🛡 Cybersecurity & Privacy 🛡 - News

Google Discloses Android Camera Hijack Hack

Google has disclosed a now-fixed issue that enabled third-party apps to access a disturbing set of permissions for its Camera App built into Android phones.

62 views20:14

PIA Announces Merger With Kape - In Latin | VPNpro

🕵 Private Internet Access announces merger with Kape Technologies – in Latin 🕵

📖 Read

via "VPNpro".

VPNpro

Kape Technologies added Private Internet Access (PIA) to their list of assets, which already includes CyberGhost VPN and ZenMate VPN services. Read more.

71 views20:54

Vulnerabilities & Threats recent news | Dark Reading

🕴 DDoS Attacks Up Sharply in Third Quarter of 2019 🕴

DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.

📖 Read

via "Dark Reading: ".

Dark Reading

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

64 views21:44

❌ D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List ❌

The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.

📖 Read

via "Threatpost".

D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List

The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.

53 views21:54

❌ 400 Vet Locations Nipped by Ryuk Ransomware ❌

The infection apparently made its way in through third-party systems.

📖 Read

via "Threatpost".

400 Vet Locations Nipped by Ryuk Ransomware

The infection apparently made its way in through third-party systems.

54 views21:54

Attacker Mistake Botches Cyborg Ransomware Campaign

🕴 Attacker Mistake Botches Cyborg Ransomware Campaign 🕴

Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.

📖 Read

via "Dark Reading: ".

Darkreading

Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.

60 views22:04

ATENTION‼ New - CVE-2011-1145 (debian_linux, enterprise_linux, opensuse, unixodbc)

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

📖 Read

via "National Vulnerability Database".

81 views23:26

Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats

🕴 Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats 🕴

Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.

📖 Read

via "Dark Reading: ".

Darkreading

Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.

90 views23:49

⚠ Adobe Acrobat and Reader 2015 reach end of support ⚠

If you've been happily using Adobe Reader 2015 software for the last few years, you're in for a rude awakening.

📖 Read

via "Naked Security".

Adobe Acrobat and Reader 2015 reach end of support

If you’ve been happily using Adobe Reader 2015 software for the last few years, you’re in for a rude awakening.

86 views11:41

⚠ XSS security hole in Gmail’s dynamic email ⚠

The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.

📖 Read

via "Naked Security".

XSS security hole in Gmail’s dynamic email

The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.

79 views12:16

⚠ Instagram stalker app Ghosty yanked from Play store ⚠

It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.

📖 Read

via "Naked Security".

Instagram stalker app Ghosty yanked from Play store

It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.

65 views12:31

⚠ Update WhatsApp now: MP4 video bug exposes your messages ⚠

A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.

📖 Read

via "Naked Security".

Update WhatsApp now: MP4 video bug exposes your messages

A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.

63 views12:41

❌ Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online ❌

A data breach left personal information--including email and IP addresses and first and last names—exposed in public databases, according to Troy Hunt.

📖 Read

via "Threatpost".

Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online

The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.

61 views14:09

Macy's holiday breach highlights retailer's need for encryption and scrutiny of third-party systems

🔐 Macy's holiday breach highlights retailer need for encryption and scrutiny of third party systems 🔐

Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.

📖 Read

via "Security on TechRepublic".

TechRepublic

Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.

59 views15:04

Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones

🕴 Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones 🕴

Vulnerability could allow an attacker to control the camera and storage without user knowledge or permission.

📖 Read

via "Dark Reading: ".

Dark Reading

Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.

56 views15:04

Why Multifactor Authentication Is Now a Hacker Target

🕴 Why Multifactor Authentication Is Now a Hacker Target 🕴

SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.

📖 Read

via "Dark Reading: ".

Darkreading

SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.

64 views15:09

ATENTION‼ New - CVE-2010-4657 (debian_linux, enterprise_linux, php)

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

📖 Read

via "National Vulnerability Database".

63 views15:31

Want to attain and retain customers? Adopt data privacy policies

🔐 Want to attain and retain customers? Adopt data privacy policies 🔐

Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.

📖 Read

via "Security on TechRepublic".

TechRepublic

Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.

64 views16:40

❌ ThreatList: Admin Rights for Third Parties is the Norm ❌

The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.

📖 Read

via "Threatpost".

ThreatList: Admin Rights for Third Parties is the Norm

The majority give outside partners, contractors and suppliers administrative access — without strong security policies in place.

62 views17:04

❌ High-Severity Windows UAC Flaw Enables Privilege Escalation ❌

Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.

📖 Read

via "Threatpost".

High-Severity Windows UAC Flaw Enables Privilege Escalation

Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.

55 views17:24