From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources on the ground worldwide. The previously unreported global problem originated in Iran and spiderwebbed to other countries, and was left unrepaired — despite […]

Microsoft’s Office 365 has been giving some users cold sweats. No matter how hard they try to log in, they simply can’t access the service and haven’t been able to for hours – others say it has wobbled for days. Sporadic reports of unrest began to emerge on Down Detector on Friday (26 October) in […]

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the […]

The UK’s Information Commissioner has formally fined Facebook £500,000 – the maximum available – over the Cambridge Analytica scandal. In a monetary penalty notice issued this morning, the Information Commissioner’s Office (ICO) stated that the social media network had broken two of the UK’s legally binding data protection principles by allowing Cambridge academic Aleksandr Kogan […]

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit […]

A startup that claims to sell surveillance and hacking technologies to governments around the world left nearly all its data—including information taken from infected targets and victims—exposed online, according to a security firm who found the data. Wolf Intelligence, a Germany-based spyware company that made headlines for sending a bodyguard to Mauritania and prompting an […]

When President Trump calls old friends on one of his iPhones to gossip, gripe or solicit their latest take on how he is doing, American intelligence reports indicate that Chinese spies are often listening — and putting to use invaluable insights into how to best work the president and affect administration policy, current and former […]

Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old […]

Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It’s just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers […]

There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with […]

A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique. What’s more surprising, is that the technique was first detailed way back […]

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage code on dating websites. After […]

3 GOP senators want Google to give answers over data leak that affected 500,000 users. Source: Senators to Google: Why didn’t you disclose Google+ vulnerability sooner? It’s only three senators and chances are you haven’t heard of the massive, millions affected data breach suffered by Google, that they didn’t report. Interestingly, if you try to […]

The vuln (CVE-2018-6977) allows an attacker with normal local user privileges to trigger an infinite loop in a 3D-rendering shader. According to VMware, a “specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device”. If that happens, VMware warned, the hypervisor may rely on the […]

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password. The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric […]

New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today. The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress. Congress ordered the GAO report in preparation […]

Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses. This time, it’s Chinese surveillance camera maker Xiongmai who was named and shamed by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed […]

A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday. Google said it found no evidence of data misuse. Still, as part of the response to the incident, Google plans to shut down the social network […]

In less than two years, anything that can connect to the internet will come with a unique password — that is, if it’s produced or sold in California. The “Information Privacy: Connected Devices” bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about […]

In its ongoing exploration of Intel’s Management Engine (ME), security biz Positive Technologies has reaffirmed the shortsightedness of security through obscurity and underscored the value of open source silicon. The Intel ME, included on most Intel chipsets since 2008, is controversial because it expands the attack surface of Intel-based hardware. If compromised, it becomes side-channel […]

Party chairman Brandon Lewis was planning to sell the “interactive” app – which will allow attendees to give feedback on speeches as they happen – as evidence that the ruling party was embracing tech in a bid to win over the youth vote (another idea was to have the culture secretary appear as a hologram). […]

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps […]

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static […]

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years. This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, […]