Items tagged with security

As time goes on, people are becoming more aware of their privacy and data security regarding the products they use. We saw this with the outpouring of concern over WhatsApp’s privacy policies, causing confusion. People do not typically think about their search engine, though, but that is changing as well. DuckDuckGo is a search engine that touts privacy and security for its users, and the company’s search query numbers show that people are taking notice. DuckDuckGo (DDG) was founded in 2008 with the principle that companies should not make money from private information being sold without consent. DuckDuckGo operates by not collecting information while making money from ads sold in... Read more...
The crazy train that is WhatsApp right now does not look like it will be stopping any time soon. After the privacy policy fiasco, which is still developing, other issues have popped up simultaneously. It appears that Google is indexing a WhatsApp subdomain that can share users’ phone numbers. Furthermore, there are also other issues with WhatsApp that scammers can use to social engineer people, as we are just now learning. This is an absolute nightmare for privacy and security again, and should concern every WhatsApp user at present. Last year, WhatsApp had chat invite links indexed on Google, meaning they were searchable by anyone who knew what to look for. The search techniques could... Read more...
The last thing you want to experience when working on your PC or playing a game is to experience a blue screen of death (BSOD) error, especially since these kinds of crashes can sometimes be difficult to diagnose. There are many reasons why you might experience one, though. Case in point, there is a rather odd bug that can crash your PC from within Google's Chrome browser. It is another bug for Microsoft's software engineers to investigate. You might recall that last week we reported on a different quirk that could scramble your hard drive, with a simple string of command-line code. One of the ways it could be leveraged is to hide the code within a system icon, and if downloaded to a PC, it would... Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,... Read more...
Apple products were once praised as the most secure ecosystem, either by design of Apple's walled garden, excellent marketing tactics, or otherwise.  However, in mid-2020, Apple accidentally approved widespread Mac malware, breaking this reality for many people. Now, another Mac-exclusive malware has been uncovered in Asia, silently mining Monero in the background of macOS user’s devices. The malware, dubbed macOS.OSAMiner, has likely been floating around since at least 2015, packaged with cracked games and software like League of Legends and Microsoft Office. In 2018, SentinelLabs, a cybersecurity firm, caught wind of Chinese forum reports talking about a Monero mining trojan infecting... Read more...
Over the years, lawmakers and law enforcement worldwide have been pushing for backdoors and to eliminate end-to-end encryption in devices. According to security and cryptographic research, however, law enforcement and governments can already access locked smartphones through various tools and tricks. This is mainly due to weaknesses in Android or iOS devices, which honestly, could be a lot better. Recently, cryptographic researchers at Johns Hopkins University analyzed both Android and iOS devices and paired their findings with publicly available data. Johns Hopkins cryptographer Matthew Green stated that the results of the research shocked him, and he has now “come out of the project... Read more...
We've got 99 problems but Windows 10 ain't one. Just kidding—sometimes Windows 10 is one of those problems. We've had good luck with Windows 10 ourselves, but are aware of various issues people have encountered over the years. One of the stranger ones is a lingering bug that could easily corrupt your hard drive, just by downloading a icon. Security researcher and Twitter user Jonas L brought attention to the nearly three-year old bug in Windows 10, calling it a "nasty vulnerability" because it can be triggered just by opening a specially crafted file with a single-line command. NTFS VULNERABILITY CRITICALITY UNDERESTIMATED - There is a specially nasty vulnerability in NTFS right now. Triggerable... Read more...
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been hiding it. Ring is a smart doorbell and IoT company that created the Neighbors app in 2018, around the same time Amazon completed its acquisition of the company. The Neighbors app was something of a social app where Ring doorbell owners could anonymously share videos that show crime. Think along the lines of a digital neighborhood watch with video footage. Vulnerable Data On Neighbors... Read more...
The SolarWinds breach has been pervasive, and the world is still reeling from the effects. We have heard that hackers accessed data from Microsoft, U.S Government agencies, and other high-profile companies. Now we're learning about the full scope of the data that was allegedly obtained. A website recently appeared alleging that some of this data is available for sale, including partial Microsoft Windows source code for a whopping $600,000. That is just a bit more expensive than a real Windows license. The hackers, who seem to be operating under the moniker of “SolarLeaks,” describe their escapades as a “recent adventure.” Now, they are selling the spoils of this adventure... Read more...
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud provider. The New York City-based company has now urged customers to change their passwords and enable multi-factor authentication as account information and credentials could be at risk. Both in an email and a forum post, Ubiquiti reported that they had “recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.”... Read more...
For as long as developers have been writing software code, they've been inadvertently creating bugs. It's when those bugs can compromise the security of a PC that a bug goes from an annoyance to a potential real danger. Security issues with apps can be worked around in the interim, even if it means uninstalling it, but what about when the security vulnerability is in the driver for some critical piece of hardware; say a video adapter? When that happens, developers have to isolate the cause and act quickly to plug the holes, or else risk any PC with that hardware being open to attack. Such was the case for NVIDIA this week.  The GeForce, Quadro, and AI accelerator maker has issued a series... Read more...
The massive SolarWinds breach that has even ensnared Microsoft still has rippling effects. According to reports, it seems that hackers may have exposed sealed U.S. court documents. Simultaneously, SolarWinds is trying to clean up and close security holes following the attacks that used its software. The company has since hired several big names in the security world to help out, such as Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). This week, the Administrative Office of the U.S. Courts reported in a memo that the SolarWinds breach may have “jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system”... Read more...
