New research shows that misconfigurations of a widely used web tool have led to the leaking of tens of millions of data records. Microsoft’s Power Apps, a popular development platform, allows organizations to quickly create web apps, replete with public facing websites and related backend data management. A lot of governments have used Power Apps Read more about A Misused Microsoft Tool Leaked Data from 47 Organizations[…]
After facing criticism over the app’s recent decision to prohibit sexually explicit content starting in October, OnlyFans CEO Tim Stokely pointed the finger at banks for the policy change. In an interview with the Financial Times published Tuesday, Stokely singled out a handful of banks for “unfair” treatment, saying they made it “difficult to pay our creators.” Source: OnlyFans Read more about OnlyFans CEO on why site is banning porn: ‘The short answer is banks’[…]
[…] The Belarusian Cyber Partisans, as the hackers call themselves, have in recent weeks released portions of a huge data trove they say includes some of the country’s most secret police and government databases. The information contains lists of alleged police informants, personal information about top government officials and spies, video footage gathered from police drones and detention centers Read more about Belarus Hackers Seek to Overthrow Government, release huge trove of sensitive data[…]
[…] Samsung already makes it extremely difficult to have root access without tripping the security flags, and now the Korean OEM has introduced yet another roadblock for aftermarket development. In its latest move, Samsung disables the cameras on the Galaxy Z Fold 3 after you unlock the bootloader. Knox is the security suite on Samsung Read more about Samsung Galaxy Z Fold 3’s camera breaks after unlocking the bootloader[…]
By combining miniaturized electronics with some origami-inspired fabrication, scientists in Germany have developed what they say is the smallest microsupercapacitor in existence. Smaller than a speck of a dust but with a similar voltage to a AAA battery, the groundbreaking energy storage device is not only safe for use in the human body, but actually Read more about Dust-sized supercapacitor packs the same voltage as a AAA battery[…]
[…] The new “Personal Information Protection Law of the People’s Republic of China” comes into effect on November 1st, 2021, and comprises eight chapters and 74 articles […] The Cyberspace Administration of China (CAC) said, as translated from Mandarin using automated tools: On the basis of relevant laws, the law further refines and perfects the Read more about China puts continuous consent at the center of data protection law[…]
[…] When you plug in one of these Razer peripherals, Windows will automatically download Razer Synapse, the software that controls certain settings for your mouse or keyboard. Said Razer software has SYSTEM privileges, since it launches from a Windows process with SYSTEM privileges. But that’s not where the vulnerability comes into play. Once you install Read more about You Can Gain Admin Privileges to Any Windows Machine by Plugging in a Razer Mouse[…]
A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) Read more about Exclusive: Hacker Selling Private Data Allegedly from 70 Million AT&T Customers[…]
The problem with harvesting reams of sensitive data is that it presents a very tempting target for malicious hackers, enemy governments, and other wrongdoers. That hasn’t prevented anyone from collecting and storing all of this data, secure only in the knowledge this security will ultimately be breached. […] The Taliban is getting everything we left Read more about Sensitive Data On Afghan Allies Collected By The US Military Is Now In The Hands Of The Taliban[…]
Epic Games’ objections to Google’s business practices became clearer on Thursday with the release of previously redacted accusations in the gaming giant’s lawsuit against the internet goliath. Those accusations included details of a Google-run operation dubbed Project Hug that aimed to sling hundreds of millions of dollars at developers to get them to remain within Read more about Epic lawsuit’s latest claims: Google slipped tons of cash to game devs, Android makers to cement Play store dominance[…]
Distributed Denial of Secrets is a journalist 501(c)(3) non-profit devoted to enabling the free transmission of data in the public interest. We aim to avoid political, corporate or personal leanings, to act as a beacon of available information. As a transparency collective, we don’t support any cause, idea or message beyond ensuring that information is Read more about Distributed Denial of Secrets – the new wikileaks[…]
[…] display items that come from the same category as the target product, such as a board game matched with other board games, enhance the chances of a target product’s purchase. In contrast, consumers are less likely to buy the target product if it is mismatched with products from different categories, for example, a board Read more about Online product displays can shape your buying behavior[…]
