An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers. The vulnerability was discovered by fraud detection service Fingerprint JS, which has contacted the WebKit maintainers and provided a public source code repository. As of 28 November last year, the issue Read more about Safari 15 could leak Google account info to malicious sites[…]

An app that visitors to the 2022 Olympics Games in Beijing are obligated to download is also a cybersecurity nightmare that threatens to expose much of the data that it collects, according to a new report. MY2022, the mandatory app for visitors at this year’s Winter Games, offers a variety of services—including tourism recommendations, Covid-related Read more about Security Holes Found in My2022 App for Beijing Winter Olympics[…]

Have you immortalized your beloved dog, Charlie, in all of your online passwords? While he may be tasked to protect your home (or at least his food bowl), your heartfelt dedication might actually be compromising your digital safety. Many passwords believed to be deeply personal to you are, in fact, quite common – making them Read more about The Worst Passwords in the Last Decade (And New Ones You Shouldn’t Use)[…]

A team of researchers at France’s Research Institute of Computer Science and Random Systems created an anti-malware system centered around a Raspberry Pi that scans devices for electromagnetic waves. As reported by Tom’s Hardware, the security device uses an oscilloscope (Picoscope 6407) and H-Field probe connected to a Raspberry Pi 2B to pick up abnormalities Read more about Raspberry Pi Can Detect Malware By Scanning for EM Waves[…]

Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. The urgent advice to athletes and supporting staff to not bring any personal devices to China was part of a set Read more about Dutch Athletes Warned To Keep Phones and Laptops Out of China[…]

While many of the groups that took part in last year’s siege on the U.S. Capitol turned to Facebook and Telegram groups to plan their part in the attack, the Oath Keepers—a far-right org that’s best described as somewhere between a militia and a rag-tag group of wannabe vigilantes—are alleged to be bigger fans of Read more about DOJ Say Evidence Against Oath Keepers Came From Signal Chats[…]

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In Read more about Bad things come in threes: Apache reveals another Log4J bug[…]

UK online used goods bazaar Gumtree exposed its users’ home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw. British company Pen Test Partners (PTP) spotted the data leakage, which meant anyone could view a Gumtree user’s name Read more about Gumtree users’ locations were visible by pressing F12, wouldn’t pay bug bounty to finder[…]

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users’ payment details were mistakenly published on GitHub between September and November of this year. Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee. Read more about LINE Pay leaks around 133,000 users’ data to GitHub[…]

Tricking users into visiting a malicious webpage could allow malicious people to compromise 150 models of HP multi-function printers, according to F-Secure researchers. The Finland-headquartered infosec firm said it had found “exploitable” flaws in the HP printers that allowed attackers to “seize control of vulnerable devices, steal information, and further infiltrate networks in pursuit of Read more about 150 HP multi-function printer types vulnerable to exploit[…]

UK lawmakers are sick and tired of shitty internet of things passwords and are whipping out legislation with steep penalties and bans to prove it. The new legislation, introduced to the UK Parliament this week, would ban universal default passwords and work to create what supporters are calling a “firewall around everyday tech.” Specifically, the Read more about The UK Just Banned Default Passwords and We Should Too[…]

As much as 38 percent of the Internet’s domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com. The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. Read more about Linux has a serious security problem that once again enables DNS cache poisoning using ICMP / ping information[…]

If there’s one thing we learned it’s that no one learns anything. Here’s the top 9 Source: Top 200 Most Common Password List 2021 | NordPass

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. These cookies.sqlite databases normally reside in the Firefox profiles folder. They’re used to store cookies between browsing sessions. And they’re findable by searching GitHub with specific query parameters, what’s known as a search Read more about Thousands of Firefox users accidentally commit login cookies on GitHub[…]

The EU is at it again. Recently Mozilla put out a position paper highlighting the latest dangerous move by busybody EU regulators who seem to think that they can magically regulate the internet without (1) understanding it, or (2) bothering to talk to people who do understand it. The issue is the Digital Identity Framework, Read more about EU’s Latest Internet Regulatory Madness: Destroying Internet Security With Its Digital Identity Framework[…]

it’s also one of the few apps that offer end-to-end encryption by default. This means that no one other than you the other party can read your conversations. Even WhatsApp can’t read your conversations because it doesn’t have the key to un-encrypt your chats. This was all true, except for one scenario: WhatsApp chats backed Read more about Why You Should Encrypt Your WhatsApp Backups in iCloud[…]

Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks. Rowhammer attacks work by accessing—or hammering—physical rows inside vulnerable chips millions Read more about DDR4 memory protections are broken wide open by new Rowhammer technique[…]

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the Read more about High severity BIOS flaws affect numerous Intel processors[…]

[…] Even those who consider themselves well educated about cyber crime and security threats—and who do everything they’ve been taught to do—can (and do!) still end up as victims. The truth is that, with enough time, resources, and skill, everything can be hacked. The key to protecting your digital life is to make it as Read more about Securing your digital life, part one: The basics[…]

[…] In a paper titled, The Security Risk of Lacking Compiler Protection in WebAssembly, distributed via ArXiv, the technical trio say that when a C program is compiled to WASM, it may lack anti-exploit defenses that the programmer takes for granted on native architectures. The reason for this, they explain, is that security protections available Read more about Code compiled to WASM may lack standard security defenses[…]

Surveillance software developer NSO Group may have a very tough road ahead. The US Commerce Department has added NSO to its Entity List, effectively banning trade with the firm. The move bars American companies from doing business with NSO unless they receive explicit permission. That’s unlikely, too, when the rule doesn’t allow license exceptions for Read more about US bans trade with security firm NSO Group over Pegasus spyware[…]

The wait is over. It’s now possible to encrypt your WhatsApp chat history on both Android and iOS, Facebook CEO Mark Zuckerberg announced on Thursday. The company plans to roll out the feature slowly to ensure it can deliver a consistent and reliable experience to all users. However, once you can access the feature, it Read more about WhatsApp begins rolling out end-to-end encryption for chat backups[…]