WhatsApp was once hailed as an excellent and secure method for contacting people. However, Facebook bought out WhatsApp, and since then, it has dealt with several privacy and security lapses. Now, Facebook is tightening the noose around WhatsApp by forcing users to accept Facebook data collection through the app. Starting on February 8th, users joining WhatsApp will automatically be sending data to Facebook due to the terms and privacy policy changes going into effect. Current users will likely soon see a notification in-app, which will give them the option of accepting these terms or deleting their account. You can see what this notification looks like below. If you follow the link to the... Read more...
Earlier in December, we reported that hackers had breached the SolarWinds Orion platform, a software package dedicated to IT resource management. Ever since it was reported that the breach stretched back to Spring of 2020, numerous government agencies and private companies have indicated that they too were breached. Microsoft, who was at the tip of the spear when it came to the response, reported that it had been breached as well. Now, Microsoft says hackers viewed source code repositories and tried to expand their capabilities on the Microsoft network. Since beginning its investigation on December 17th, Microsoft has maintained that no customer data or production services were accessed. The... Read more...
The bug hunters that comprise Google's Project Zero team are getting a little fed up with companies that issue incomplete or otherwise incorrect patches for zero-day vulnerabilities they discover. Going into 2021, the team plans to reevaluate how it handles these kinds of situations, with a recent privilege escalation flaw in Windows serving as the tipping point. At issue is a zero-day flaw in Windows (CVE-2020-0986) that was actually discovered by Kaspersky this past summer. "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker... Read more...
Facebook is approaching 3 billion monthly active users (up from 2 billion in 2017), which is more than the combined population of China (~1.4 billion), the United States (~331 million), and the United Kingdom (~68 billion), to put that figure into perspective. Its massive footprint in the social media space underscores why topics like privacy and security are so important. As it pertains to the latter, Facebook has a few things planned to make its platform more secure in 2021. The importance of account security extend far beyond the inconvenience of having someone breach your account, only to have you reset your password to lock them out. We now live in an era where fake news can have real world... Read more...
As cybersecurity attacks continue to rise, companies are stepping in to provide digital weapons to anyone with ill-will and deep enough pockets. One of these companies, NSO Group, is trying to hide behind legal immunity granted by government clients. If this immunity were granted, it would set a dangerous precedent and lead to many other issues. The NSO Group is a technology and cybersecurity company or "mercenary," as Microsoft describes. NSO Group claims on its website that they create "technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe." That is a rather noble-sounding description for someone who effectively manufactures... Read more...
Over the past week, it is suspected that Russia has been behind a massive, widespread attack against several private companies and government agencies within the United States. On the homefront, Microsoft has been at the tip of the spear when it comes to responding to this incident. Now, as more agencies come forward to report breaches, it seems that even Microsoft was susceptible to the attack. This all raises the question of “Is this an act of war on the nation as a whole?” Late last night, Microsoft reported on its blog that it too found evidence of malicious code embedded within its SolarWinds environment. That code has since been isolated and removed, but that does not mean Microsoft... Read more...
It looks as though DJI could be in for some rough seas ahead as the U.S. Department of Commerce has just placed the drone maker on its dreaded Entity List. This is essentially an economic blacklist that prevent DJI from conducting business with U.S. companies due to potential threats to national security. If you recall, Huawei was also placed on the Entity List, and it practically torpedoed its smartphone business. This would represent a significant blow to DJI, as the China-based company is by far the largest producer of consumer (and commercial) drones in the world. In the United States alone, the company commands nearly 80 percent of the consumer drone market. DJI Enterprise even has... Read more...
Most devices that require some form of authentication leverage a username and password combination, a security measure that has been place since the dawn of time (well, maybe not quite that long, but still a long time). But there are problems with passwords. Weak ones are easy to crack, and tough ones are difficult to remember. Can we move beyond the traditional typed password? Microsoft believes so, and it plans to increase its efforts in that direction in 2021. Moving away from passwords completely is probably going to take a long time still, but it also seems like an inevitability. Eventually, anyway. We're reminded of the weakness of passwords when, each year, companies like NordVPN release... Read more...
On Monday, news broke that Russian hackers breached SolarWinds in an effort to compromise numerous organizations. While private companies are affected, the most significant targets seemed to be part of the U.S government. Now, Microsoft has swooped in to try and kill the SolarWinds breach with several steps that have rolled out over the past several days. When you have a breach as widespread as SolarWinds, which is rumored to be backed by hacker group APT29, or Cozy Bear, you must have an extreme response. Cozy Bear is likely to be a part of Russian intelligence and has been behind past DNC attacks and, more recently, COVID-19 research attacks. To stop Cozy Bear in its tracks with the “Sunburst”... Read more...
Suppose you want to block ads or find a deal on a product; thus a browser extension could come in handy. Just a simple download from the browser’s extension store, and you are ready to rock holiday deals without popups. The only catch is, just like any software you download, it can contain malicious code. In fact, researchers at the digital security company Avast found at least 28 third-party browser extensions that included malware. According to Avast, the 28 malicious extensions found, made for Google Chrome and Microsoft Edge, could “redirect user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active... Read more...
1 2 3 4 5 Next ... Last