Mozilla patched two Firefox zero-day flaws in one week
2019-06-24 11:17:13Two emergency zero days affecting a browser in one week counts as unusual - especially when they pop up as separate alerts two days apart.Mobile apps riddled with high-risk vulnerabilities, warns report
2019-06-24 11:16:18Be careful before installing that mobile app on your iOS or Android device - many mobile applications are riddled with vulnerabilities.Desjardins’ employee from hell spills 2.9m records
2019-06-24 11:15:44The leak, carried out by a since-fired rogue employee, affected 2.7 million people and 173,000 businesses - about 41% of its clientele.Facebook posts reveal your hidden illnesses, say researchers
2019-06-24 10:02:54The language we use could be indicators of disease and, with patient consent, could be monitored just like physical symptoms.Monday review – the hot 20 stories of the week
2019-06-24 08:48:12From Bella Thorne publishing her own nudes to the Yubikey recall - and everything in between. It's weekly roundup time.Microsoft uses AI to push Windows 10 upgrade to users
2019-06-21 12:03:24From November, users running some versions of Windows 10 will be required to upgrade or find themselves unable to receive security updates.Used Nest cams were letting previous owners spy on you
2019-06-21 11:37:25Google says it's fixed the issue, but we haven't heard details on how many, and which, products were affected.Florida city will pay over $600,000 to ransomware attackers
2019-06-21 10:08:28Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.Government is exposing identities of child abuse victims
2019-06-21 09:46:51DHS and FBI investigators are using Facebook profile IDs in court records - IDs that are easily used to look up their profile pages.Update Firefox now! Zero-day found in the wild
2019-06-20 14:53:48Mozilla has fixed a critical zero-day bug in the latest point releases of the Firefox web browser.Google launches new Chrome protection from bad URLs
2019-06-20 14:47:57The "Suspicious Site Reporter" extension lets users easily report dubious sites, while a new warning flags potential typosquatting pages.Facebook’s Libra cryptocurrency is big news but will it be secure?
2019-06-20 13:57:47Unless you’ve been under a rock,“Deeply personal medical” records exposed online
2019-06-20 12:39:24The Facebook ad agency xSocialMedia exposed 150K medical histories, along with identifying information for the people involved.Netflix researcher spots TCP SACK flaws in Linux and FreeBSD
2019-06-19 12:26:13Three vulnerabilities in the FreeBSD and Linux kernels could allow attackers to induce a denial-of-service by clogging networking I/O.Pass the salt! Popular CMSs aren’t securing passwords properly
2019-06-19 12:23:47A group of researchers has discovered that many of the web's most popular content management systems are using obsolete algorithms to protect their users' passwords.Hospitals are being suffocated by robocalls
2019-06-19 10:48:50Some pretend to be hospitals to get patients' payment data. Others pose as the government and try to get confidential data from hospitals.Millions of Venmo transactions scraped (again)
2019-06-19 10:07:37Not much has changed since a year ago, when a bot was tweeting out publicly visible Venmo "drug" deals from the public-by-default company.90% off Ray-Bans? It’s a 100% Instagram SCAM!
2019-06-18 11:05:18The ads look like they're been shared by friends, but they're really pod people who've hijacked accounts.Bella Thorne steals hacker’s thunder, publishes nude photos herself
2019-06-18 10:45:20Sheesh! At this rate, extortionists are going to have to seek alternate employment.The US is reportedly seeding Russia’s power grid with malware
2019-06-18 10:24:37The US is alleged to have been quietly planting malware throughout Russia's energy networks in response to years of Russian attacks on its own power grid.Phishing attack lures victims with encrypted message alert
2019-06-18 10:19:04Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.Yubico recalls FIPS Yubikey tokens after flaw found
2019-06-17 11:28:43Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.Privacy foul for soccer league app that eavesdropped on users
2019-06-17 11:28:22The LaLiga app used phones' GPS and microphones to sniff out bars that were broadcasting soccer matches illegally.I’d like to add you to my professional network of people to spy on
2019-06-17 10:32:52A deepfake was reportedly spotted in the wild: LinkedIn's well-connected, young, attractive Eurasia/Russia expert "Katie Jones."Widely used medical infusion pump can be remotely hijacked
2019-06-17 10:05:16These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.Monday review – the hot 21 stories of the week
2019-06-17 09:48:50From the GoldBrute botnet to Microsoft's battle with irresponsibly disclosed bugs - and everything in between. It's your weekly roundup.Critical flaw found in Evernote Web Clipper for Chrome
2019-06-14 11:46:06Anyone using it in its unpatched state is at risk not only of a compromise of their Evernote account but, potentially,Android phones can now be security keys for iOS devices
2019-06-14 10:48:01Hey, iOS users. Got a spare Android phone lying around? Now, you can use it as a secure access key for online services.Facebook got 187,000 users’ data with snoopy VPN app
2019-06-14 10:41:44According to a letter it sent to Sen. Richard Blumenthal, that's 31,000 US users, with the rest in India.Cop arrested following explicit chat with bogus 16yo girl
2019-06-14 10:24:22A male college student Snapchat-filtered himself into a young girl and went out to catch a predator.Facebook keeps deepfake of Mark Zuckerberg
2019-06-13 14:35:44"Whoever controls the data, controls the future," says the evil Zuck, who, according to the platform's current policy, won't be taken down.Backpacker claims to find a network of hidden webcams in farm stay
2019-06-13 14:26:23In the bug repellent gizmo, in the shower, in the little birds glued to the footboard—all hiding webcams, alleges the Dutch backpacker.Vim devs fix system-pwning text editor bug
