Tag: Security

Facebook’s reportedly been storing millions of user passwords in plain text since 2012

Last night, Facebook revealed that it found a flaw in January in its systems that stored user passwords in plain text, which meant that anyone who had access to them could read those passwords without having to decrypt them. The vulnerability impacts “hundreds of millions of Facebook Lite users, tens of millions of other Facebook […]

Read More

Jared Kushner uses WhatsApp to talk with foreign leaders, claims Cummings

But her emails. House Oversight Chairman Elijah Cummings says Abbe Lowell has confirmed that President Donald Trump’s son-in-law and White House advisor Jared Kushner has been using the encryptable/disappear-able messaging WhatsApp to communicate with leaders of foreign nations. “Mr. Lowell could not answer whether Mr. Kushner’s communications included classified information.” Mr. Kushner’s attorney disputes the […]

Read More

Facebook reportedly stored hundreds of millions of user passwords in plaintext – for years

Today, Krebs on Security has revealed that Facebook was storing between 200 and 600 million Facebook users passwords in plain text, going back to as early as 2012. While Facebook claims to have found no indication that the passwords were abused, an insider speaking to Krebs on Security claims around 2,000 developers made around 9 […]

Read More

Steam vulnerability exposed users to account hijacking and malware

A vulnerability in Valve‘s Steam platform made it possible for malicious actors to take over user accounts, pilfer their items, and even infect their systems with additional malware. The security kink resided in Steam‘s server browser functionality – which lets players look up severs for a number of games (including hit titles like CS:GO, Half-Life […]

Read More

Android Q won’t let apps turn Wi-Fi on and off, potentially crippling apps like Tasker

Android is known and loved for the extensive amount of automation and customization that can be achieved through its APIs. One of those is giving apps the ability to turn on and off Wi-Fi without user input. Tasker and IFTTT are major beneficiaries of this capability, but there is always malware that could abuse access […]

Read More

CISOs: You need to manage by ‘walking around’

Chief information security officers (CISOs) today have replaced chief information officers (CIOs) as the most under-valued C-level executives. In fact, according to research from the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), nearly one-third (29 percent) of corporations today still do not have a CISO role or its equivalent. And for […]

Read More

Android Q steps up the fight against overlay-based malware

One of the bigger developer-facing changes we’ve spotted in Android Q is a mild deprecation of the SYSTEM_ALERT_WINDOW permission which controls overlays. (Think Facebook’s chat heads or those Pokémon Go stats apps and you should get the idea.) Sideloaded apps on Android Q will see that permission revoked after 30 seconds, and the permission is […]

Read More

[Update: Gearbest responds] Gearbest reportedly left its main database unsecured, payment information and other customer data easily accessible

Gearbest is a massive online store, primarily specializing in Chinese products. In the Android community, Gearbest is known as one of the easiest ways to purchase devices from Xiaomi and other Chinese brands in the United States. If you’ve purchased something from Gearbest in the past, you might want to start changing your credit cards […]

Read More

Google distributed malicious Chrome app designed to steal your cryptocurrency

Be wary if you come across ads that promote an airdrop, distributing tokens for popular cryptocurrency exchange desk Huobi: the offer might be fake, and you might be getting swooped into an elaborate ploy designed to steal your coins. Security researcher Harry Denley, who maintains popular anti-phishing database EtherscamDB, has unearthed a phishing campaign that tricks […]

Read More

There is a federal criminal investigation into Facebook’s data-sharing deals

The Eastern District of New York empaneled a Grand Jury into the dirty data dealings of Facebook. Federal investigators are probing Facebook’s data-sharing deals with other companies. A New York grand jury is reported to have subpoenaed “at least two” smartphone makers. “Both companies had (…) broad access to the personal information of hundreds of […]

Read More

You can revoke permissions for older apps in Android Q before installing them

Android used to be the Wild West when it came to permissions: Apps would tell you what parts of your phone they needed access to before you installed them, and you could either accept that or not use the app at all — it was an all-or-nothing deal. Over the years, Google got its act […]

Read More

Gearbest reportedly left its main database unsecured, payment information and other customer data easily accessible

Gearbest is a massive online store, primarily specializing in Chinese products. In the Android community, Gearbest is known as one of the easiest ways to purchase devices from Xiaomi and other Chinese brands in the United States. If you’ve purchased something from Gearbest in the past, you might want to start changing your credit cards […]

Read More

Security researchers found over 40 bugs in blockchain platforms in 30 days

White hat hackers have found more than 40 bugs in blockchain and cryptocurrency platforms in the past 30 days, according to an investigation by Hard Fork. There is a silver lining though: none of the vulnerabilities appear to be particularly serious at first glance. Thirteen companies dealing with cryptocurrency and blockchain tech received a total […]

Read More

Google killed 2.3 billion ‘bad ads’ in 2018, down 28% from 2017

Around this time of year, Google shares how many “bad ads” it killed the year before. And every year, the number grows. But not this time. “Bad ads” consist of any advertising that violates Google’s advertising policies, including ad fraud, phishing scams, and malware. That includes everything from a one-off accident to a coordinated action […]

Read More

Rogue adware SimBad found in the Play Store, over 200 affected apps with 150+ million downloads removed

Another day, another security problem. This time, we have what’s been dubbed SimBad by the Check Point research team, a rogue adware campaign found to affect over 200 million now-removed apps in the Play Store — these apps together accounted for over 150 million downloads. It shows out-of-context ads, exposes users to other malicious apps, […]

Read More

Iovation: Merchants aren’t prepared for Europe’s tough anti-fraud compliance rules

Most companies are not prepared for the fraud prevention rules that are going into effect in Europe by September, according to a report from Iovation and research and advisory firm Aite Group. This suggests we may be looking at a replay of the lack of preparedness companies showed with last […]

Read More

Microsoft 365 Government adds Teams, Power Platform, and Dynamics 365 Customer Engagement

Microsoft is expanding the range of cloud-based features it offers to government customers, allowing them to tap into many of the same services used by business clients. Public agencies are a growing customer base that the company targets with its Microsoft 365 Government platform. Now those customers will have access […]

Read More

Security researcher reveals grotesque vulnerabilities in “Yelp-for-MAGA” app and its snowflake owner calls in the FBI

63Red Safe is an app affiliated with 63red, a far-right news site, that is a sort of Green Book for racists, identifying restaurants and other establishments that will serve people sporting MAGA hats and other modern Klan-hood-alikes without calling them out on their overt racist symbology. 63Red Safe’s developers made a string of […]

Read More

Researchers say quasistatic signals will protect wearables and implants from hackers

As wearable devices and medical implants become more common, their likelihood of being targeted by hackers increases, with stakes that could be even higher than traditional computer viruses. But researchers at Purdue University have developed a way to improve both the security and longevity of these devices: a switch from […]

Read More