Device makers still shipping products with Android Debug Bridge enabled

Device makers still shipping products with Android Debug Bridge enabled

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled - a dangerous default setting that enables potential adversaries to connect to these devices.
By Bradley Barth Jun 14 2018, 12:37PM
Facebook defends sharing user data with mobile OEMs

Facebook defends sharing user data with mobile OEMs

Facebook is defending its privacy and data management practices again after the New York Times on Sunday reported that the social media giant has entered into agreements over the last decade to share user data.
By Bradley Barth Jun 6 2018, 12:45PM
Europol forms new Dark Web Team to combat online criminal marketplaces

Europol forms new Dark Web Team to combat online criminal marketplaces

Europol this week announced the formation of a "Dark Web Team" specifically dedicated to investigating and shutting down underground internet marketplaces, with the assistance of law enforcement agencies.
By Bradley Barth Jun 5 2018, 11:51AM
Google fixes 24 bugs in Chrome OS, security pass flaw in reCAPTCHA feature

Google fixes 24 bugs in Chrome OS, security pass flaw in reCAPTCHA feature

Google on Tuesday released version 67.0.3396.62 of the Chrome operating system for Windows, Mac & Linux to its stable channel, solving 24 vulnerabilities & introducing its "Site Isolation" security feature to additional users.
By Bradley Barth Jun 1 2018, 1:44PM
Flaws in smart pet devices, apps could come back to bite owners

Flaws in smart pet devices, apps could come back to bite owners

Fido might be man's best friend, but smart devices designed to track pets' movements and activity could be your worst enemy if attackers manage to capitalise on any of the dozen vulnerabilities researchers recently observed in them.
By Bradley Barth May 25 2018, 12:20PM
Jay-Z's streaming service discloses breach

Jay-Z's streaming service discloses breach

In denying accusations that it manipulated its subscriber statistics, Jay-Z-owned music streaming platform TIDAL instead has disclosed a potential data breach, according to various industry reports.
By Bradley Barth May 24 2018, 11:04AM
Google may contractually require OEMs to perform regular patching

Google may contractually require OEMs to perform regular patching

Google is looking into the possibility of requiring device manufacturers to regularly patch their devices, by incorporating such a provision into future OEM agreements.
By Bradley Barth May 18 2018, 1:02PM
PDF exploit built to combine zero-day Windows and Adobe Reader bugs

PDF exploit built to combine zero-day Windows and Adobe Reader bugs

A privilege escalation vulnerability patched last week in Microsoft Windows and an Adobe Reader remote code execution bug fixed in a product update were both jointly targeted by a PDF-based zero-day exploit.
By Bradley Barth May 17 2018, 11:31AM
New Apple ID phishing operation protects web assets with AES encryption

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.
By Bradley Barth May 14 2018, 11:40AM
LG patches RCE bug in smartphone keyboards

LG patches RCE bug in smartphone keyboards

LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models.
By Bradley Barth May 14 2018, 11:40AM
Confusion over chipmakers' debug exception instructions prompts patching

Confusion over chipmakers' debug exception instructions prompts patching

Multiple major operating systems and hypervisors contain a serious CPU chipset bug that could allow authenticated attackers to elevate privileges, read sensitive data in memory, and control certain low-level functions.
By Bradley Barth May 11 2018, 11:16AM
Patch Tuesday: Microsoft mends RCE bug exploited by cyber-espionage group

Patch Tuesday: Microsoft mends RCE bug exploited by cyber-espionage group

A security update has fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.
By Bradley Barth May 10 2018, 11:19AM
CCleaner attackers gained access to app developer's network via TeamViewer

CCleaner attackers gained access to app developer's network via TeamViewer

The attackers who infected 2.27 million machines last year using a modified version of the computer maintenance app CCleaner gained unauthorised access to the developer's network using remote access program TeamViewer.
By Bradley Barth Apr 26 2018, 12:25PM
Should the US treat Russian hacking networks like ISIS?

Should the US treat Russian hacking networks like ISIS?

Current tactics to discourage rogue nation-states from engaging in malicious cyber-behavior are failing, and could necessitate more drastic actions, according to experts speaking at an RSA 2018 panel session on Tuesday.
By Bradley Barth Apr 20 2018, 12:10PM
Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and several core apps, as well as security enhancements for two older OS offerings.
By Bradley Barth Apr 4 2018, 12:37PM
Malicious bot traffic climbs 9.5 percent in 2017, says report

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report Tuesday.
By Bradley Barth Mar 29 2018, 12:36PM
Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected $US120,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver.
By Bradley Barth Mar 20 2018, 11:39AM
Google policy change abolishes ads for cryptocurrencies

Google policy change abolishes ads for cryptocurrencies

Google this week updated its financial services policy, effective June 2018, to prohibit the advertising of cryptocurrencies and related content.
By Bradley Barth Mar 19 2018, 11:53AM
Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.
By Bradley Barth Mar 14 2018, 12:11PM
Malware steals payments, cryptocurrency by modifying clipboard saved info

Malware steals payments, cryptocurrency by modifying clipboard saved info

Researchers have discovered a new malware that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.
By Bradley Barth Mar 8 2018, 1:03PM