2019-06-13 14:02:41Diehard text editor users everywhere breathed a sigh of relief this week as the open source community fixed a bug in one of the most venerable *nix programs:Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day
2019-06-13 11:55:26Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way?Critical Adobe Flash player bug and more in June’s Patch Tuesday
2019-06-12 15:16:04June patch Tuesday features fixes from Adobe and Microsoft for critical flaws including a remote code vulnerability in Adobe Flash Player.FBI warns users to be wary of phishing sites abusing HTTPS
2019-06-12 10:55:46Why you shouldn't trust a website simply because it's secured using HTTPS and backed by the green padlock symbol.Radiohead releases ‘OK Computer’ sessions that hacker tried to ransom
2019-06-12 09:44:40The band shrugged off the threat and released the files on Bandcamp. They're long and not very interesting, they said.Hackers stole photos of travelers and license plates from subcontractor
2019-06-12 09:42:14Critics say if the US can't protect such data - which was improperly stored by a subcontractor - it shouldn't collect it.Critical flaws found in Amcrest security cameras
2019-06-11 11:13:06The Amcrest 721 family of security cameras features six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.iOS 13 will map the apps that are tracking you
2019-06-11 11:00:36A map will display the snail-slime trails that we all leave behind in our daily travels and through which background tracking apps follow us.It’s a SCAM: Send Bitcoin or your company’s reputation is TOAST!
2019-06-11 10:47:33"I will insult people. And everyone will not care that it's not you." But it's social-disaster baloney!Researchers crack digital safe using HSM flaw
2019-06-11 10:38:32French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.Microsoft warns of time-travelling equation exploit – are you safe?
2019-06-10 14:26:33An Office bug that was squashed back in 2017 is still in widespread use - make sure your computer hasn't slipped through the patch cracks!The GoldBrute botnet is trying to crack open 1.5 million RDP servers
2019-06-10 11:44:39Even its most optimistic users would have to concede that it’s been a bracing few weeks for anyone who relies on Microsoft’s Remote Desktop Protocol (RDP).Cryptocurrency attack thwarted by npm team
2019-06-10 10:36:49Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.Laptops used in 2016 NC poll to be examined by feds – after 2.5 years
2019-06-10 10:36:05The e-voting vendor in North Carolina was spearphished days before the election but still went ahead and used remote access software.Online shops fear 2FA at checkout will increase abandoned carts
2019-06-10 10:05:03A report says the EU will lose $64b per year once new 2FA rules go into effect,Monday review – the hot 21 stories of the week
2019-06-10 08:24:44From the vulnerable Windows RDS 'feature' to the privacy of US visa applicants - and everything in between. It's weekly roundup time.Action required! Exim mail servers need urgent patching
2019-06-07 12:24:39Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internet’s most popular mail server,What’s the best approach to patching vulnerabilities?
2019-06-07 12:14:42Researchers ask: with only 1 in 20 vulnerabilities exploited, what's the best approach to patching?Researchers eavesdrop on smartphone finger taps
2019-06-07 09:47:14Researchers have been experimenting with a novel way to eavesdrop on what you're typing on your smartphone - by listening to the taps of your fingers.The FBI is sitting on more than 641m photos of people’s faces
2019-06-07 08:53:30Its already massive facial recognition databases have ballooned, and government watchdog GAO found that the FBI isn't checking accuracy.Firefox aims at Google with Enhanced Tracking Prevention
2019-06-06 12:03:44The latest version of Firefox, 67.0.1, features a fully-fledged version of Mozilla’s Enhanced Tracking Protection (ETP) privacy system.Microsoft dismisses new Windows RDP ‘bug’ as a feature
2019-06-06 11:56:16Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions.YouTube bans kids’ live-streaming without an adult present
2019-06-06 11:11:13In another step to scrape pedophiles off the bottom of its shoe YouTube is banning youngsters from live-streaming without adult supervision.Gang charged with $19 million iPhone scam
2019-06-06 11:00:46It was a well-oiled business, with Top Dogs fencing devices, forgers cooking up fake IDs with stolen PII, and runners ripping off phones.Patch Android! June 2019 update fixes eight critical flaws
2019-06-05 11:33:13It's that time again. June's patches for Android are here.Apple bans ads, third-party tracking in apps meant for kids
2019-06-05 11:27:59The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store.ATM skimming crook behind bars after draining bank accounts for 2 years
2019-06-05 11:00:25A multi-state ATM card-skimming spree netted his gang over $800k from 531 people's bank accounts.Apple battles Facebook and Google with rival sign in service
2019-06-05 10:57:54Apple's WWDC was full of surprises including a new feature designed to make signing up for websites more private: Sign In with Apple.Synthetic clicks and the macOS flaw Apple can’t seem to fix
2019-06-04 12:34:37A researcher has found a way to abuse synthetic clicks in macOS "Catalina", and it hasn’t even shipped yet.GandCrab ransomware crooks to shut up shop
2019-06-04 11:24:11GandCrab's creators are giving themselves a "well-deserved retirement" after extorting (they say) $2 billion.US visa applicants required to hand over social media info
2019-06-04 10:36:16As of Friday, it's no longer optional - the US is been asking for five years of social media information.Apple sunsets iTunes
2019-06-04 09:50:21RIP iTunes, hello to the standalone Music, Podcasts and TV apps that are taking its place.Your phone’s sensors could be used as a cookie you can’t delete
2019-06-03 11:30:56Researchers have found that a phone's gyroscope, accelerometer and other sensors create a unique fingerprint.New controversy erupts over Chrome ad blocking plans
2019-06-03 11:23:26Changes to extensions will limit the way that Chrome lets browsers block content - unless you're an enterprise user.Going to Infosec Europe this week? Want a free T-shirt?
