Skip to main content

Posts

Showing posts from August, 2022

Microsoft finds TikTok vulnerability that allowed one-click account compromises

Flaw resided in the app's deeplink verification process. https://bit.ly/3wKfZZg

Chrome extensions with 1.4M installs covertly track visits and inject code

If you've installed any of these extensions, manually remove them stat. https://bit.ly/3cxSGuM

Japan declares war on floppy disks for government use

In Japan, 1,900 government procedures still require submission on floppy disk. https://bit.ly/3KzKOFK

Organizations are spending billions on malware defense that’s easy to bypass

Two of the simplest forms of evasion are surprisingly effective against EDRs. https://bit.ly/3CN3UX1

France reveals hidden swimming pools with AI, taxes them

Computer eyes in the skies make real estate tax evasion in France much harder. https://bit.ly/3Ayp3Bz

FTC sues data broker that tracks locations of 125M phones per month

Agency says data shows users visits to clinics and homeless shelters. https://bit.ly/3crQ2XF

The number of companies caught up in the Twilio hack keeps growing

2FA provider Authy, password manager LastPass, and DoorDash all experienced breaches. https://bit.ly/3QSstWI

Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others

Already regarded among the most advanced, the attacks were also done at a massive scale. https://bit.ly/3R7luJe

Plex imposes password reset after hackers steal data for >15 million users

Intruders access personal information for the majority of its 30 million users. https://bit.ly/3CsLYAQ

Unix legend, who owes us nothing, keeps fixing foundational AWK code

Co-creator of core Unix utility, now 80, just needs to run a few more tests. https://bit.ly/3KdKJr7

Wave of debit card fraud hits Ally Bank customers, hacked vendors

Some are seeing charges on cards they've never activated or hardly used. https://bit.ly/3QCjkS6

Ring patched an Android bug that could have exposed video footage

After a chain of attacks, security firm got access to locations and recordings. https://bit.ly/3A5B9SC

Update Chrome now to patch actively exploited zero-day

It's the fifth Chrome zero-day patched by Google this year. https://bit.ly/3SVPSbb

iOS VPNs have leaked traffic for more than 2 years, researcher claims

VPNs on Apple mobile devices reportedly keep connections open and expose data. https://bit.ly/3PwBmUk

Chrome “Feed” is tantalizing, but it’s not the return of Google Reader

It's not that Google doesn't like RSS, it just wants RSS to look like Google. https://bit.ly/3c3fsub

1,900 Signal users’ phone numbers exposed by Twilio phishing

No message, profile, or other data exposed—but SMS remains a weakness. https://bit.ly/3JZ6Cdq

Update Zoom for Mac now to avoid root-access vulnerability

Feature you'd normally want for secure software opened a huge hole. https://bit.ly/3CbnP1w

A new jailbreak for John Deere tractors rides the right-to-repair wave

Exploit now provides root access to two popular models of the company’s farm equipment. https://bit.ly/3bPZCmV

Samsung heir pardoned due to South Korean economic needs

Lee's ascendancy to Samsung chairman position key to "vitalizing the economy." https://bit.ly/3C2prKP

I’m a security reporter and got fooled by a blatant phish

Think you're too smart to be fooled by a phisher? Think again. https://bit.ly/3PkbsDo

Amid backlash from privacy advocates, Meta expands end-to-end encryption trial

E2EE prevents anyone other than the sender and receiver from reading messages. https://bit.ly/3JRpDyM

One of 5G’s biggest features is a security minefield

There are vulnerabilities in 5G platforms carriers offer to wrangle embedded device data. https://bit.ly/3Ad2dR6

Man who built ISP instead of paying Comcast $50K expands to hundreds of homes

Jared Mauch gets $2.6 million from gov't to expand fiber ISP in rural Michigan. https://bit.ly/3zPn8s3

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Unusually resourced threat actor has targeted multiple companies in recent days. https://bit.ly/3djKAWS

10 malicious Python packages exposed in latest repository attack

Supply-chain attacks are moving GitHub toward digitally signed packages. https://bit.ly/3SxK5IR

SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

ÆPIC Leak spills users' most sensitive secrets in seconds from SGX enclaves. https://bit.ly/3SCPQVC

Setting our heart-attack-predicting AI loose with “no-code” tools

In the second part of this three-part series, our heart attack predictions take flight. https://bit.ly/3SEUuCi

Excel esports on ESPN show world the pain of format errors

Where one sheet link can be the difference between success or elimination. https://bit.ly/3p003hk

Cyberattack on Albanian government suggests new Iranian aggression

Tehran-linked hack of a NATO member is a significant escalation. https://bit.ly/3BMAh7M

“Huge flaw” threatens US emergency alert system, DHS researcher warns

Hackers can disrupt legit warnings or issue fake ones of their own. https://bit.ly/3Qn8S06

North Korea-backed hackers have a clever way to read your Gmail

SHARPEXT has slurped up thousands of emails in the past year and keeps getting better. https://bit.ly/3SoSL49

Intel’s loss is AMD’s gain as EPYC server CPUs benefit from Intel’s delays

Success in laptops, game consoles, and servers leads to record quarter for AMD. https://bit.ly/3vBU9GR

Post-quantum encryption contender is taken out by single-core PC and 1 hour

Leave it to mathematicians to muck up what looked like an impressive new algorithm. https://bit.ly/3zQGyhc

Charter loses home Internet customers, blames end of COVID subsidy program

After loss of 42,000 customers, Charter pins growth hopes on new federal funding. https://bit.ly/3OQ6uho

No code, no problem—we try to beat an AI at its own game with new tools

In part one of three, we give the cloud a new problem to (heart) attack. https://bit.ly/3Q7cdR1