around it.
...moreTwo zero days and 15 critical flaws fixed in July’s Patch Tuesday
Published: 2019-07-10 11:08:05
Popularity: 731
Author: John E Dunn
Keywords:
Patch Tuesday July 2019 offers fixes for a total of 77 vulnerabilities, including 15 marked critical, rounded out by two zero-day flaws.
...moreCloud computing giant PCM hacked
Published: 2019-07-01 12:33:36
Popularity: 522
Author: Danny Bradbury
Keywords:
The attackers allegedly stole admin credentials for Office 365 accounts, and planned to use stolen data to conduct gift card fraud.
...more$50 DeepNude app undresses women with a single click
Published: 2019-06-28 12:25:37
Popularity: 483
Author: Lisa Vaas
Keywords:
"I'm not a voyeur, I'm a technology enthusiast,” says the creator, who combined deepfake AI with a need for cash to get ka-CHING!
...moreFacebook’s Libra cryptocurrency is big news but will it be secure?
Published: 2019-06-20 13:57:47
Popularity: 397
Author: John E Dunn
Keywords:
Unless you’ve been under a rock, you’ll know that earlier this week Facebook announced plans for a new global cryptocurrency for absolutely everyone called Libra.
...moreDocker breach of 190,000 users exposes lack of two-factor authentication
Published: 2019-04-30 10:48:08
Popularity: 397
Author: John E Dunn
Keywords:
The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.
...moreAndroid users: watch out for this fake address bar trick
Published: 2019-04-30 14:38:05
Popularity: 1221
Author: Danny Bradbury
Keywords:
When is an address bar not an address bar? When it's a fake.
...moreExtraPulsar backdoor based on leaked NSA code – what you need to know
Published: 2019-04-25 14:58:33
Popularity: 0
Author: Paul Ducklin
Keywords:
A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.
...moreNYPD forgets to redact facial recognition docs, asks for them back
Published: 2019-04-24 11:12:56
Popularity: 77
Author: Lisa Vaas
Keywords:
The privacy think tank had them for 20 days, and one of the docs was already displayed at a conference, but the NYPD is still clawing them back.
...morePhone fingerprint scanner fooled by chewing gum packet
Published: 2019-04-23 14:41:35
Popularity: 0
Author: Paul Ducklin
Keywords:
A video has surfaced claiming to show someone unlocking a Nokia 9 by tapping a gum packet against the fingerprint scanner.
...moreAd blocker firms rush to fix security bug
Published: 2019-04-17 10:59:56
Popularity: 741
Author: Danny Bradbury
Keywords:
If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.
...moreFeds swoop in, snatch mobile phone tracking records away from ACLU
Published: 2019-03-08 00:45:42
Popularity: None
Author: None
🤖: "Surveillance squadrons"
After the Feds seized the surveillance records, US Marshals then moved the physical records 320 miles away, meaning the ACLU wouldn’t be able to learn how, and how extensively, police use sno…
...moreNIST’s new password rules – what you need to know
Published: 2019-03-07 23:27:59
Popularity: None
Author: None
A lot of password rules are there simply “because we’ve always done it that way.” NIST aims to fix that, and here’s how.
...moreFeds swoop in, snatch mobile phone tracking records away from ACLU
Published: 2019-03-07 23:13:22
Popularity: None
Author: None
After the Feds seized the surveillance records, US Marshals then moved the physical records 320 miles away, meaning the ACLU wouldn’t be able to learn how, and how extensively, police use sno…
...moreChrome bug that lets sites secretly record you ‘not a flaw’, insists Google
Published: 2019-03-07 23:01:09
Popularity: None
Author: None
Definitely not a security issue, says Google, as it moves to address flaw that could have you inadvertently starring in someone else’s movie
...moreDebian move marks beginning of the end for TLS 1.0 and 1.1
Published: 2019-03-07 22:54:47
Popularity: None
Author: Kim Crawley
TLS 1.20 fixes a vulnerability so now’s the time to check that the software you use and the software you manage supports it
...moreEquifax website hit by malvertising – will the pain never end?