Online researchers say they have found flaws in Apple’s new child abuse detection tool that could allow bad actors to target iOS users. However, Apple has denied these claims, arguing that it has intentionally built safeguards against such exploitation. It’s just the latest bump in the road for the rollout of the company’s new features, Read more about Apple’s Not Digging Itself Out of This One: scanning your pictures is dangerous and flawed[…]
In a new blog post for the International Monetary Fund, four researchers presented their findings from a working paper that examines the current relationship between finance and tech as well as its potential future. Gazing into their crystal ball, the researchers see the possibility of using the data from your browsing, search, and purchase history Read more about Your Credit Score Should Be Based On Your Web History, IMF Says[…]
Photos that are sent in messaging apps like WhatsApp or Telegram aren’t scanned by Apple. Still, if you don’t want Apple to do this scanning at all, your only option is to disable iCloud Photos. To do that, open the “Settings” app on your iPhone or iPad, go to the “Photos” section, and disable the Read more about How to Stop Apple From Scanning Your iPhone Photos Before iOS 15 Arrives – disable photo backups. No alternative offered, sorry.[…]
The mysterious thief who stole $600m-plus in cryptocurrencies from Poly Network has been offered the role of Chief Security Advisor at the Chinese blockchain biz. It’s been a rollercoaster ride lately for Poly Network. The outfit builds software that handles the exchange of crypto-currencies and other assests between various blockchains. Last week, it confirmed a Read more about OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief[…]
Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant “Zoombombings.” The proposed settlement would generally give Read more about Zoom to pay $85M for lying about encryption and sending data to Facebook and Google[…]
a vulnerability is lurking in numerous types of smart devices—including security cameras, DVRs, and even baby monitors—that could allow an attacker to access live video and audio streams over the internet and even take full control of the gadgets remotely. What’s worse, it’s not limited to a single manufacturer; it shows up in a software Read more about >83 million Web Cams, Baby Monitor Feeds and other IoT devices using Kalay backend Exposed[…]
Authored by computer scientists from the University of Maryland and the University of Colorado Boulder, the research is the first of its kind to describe a method to carry out DDoS reflective amplification attacks via the TCP protocol, previously thought to be unusable for such operations. Making matters worse, researchers said the amplification factor for Read more about TCP Firewalls and middleboxes can be weaponized for gigantic DDoS attacks[…]
This visualization was created in **R** using the **rayrender** and **rayshader** packages to render the 3D image, and **ffmpeg** to combine the images into a video and add text. You can see close-ups of 6 continents in the following tweet thread: https://twitter.com/tylermorganwall/status/1427642504082599942 The data source is the GPW-v4 population density dataset, at 15 minute (30km) Read more about The Humanity Globe: World Population Density per 30km^2[…]
Receiving a publishing deal from an indie publisher can be a turning point for an independent developer. But when one-man team Jakefriend was approached with an offer to invest half a million Canadian dollars into his hand-drawn action-adventure game Scrabdackle, he discovered the contract’s terms could see him signing himself into a lifetime of debt, Read more about Game Dev Turns Down $500k Exploitative Contract, explains why – looks like music industry contracts[…]
Android is implementing this option as part of the accessibility feature, Switch Access. Switch Access adds a blue selection window to your display, and lets you use external switches, a keyboard, or the buttons on your Android to move that selection window through the many different items on your screen until you land on the Read more about How to Control Your Android With Just Your Facial Expressions[…]
Hamburg’s state government has been formally warned against using Zoom over data protection concerns. The German state’s data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR) since Read more about Stop using Zoom, Hamburg’s DPA warns state government – The US does not safeguard EU citizen data[…]
Most Spotify users are likely aware the streaming service tracks their listening activity, search history, playlists, and the songs they like or skip—that’s all part of helping the algorithm figure out what you like, right? However, some users may be less OK with how much other data Spotify and its partners are logging. According to Spotify’s Read more about How to Limit Spotify From Tracking You, Because It Knows Too Much – and sells it[…]
An announcement by the Cyberspace Administration of China (CAC) said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe. The announcement therefore defines infosec regulations and and responsibilities. The CAC referred to critical infrastructure as “the nerve center of economic and social operations and Read more about China orders annual security reviews for all critical information infrastructure operators[…]