News aggregator

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

THN - Tue, 22/01/2019 - 14:50
Just in time… Cybersecurity experts this week fighting over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification just because APT on Linux also does the same. Just today, a security researcher revealed details of a critical remote code execution flaw in Linux APT, exploitation of which could have been mitigated if the

Rogue websites can turn vulnerable browser extensions into back doors

Sophos - Naked Security - Tue, 22/01/2019 - 10:46
A researcher has found that websites can use some extensions to bypass security policies, execute code, and even install other extensions.

Bicycle-riding hitman convicted with Garmin GPS watch location data

Sophos - Naked Security - Tue, 22/01/2019 - 09:28
Location data extracted from the athletic hitman's Garmin GPS watch and TomTom sat nav led to his conviction in two gangland murders.

WhatsApp fights the spread of deadly fake news with recipient limit

Sophos - Naked Security - Tue, 22/01/2019 - 08:28
WhatsApp has capped the number of people you can forward messages to, after India was seized by rumour-inspired mob lynchings.

DNC targeted by Russian hackers beyond 2018 midterms, it claims

Sophos - Naked Security - Tue, 22/01/2019 - 05:02
The Democratic National Committee has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018.

Google fined $57 million by France for lack of transparency and consent

THN - Mon, 21/01/2019 - 16:54
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data

New malware found using Google Drive as its command-and-control server

THN - Mon, 21/01/2019 - 13:37
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (

Twitter bug exposed some Android private tweets to public view

Sophos - Naked Security - Mon, 21/01/2019 - 11:17
The latest privacy glitch, which went unnoticed for over four years, may trigger yet another EU privacy probe.

Attackers used a LinkedIn job ad and Skype call to breach bank’s defences

Sophos - Naked Security - Mon, 21/01/2019 - 11:05
A Chilean Senator has taken to Twitter with alarming news – the company running the country’s ATM network suffered a serious cyberattack.

State agency exposes 3TB of data, including FBI info and remote logins

Sophos - Naked Security - Mon, 21/01/2019 - 10:39
Oklahoma’s Department of Securities (ODS) exposed 3TB of files in plain text containing sensitive data on the public internet this month.

Tim Cook demands a way for users to delete their personal data

Sophos - Naked Security - Mon, 21/01/2019 - 09:33
The Apple CEO wants the FTC to set up a data-broker clearinghouse so people can see the data that companies have collected on them.

Monday review – the hot 23 stories of the week

Sophos - Naked Security - Mon, 21/01/2019 - 08:07
From WhatsApps that aren't meant for you to the highly promising USB-C authentication, and everything in between. It's weekly roundup time.

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

THN - Mon, 21/01/2019 - 07:42
A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York. Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was

Serious Security: What 2000 years of cryptography can teach us

Sophos - Naked Security - Sat, 19/01/2019 - 22:08
Here's a fascinating history of cryptography that has plenty to teach you - and you don't need a degree in mathematics to follow along!

Vast data-berg washes up 1.16 billion pwned records

Sophos - Naked Security - Fri, 18/01/2019 - 10:33
Have I Been Pwned? (HIBP) has revealed a huge cache of breached email addresses and passwords, which it has named Collection #1.

Google cracks down on access to your Android phone and SMS data

Sophos - Naked Security - Fri, 18/01/2019 - 10:16
Android apps that want access to your call and SMS data now have to pass muster with Google's team of reviewers.

Did you know you can see the ad boxes Facebook sorts us into?

Sophos - Naked Security - Fri, 18/01/2019 - 09:49
...or that they can edit the (often inaccurate) pigeon-holes Facebook likes to put us in, a study found.

New Android Malware Apps Use Motion Sensor to Evade Detection

THN - Fri, 18/01/2019 - 09:37
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have

Ep. 015 – USB anti-hacking, bypassing 2FA and government insecurity [PODCAST]

Sophos - Naked Security - Fri, 18/01/2019 - 09:22
Here's the latest Naked Security podcast - enjoy!


Subscribe to Shiga Tecnologia aggregator