Published: 2019-03-07 22:48:05
Popularity: None
Author: Paul Ducklin
The proverb “it never rains but that it pours” could have been written for Equifax – this time, malvertising.
...moreFlash 0-day in the wild – patch now!
Published: 2019-03-07 22:47:58
Popularity: None
Author: None
Patch Tuesday came and went without a Flash update, and then…
...moreHackers hired for year-long DDoS attack against man’s former employer
Published: 2019-03-07 22:43:50
Popularity: None
Author: None
Using a paid service meant he couldn’t be traced but the FBI tracked him down
...moreGoogle drops new Edge zero-day as Microsoft misses 90-day deadline
Published: 2019-03-07 22:30:49
Popularity: None
Author: Paul Ducklin
Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days” period, so the flaw is now public.
...moreCritical Flash update. Patch now!
Published: 2019-03-07 22:28:47
Popularity: None
Author: Mark Stockley
Can you really take another three years of this?
...moreMicrosoft patches RDP vulnerability. Update now!
Published: 2019-03-07 22:28:40
Popularity: None
Author: None
Microsoft has released a preliminary fix for a vulnerability rated Important and which is present in all supported versions of Windows in circulation.
...more350,000 cardiac devices need a security patch
Published: 2019-03-07 22:23:19
Popularity: None
Author: None
The devices are vulnerable to cybersecurity attacks and at risk of sudden battery loss.
...moreCloudflare mistakes own 1.1.1.1 DNS for DDoS attack
Published: 2019-03-07 22:19:26
Popularity: None
Author: John E Dunn
When is a DDoS attack not a DDoS attack? When it’s caused by your own recently-launched DNS service.
...morePrisoners exploit tablet vulnerability to steal nearly $225K
Published: 2019-03-07 22:15:11
Popularity: None
Author: None
364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.
...more‘Unhackable’ Bitfi hardware rooted within a week
Published: 2019-03-07 22:14:51
Popularity: None
Author: None
Getting root access and patching firmware doesn’t count as successful hacking, apparently.
...moreDrive away a Tesla today (even if it isn’t yours)
Published: 2019-03-07 22:10:55
Popularity: None
Author: Paul Ducklin
Raspberry Pi’s processing power versus Tesla’s Model S cryptography – victory for the little guy!
...moreCould TLS session resumption be another ‘super cookie’?
Published: 2019-03-07 22:07:12
Popularity: None
Author: John E Dunn
Researchers think they’ve spotted a tracking technique that nobody has been paying attention to – TLS session resumption.
...morePasscodes are protected by Fifth Amendment, says court
Published: 2019-03-07 22:05:58
Popularity: None
Author: None
The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.
...moreHTTP/3: Come for the speed, stay for the security
Published: 2019-03-07 22:05:16
Popularity: None
Author: None
Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.
...moreUpdate now! Microsoft and Adobe’s January 2019 Patch Tuesday is here
Published: 2019-03-07 21:59:55
Popularity: None
Author: John E Dunn
After a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.
...moreUpdate now! Microsoft and Adobe’s January 2019 Patch Tuesday is here
Published: 2019-03-07 21:59:53
Popularity: None
Author: John E Dunn
After a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.
...moreUpdate now! Chrome and Firefox patch security flaws
Published: 2019-03-07 21:58:20
Popularity: None
Author: John E Dunn
Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux.
...moreHacker talks to baby through Nest security cam, jacks up thermostat
Published: 2019-03-07 21:58:16
Popularity: None
Author: None
Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.
...moreFlash “security bypass” list hidden in Microsoft Edge browser
Published: 2019-03-07 21:57:10
Popularity: None
Author: John E Dunn
Until this month, the Edge browser could bypass its own warnings about Flash content on 58 websites, thanks to a hidden list.
...moreLet’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself
Published: 2019-03-07 21:56:55
Popularity: None
Author: Bill Brenner
Checking that a website uses HTTPS is one way of checking if it’s legitimate – but what happens when the scammers are buying SSL certificates that include the name of the company they&#…
...more