Phishing emails traditionally come from threat actors looking to make a quick buck or steal some data for nefarious purposes. Things get confusing, however, when phishing-style emails come directly from an organization like Amazon. That is exactly what happened over the weekend, leaving many customers baffled...Read more...
Canon has issued a security bulletin warning that hundreds of its inkjet printer models have a flaw that could potentially expose your Wi-Fi network details after you've disposed it or sent it to a third-party entity to be serviced. The issue at hand is that affected models, including both consumer and professional...Read more...
Last year, a new Android malware, dubbed "Coper," was discovered stealing banking information, phone call data, texts, and more. ThreatFabric's threat intelligence suggests that a new piece of malware, dubbed "Octo", is a descendant of a preexisting malware family called Exobot, which was first discovered in 2016 and...Read more...
System administrators were in for a surprise when Windows Defender flagged a recent Microsoft Office Update as malware. That was, fortunately, a false positive, but when you manage hundreds or thousands of endpoints and they all start getting flagged, you might as well give a sysadmin a heart attack.
On March 16th...Read more...
News broke on February 25th that NVIDIA had been hit by a cyber-attack. The LAPSUS$ ransomware gang took responsibility for the attack the next day, but also claimed that NVIDIA hit them back with its own ransomware. However, NVIDIA’s counterstrike seems not to have disabled LAPSUS$ access to the data it stole nor has...Read more...
Since it’s meteoric rise in early 2020, Zoom has repeatedly come under fire, whether for playing fast and loose with the definition of end-to-end encryption, sharing user data with Facebook undisclosed, installing a hidden web server on customers’ Macs, publishing then back-tracking a claim of 300 million daily active...Read more...
Security researchers say they discovered and reported to Microsoft a "highly sophisticated" zero-day attack vector in Windows that targets Office 365 and Office 2019 users. In some cases, simply opening an infected document would be enough to compromise a PC. Furthermore, there does not yet exist a patch, though one...Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices...Read more...
The log-in credentials for 3,672 Ring camera owners have been leaked this week in a security breach. The leak exposed log-in emails, passwords, time zones, and the names people gave to their Ring cameras. Often those names are specific to where the camera is located, such as "bedroom" and "front door."
Using the...Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security...Read more...
NordVPN, widely regarded as one of the best virtual private network (VPN) services, confirmed one of its datacenters was hacked. The security breach occurred over a year ago, in March 2018, though is just now being disclosed to users. Apparently NordVPN used the time between then and now to audit its infrastructure and make sure its operations Read more...
Due to the inclusion of some important security patches, it is in your best interest to apply Microsoft's latest Patch Tuesday update as soon as possible. At the same time, some users have reported issues getting it to install, while others are blaming the update for borking their PC, saying it is causing random...Read more...
The OpenID Foundation has penned an open letter to Apple imploring the company to make changes to its 'Sign-In with Apple' technology that is infused in iOS 13. According to the letter, there are concerning "gaps" between Apple's implementation and OpenID Connect, and those gaps expose users to "greater security and...Read more...
Biometric security measures are improving all the time, though they are not infallible. This is demonstrated on the recently launched OnePlus 7 Pro. It has a fingerprint sensor that is embedded in the full-front display, and with a little bit of glue and a few minutes of time, it can be easily thwarted. Well, sort...Read more...
Microsoft has announced that Office 365 has gained some new security features that are meant to help protect users from online threats. These new features will go along with the security features already integrated with Office 365, like link checking and attachment scanning for viruses and phishing threats. Office 365...Read more...
OnePlus is currently in the midst of investigating a credit card payment processing breach on its website, and we're now learning the full scope of the vulnerability. As promised, and adhering to its commitment to providing full disclose, OnePlus says that anyone that entered their credit card details (card numbers...Read more...
Sometimes it feels like this whole cryptocurrency mining business is getting out of hand. The underlying technology—blockchain—is interesting and potentially very useful, but there are some side effects that are casting a dark shadow over cryptocurrency, such as driving up the price (and limiting availability) of...Read more...
OnePlus is catching heat from its customers yet again, this time for the discovery of a pre-installed application found on several of its handsets that could allow an attacker to gain root access. The application is a diagnostics tool called "EngineerMode" that Qualcomm developed and distributes to OEMs like OnePlus...Read more...
After an almost mind-boggling number of security and privacy issues that have deluged into our lives over the past handful of years, you'd think that companies would begin to take their customers' private data seriously. Still, there are some who just don't seem to "get it", and apparently, OnePlus has proven to be...Read more...
A software engineer has discovered that OnePlus is actively collecting certain data on its users without their knowledge or permission. Chris Moore, owner of a UK-based security and tech blog and a finalist at Cyber Security Challenge UK, published an article detailing the Chinese electronic company's data collection...Read more...
Hacker group OurMine claims to have hacked the official PlayStation Twitter and Facebook pages Sunday night. The group took credit for the hack and posted several messages to the social media accounts, which have now all now been deleted.
Before the messages were deleted, they were copied for posterity...Read more...
MWR Labs has been able to demonstrate a hack on older Amazon Echo speakers that turns the device into an always-on spy sitting right in your home. Detractors of the way Amazon crafted it's speakers to always listen for your voice will use this as an "I told you so" moment.
According to the researchers, the Echo is...Read more...