Items tagged with security

It's not often that the US Justice Department or FBI pleads with the public to do something, so when this happens, it's worth paying attention. This past week, the agency managed to thwart a botnet called VPNFilter by deactivating a domain that would have sent further instructions to routers belonging to ordinary folk like you and me. A problem still remains, though, and it's the one the these agencies want help with. Even though the malicious domain was killed off, thousands of home routers remain infected with the malware that made them susceptible to that kind of attack to begin with.... Read more...
The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it  by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices. Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build... Read more...
Computer users around the world are still reeling from the Spectre flaws that affected many modern ARM and x86-64 CPUs, and earlier this month we learned that there was another Spectre-style vulnerability that could affect processors from Intel, AMD and ARM. Intel and Microsoft have now stepped up and officially disclosed the latest vulnerability. Intel says that following the Google Project Zero (GPZ) disclosure of speculative execution-based side-channel analysis methods back in January that it has continued working with researchers around the world to figure out if similar methods could... Read more...
An app designed to help parents spy on monitor their teenager's mobile phone activities has come under additional scrutiny for leaking account information of tens of thousands of parents and children. The app is called TeenSafe and it allows parents to look over their child's shoulder, at least as it pertains to their cell phone use. Using the app, parents can view sent and received SMS and iMessage texts, including ones that have been deleted; look at call logs of incoming and outgoing calls with the contact name, number, date, and duration of the call; view the phone's web browser history; and... Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element... Read more...
Facebook has another small crisis on its hands, and users are panicking all over social media. Over the past 24 hours, Android users have been receiving prompts from the Facebook app requesting superuser privileges.  For those that might not be familiar with Android's permissions system, superuser access would basically grant the Facebook app full or "root" access to your phone. And that's not all; the app is requesting superuser access "forever" -- yikes. Needless to say, the scores of users that received the prompt immediately took to their favorite place to vent their frustrations:... Read more...
Sometimes it feels like security and privacy are myths in this day and age of data leaks, hacking, and everything else. The latest example comes from a LocationSmart, a relatively obscure (to the public) location-as-a-service outfit has been leaking real-time location information of cell phone users on all of the major wireless networks in the United States, including AT&T, Verizon, T-Mobile, and Sprint. LocationSmart offers a free demo in which anyone can see the approximate location of their own mobile phone simply by entering in their name, email address, and phone number into a form on... Read more...
When testifying before Congress, Facebook co-founder and CEO Mark Zuckerberg was upfront about the fact that Cambridge Analytica was probably not the only company to abuse the social network's policies and improperly obtain data about its users. An investigation would likely yield more incidents, and that's what we are seeing now. Following the Cambridge Analytica scandal, Facebook has suspended in the neighborhood of 200 apps that had access to a large amount of user data. That's not likely the final number, either. Those 200 app suspensions are the result of just the first stage of Facebook's... Read more...
Security researchers are warning anyone who uses PGP (Pretty Good Privacy) or S/MIME for email encryption to disable the scheme in their email clients right away, and to uninstall tools that automatically decrypt PGP-encrypted email, due to a security flaw. They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past. "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in... Read more...
Android users have long been concerned that OS security updates for many phones come far too infrequently. Even those who are lucky enough to receive them may not get them often enough, considering they're typically released on a monthly cadence. At Google I/O this past week, however, there was some good news announced in regards to this issue. Starting with Android P, Google is updating its OEM agreements to ensure that vendors will take security much more seriously, and get those important updates out to users as quickly as possible. Because this was highlighted at Google I/O, and the agreement... Read more...
If you use Facebook Messenger, hate malware, and always click on links you're sent without a second thought, then you're going to want to exercise more caution moving forward. A new strain of malware has been making the rounds since March, and depending on how you view things, the effect of "Nigelthorn" is somewhat smashing! This latest malware is named after the Nigel Thornberry character in the popular The Wild Thornberrys cartoon, and while it might seem like an odd choice, it was done because the malware works by exploiting the 'Nigelify' browser extension that changes pictures into an image... Read more...
For many people, digital assistants have become a party of daily life—you might have Siri set a reminder for an upcoming appointment on your iPhone, or tell Alexa to order more laundry detergent from Amazon. These AI (artificial intelligence) assistants are becoming more capable by the day as well. But can they be used for nefarious purposes? Perhaps so, and it could happen right under your nose—over the past couple of years, researchers have demonstrated that Apple's Siri, Amazon's Alexa, and Google's Assistant can each receive 'hidden' commands that are undetectable to the human ear.... Read more...
Smartphones routinely turn up in police investigations around the world and these devices often have clues on them that could help law enforcement to catch criminals. As it stands right now law enforcement has a few tools that it uses to gain access to these devices whether the owner wants to unlock them or is even alive to unlock them. These tricks include things as basic a using the fingerprints of the dead to unlock their phones to using GrayKey iPhone unlocking devices to gain access. Apple is looking to limit access to devices and action will be taken to protect devices starting in iOS 11.4.... Read more...
An increasing number of companies and agencies are turning to facial recognition technology for various things, but is it really ready for prime time? It's a valid question in the wake of some concerning developments, the latest of which involves the South Wales police force using facial recognition technology to scan for criminals at major events. In particular, during the 2017 Champions League final, more than 2,000 people in Cardiff were identified as potential criminals even though most of them were not. The way it works is cameras scan faces in a crowd, then compare the images to the police... Read more...
1 2 3 4 5 Next ... Last