Worth a read if you use Social Media.   The dating app knows me better than I do, but these reams of intimate information are just the tip of the iceberg. What if my data is hacked – or sold?   September 26, 2017  By Judith Duportail   At 9.24pm (and one second) on the… Continue reading I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets

By Eduard Kovacs on September 26, 2017   Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices.   The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and… Continue reading Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android

September 25, 2017 By Rafia Shaikh   Elevated? May be not…   Apple has today released a new macOS version, dubbed as macOS High Sierra. While you might be getting excited to upgrade your Macs right away, a security researcher has already dropped a zero day vulnerability.   NSA hacker drops macOS High Sierra zero-day  … Continue reading Do NOT Upgrade to macOS High Sierra Today – Critical, Password-Stealing Security Bug Discovered

September 25, 2017  By John E Dunn   The developer behind the popular iTerm2 software, an alternative to Apple’s Terminal emulator has posted an urgent security fix after a user noticed it could inadvertently leak sensitive data when attempting to resolve URLs.   In a case underlining how well-intentioned plans can go badly awry, v3.0.0 of… Continue reading The software flaw that could beam out passwords by DNS

Which is to say neither do it By John Leyden 25 Sep 2017     Security researchers have discovered that two popular home automation systems are vulnerable to attacks.   The Insteon Hub and Wink Hub 2 are designed to connect various home products and manage automation, and the flaws represent another entry in the growing catalogue of IoT security… Continue reading Insteon and Wink home hubs appear to have a problem with encryption

By Eduard Kovacs on September 25, 2017   Oracle has released patches for many of its products to address several vulnerabilities in the Apache Struts 2 framework, including one that has been exploited in the wild for the past few weeks.   The actively exploited flaw is CVE-2017-9805, for which proof-of-concept (PoC) code was published… Continue reading Oracle Releases Patches for Exploited Apache Struts Flaw

September 25, 2017 By Jérôme Segura     There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for… Continue reading Drive-by mining and ads: The Wild Wild West

September 24, 2017  By Pierluigi Paganini     Login credentials for 540K records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records Tracking) have been leaked online.   Another day, another data breach to report, login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records… Continue reading Passwords and much more for 540,000 SVR Tracking accounts leaked online

By Siggi Stefnisson on September 22, 2017     Encrypted communications have boomed in popularity in the aftermath of the Snowden leaks in 2013, which has ironically opened up a new pathway for cybercriminals. Since those fateful revelations years ago, the world has witnessed a sharp increase in encrypted web traffic—reaching half of all global… Continue reading Private, But Not Secure: HTTPS is Hiding Cybercrime

September 23rd, 2017  By Catalin Cimpanu   It has become the norm that when someone says “IoT botnet” most security aficionados think of DDoS attacks.   While most IoT botnets are, in fact, used for DDoS attacks, in recent months, quite a few IoT malware strains that are usually used to assemble these botnets have… Continue reading IoT Botnet Retooled to Send Email Spam