Items tagged with security

Over one billion people rely WhatsApp on a monthly basis for both personal and business use. Security vulnerabilities could therefore prove detrimental to communication and workflow. If you use WhatsApp, you will definitely want to make sure you have the latest version installed on your device. Security researchers recently discovered a WhatsApp bug that could completely wipe out your group chat histories. Security researchers at Check Point created a tool referred to as the “WhatsApp Manipulation Tool”. The tool essentially altered the parameters of the app. The researchers were able to use the new parameters to obtain access to the encryption and decryption keys that are generated... Read more...
We already know about that hackers are able to steal credit and debit card details at gas pumps by using skimmers, which are devices that slip over the payment slot and, for the most part, look legitimate (they're found on ATMs as well). However, skimmers are not the only threats. Visa's Payment Fraud Disruption (PFD) division warns that cybercriminals are targeting gas station point of sale (POS) systems in North America. This is a concerning threat, because even though skimmers look like they are part of the pump, there are subtle ways to detect that something is amiss. When a hacker infiltrates a computer network, however, customers are left to the security of the company being attacked. In... Read more...
Facebook has been fighting with the U.S. government and the governments of other countries over end-to-end encryption plans that would block anyone, Facebook included, out of chat conversations on Instagram, WhatsApp, and Facebook Messenger. The Federal government doesn't like that as it says that encrypting everything gives abusers a place to practice their craft without fear of being caught by authorities. Facebook's WhatsApp already has end-to-end encryption, but the social network wants to apply that to Facebook Messenger and Instagram. At a Senate Judiciary Committee hearing, Sen. Lindsey Graham said that if Facebook didn't add the backdoor, "we're going to do this for you." In response,... Read more...
Qualcomm has pulled the covers off a new ultrasonic in-screen fingerprint scanner that is an improvement over its predecessor that was introduced in the Samsung Galaxy S10 and Galaxy Note 10 families. The new sensor is called 3D Sonic Max, and it has a significantly larger surface area for scanning. While the original in-screen 3D Sonic Sensor only had enough scanning space to scan a single finger, the new one is large enough to scan two fingers. Qualcomm says that the new scanner is 17x larger than the old one and will enable advanced security features. The new sensor uses the same ultrasonic scanning techniques that the smaller sensor used last year, and you can now scan two fingers at once... Read more...
Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds. The malware is called StrandHogg, and there are couple of things that make it extra concerning. One is that all versions of Android are affected, including Android 10, which is the latest build. And secondly, researchers say StrandHogg allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. "The... Read more...
Pretty much all new TVs these days have smart functionality built into them. This can vary by model—some are simply loaded up with streaming apps, like Netflix and Hulu, while others offer voice control. Some even have built-in cameras, both for facial recognition and to utilize apps like Skype. In response to these increasingly sophisticated TV sets permeating the market, FBI Portland has issued a warning that they can pose security and privacy threats. Of course, this has been known, and for quite a while. Around this time in 2012 (seven years ago), it was discovered that some smart TV models (including some Samsung smart TVs) were susceptible to a vulnerability that could allow an attacker... Read more...
Google began rolling out its new SMS text messaging protocol earlier with month, with features powered RCS by (Rich Communication Services). This is intended to deliver a richer messaging experience. And it does, though the rollout is not going without a hitch. Unfortunately, telecoms are doing a poor job implementing the RCS standard, leaving Android users vulnerable to security threats. To be clear, this is not a failure on Google's part. Security Research Labs (SRLabs) has only found issues in how telecoms are rolling RCS out, rather than the protocol itself. Part of the problem is that part of the standard is undefined. Companies can therefore deploy it in their own ways, and that is where... Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,... Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only... Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):... Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,... Read more...
Anyone who uses WhatsApp—and many people do, with the developers claiming 1.5 billion monthly active users—should make sure they have the latest version installed. Otherwise, they could be susceptible to a critical vulnerability that could allow hackers to infiltrate their text messaging conversations, pictures, and other private information. The vulnerability is listed as CVE-2019-11931. In short, a hacker could remotely compromise a device through WhatsApp by sending over a video file injected with malicious code. All the hacker would need is a phone number of a targeted user. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to... Read more...
As Black Friday bargains start to arrive, you may want to shop for a new wireless router, depending on old your current one is and whether it supports WPA2 (or later) encryption. Otherwise, you may soon find yourself unable to connect. Microsoft posted a list of features it plans to deprecate in Windows 10, and one of them is the older (and much weaker) WEP protocol. "Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available... Read more...
Intel has disclosed another speculative side execution vulnerability affecting many of its processors, including its latest 10th generation mobile CPUs. Fortunately, there are already mitigating patches available, at least for users who are running Windows 10, Windows 8.1 (and Windows RT 8.1), Windows 7, and various Windows Server versions. The vulnerability has to do with an extension to the x86 instruction set architecture called Intel Transactional Synchronization Extensions (Intel TSX). This extension adds hardware transactional memory support to improve multi-threaded workloads. The flaw has been dubbed TSX Asynchronous Abort (also known as ZombieLoad 2), which Intel says is similar to Microarchitectural... Read more...
First ... Prev 3 4 5 6 7 Next ... Last