Worth a read if you use Social Media. The dating app knows me better than I do, but these reams of intimate information are just the tip of the iceberg. What if my data is hacked – or sold? September 26, 2017 By Judith Duportail At 9.24pm (and one second) on the… Continue reading I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets
Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android
By Eduard Kovacs on September 26, 2017 Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices. The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and… Continue reading Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android
Do NOT Upgrade to macOS High Sierra Today – Critical, Password-Stealing Security Bug Discovered
September 25, 2017 By Rafia Shaikh Elevated? May be not… Apple has today released a new macOS version, dubbed as macOS High Sierra. While you might be getting excited to upgrade your Macs right away, a security researcher has already dropped a zero day vulnerability. NSA hacker drops macOS High Sierra zero-day … Continue reading Do NOT Upgrade to macOS High Sierra Today – Critical, Password-Stealing Security Bug Discovered
The software flaw that could beam out passwords by DNS
September 25, 2017 By John E Dunn The developer behind the popular iTerm2 software, an alternative to Apple’s Terminal emulator has posted an urgent security fix after a user noticed it could inadvertently leak sensitive data when attempting to resolve URLs. In a case underlining how well-intentioned plans can go badly awry, v3.0.0 of… Continue reading The software flaw that could beam out passwords by DNS
Insteon and Wink home hubs appear to have a problem with encryption
Which is to say neither do it By John Leyden 25 Sep 2017 Security researchers have discovered that two popular home automation systems are vulnerable to attacks. The Insteon Hub and Wink Hub 2 are designed to connect various home products and manage automation, and the flaws represent another entry in the growing catalogue of IoT security… Continue reading Insteon and Wink home hubs appear to have a problem with encryption
Oracle Releases Patches for Exploited Apache Struts Flaw
By Eduard Kovacs on September 25, 2017 Oracle has released patches for many of its products to address several vulnerabilities in the Apache Struts 2 framework, including one that has been exploited in the wild for the past few weeks. The actively exploited flaw is CVE-2017-9805, for which proof-of-concept (PoC) code was published… Continue reading Oracle Releases Patches for Exploited Apache Struts Flaw
Drive-by mining and ads: The Wild Wild West
September 25, 2017 By Jérôme Segura There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for… Continue reading Drive-by mining and ads: The Wild Wild West
Passwords and much more for 540,000 SVR Tracking accounts leaked online
September 24, 2017 By Pierluigi Paganini Login credentials for 540K records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records Tracking) have been leaked online. Another day, another data breach to report, login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records… Continue reading Passwords and much more for 540,000 SVR Tracking accounts leaked online
Private, But Not Secure: HTTPS is Hiding Cybercrime
By Siggi Stefnisson on September 22, 2017 Encrypted communications have boomed in popularity in the aftermath of the Snowden leaks in 2013, which has ironically opened up a new pathway for cybercriminals. Since those fateful revelations years ago, the world has witnessed a sharp increase in encrypted web traffic—reaching half of all global… Continue reading Private, But Not Secure: HTTPS is Hiding Cybercrime
IoT Botnet Retooled to Send Email Spam
September 23rd, 2017 By Catalin Cimpanu It has become the norm that when someone says “IoT botnet” most security aficionados think of DDoS attacks. While most IoT botnets are, in fact, used for DDoS attacks, in recent months, quite a few IoT malware strains that are usually used to assemble these botnets have… Continue reading IoT Botnet Retooled to Send Email Spam