News aggregator

Facebook to verify identities on accounts that churn out viral posts

Sophos - Naked Security - Mon, 01/06/2020 - 07:14
Hopefully it's a COVID-19 version of what it did post-2016 elections, when it required verification of those buying political or issue ads.

Monday review – the hot 15 stories of the week

Sophos - Naked Security - Mon, 01/06/2020 - 06:51
From iPhone jailbreaks to questions about the dark web, and everything in between. It's weekly roundup time!

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

THN - Sat, 30/05/2020 - 12:43
Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple'

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

THN - Sat, 30/05/2020 - 07:32
Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache Attacks" published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

THN - Sat, 30/05/2020 - 04:56
Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a

Clearview AI facial recogition sued again – this time by ACLU

Sophos - Naked Security - Fri, 29/05/2020 - 11:41
Clearview AI, the company that's scraped billions of images to build a facial recognition system, is getting sued again.

COVID-19 tests, PPE and antivirual drugs find a home on the dark web

Sophos - Naked Security - Fri, 29/05/2020 - 08:15
COVID-19 testing kits, Hydroxychloroquine and PPE - it's all for sale on the dark web.

Windows 10 adds new security and privacy features in May update

Sophos - Naked Security - Fri, 29/05/2020 - 07:15
Windows 10 release 2004 is out, with a slew of new features, including several updates to its security and privacy.

Google sued by Arizona for tracking users’ locations in spite of settings

Sophos - Naked Security - Fri, 29/05/2020 - 07:08
Maps, weather, searches et al. suck up location data in the background, even if Tracking is turned off. Arizona says it's consumer fraud.

Inside a ransomware gang’s attack toolbox

Sophos - Naked Security - Thu, 28/05/2020 - 12:10
Ransomware's changed a lot over the years - here's a peek into a criminal gang's current toolbox...

Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw

Sophos - Naked Security - Thu, 28/05/2020 - 10:06
Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

Sophos - Naked Security - Thu, 28/05/2020 - 08:13
A critical security flaw in Android could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks, say researchers.

A New Free Monitoring Tool to Measure Your Dark Web Exposure

THN - Thu, 28/05/2020 - 07:35
Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

THN - Thu, 28/05/2020 - 06:52
It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government

Apple sends out 11 security alerts – get your fixes now!

Sophos - Naked Security - Wed, 27/05/2020 - 13:15
Apple's current round of updates have been officially anounced in the company's latest Security Advisory emails.

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

THN - Wed, 27/05/2020 - 07:31
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for

Open source libraries a big source of application security flaws

Sophos - Naked Security - Wed, 27/05/2020 - 07:27
How many vulnerabilities lurk inside the open source libraries that today’s developers happily borrow to build their applications?

Google may soon add end-to-end encryption for RCS

Sophos - Naked Security - Wed, 27/05/2020 - 06:44
The dogfood version of the recently updated app shows multiple references to encryption for RCS, the feature-rich successor to SMS messaging.

New iPhone jailbreak released

Sophos - Naked Security - Tue, 26/05/2020 - 13:38
Apple’s latest iOS versions have only been out for a week, but there's already a jailbreak available.


Subscribe to Shiga Tecnologia aggregator