2019-06-03 11:01:29Are you making your way to Olympia, London for Infosec Europe this week? Stop by the stand,Fake news writer: If people are stupid enough to believe this stuff…
2019-06-03 10:37:45...then maybe they deserve this drivel, says a Macedonian copy-paste/turn-it-into-clickbait-bile writer who says it's all about the money.Monday review – the hot 17 stories of the week
2019-06-03 10:36:58From tackling anti-robocalling in the Senate to a data breach at a license plate reader company, here are last week's top infosec stories.G Suite users will have ‘confidential’ Gmail mode set to ON by default
2019-06-03 10:18:31Google announced that on 25 June 2019, Gmail's confidential mode will be switched on by default as the feature becomes generally available.Unpatched Docker bug allows read-write access to host OS
2019-05-31 11:58:03Suse developer Aleksa Sarai has uncovered a bug in the way that the container framework handles path names.Flipboard data breach – what users should do now
2019-05-31 11:52:52Hugely popular news aggregation site Flipboard - one billion app downloads from Google Play and counting - has become the latest internet company to admit it has suffered a breach.Foreign spies may be hiding in your VPN, warns DHS
2019-05-31 11:32:20"...nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes."Facial recognition used to strip adult industry workers of anonymity
2019-05-31 11:26:43A name-and-shame database is supposed to "save" husbands from wives who have appeared on porn sites.The cryptominer that kept coming back
2019-05-30 13:01:27A Monero cryptominer made a home on an Apache Tomcat server and just wouldn't stay away.New Zealand’s “hacked” budget was found on a website
2019-05-30 12:07:36Police close their investigation, concluding that New Zealand's "wellbeing" budget wasn't hacked.A million devices still vulnerable to ‘wormable’ RDP hole
2019-05-30 11:17:30An internet-wide scan has revealed almost one million devices vulnerable to CVE-2019-0708.What a teen grade hacker’s confession can teach us
2019-05-30 11:02:43"We had access to the grade book. Now we could change the grades."Fraudulent Standard Chartered Email Warning
2019-05-29 12:02:14Standard Chartered customers in Hong Kong are being targetted with an email claiming that their "online access will be discontinued and deleted from our server on 31th May 2019,New research generates deepfake video from a single picture
2019-05-29 11:02:36Now it's easier for attackers to produce deepfakes, even if the target doesn't have much existing footage. Like the Mona Lisa.Three tech-support scammers charged with ripping off the elderly
2019-05-29 10:57:10The defendants allegedly pulled in over $1.3 million over the course of about six years for unnecessary and undelivered tech support.Researchers uncover smart padlock’s dumb security
2019-05-29 09:48:46Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.Millions of Canva users’ data stolen as GnosticPlayers strikes again
2019-05-28 16:32:10The initial breach notification was topped with marketing fluff: an unfortunate choice, given what could be the resulting glazed eyeballs.Google-protected mobile browsers were open to phishing for over a year
2019-05-28 12:45:48Researchers revealed a massive hole in Google Safe Browsing's mobile browser protection that existed for over a year.Redditor can stay anonymous, court rules
2019-05-28 12:09:22The Watch Tower sought to unmask a Jehovah's Witness who posted its content to show what data the organization collects and processes.Hackers breach US license plate scanning company
2019-05-28 11:39:12One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach.US Senate passes anti-robocalling bill
2019-05-28 11:13:22The TRACED Act was a slam dunk in the Senate, where it passed with an overwhelming 97-1 vote.Tuesday review – the hot 21 stories of the week
2019-05-28 08:45:31A day late! From potential Windows 10 borkings to hackers hacking hackers - catch up on everything we wrote last week.Serious Security: Don’t let your SQL server attack you with ransomware
2019-05-25 18:17:36Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we're still making old mistakes - here's what to do.
