security

CNBC is reporting that The U.S Department of Homeland Security funded research of a technology called the Automated Virtual Agent for Truth Assessments in Real-Time, or AVATAR, and about six years ago tested on volunteer travelers at the U.S.-Mexico border. According to one of the developers of...

In a follow up from a story from last year, where Wikileaks exposed a number of CIA hacking tools, used to compromise platforms like the iPhone, Android, Windows, and more. The U.S government has identified a suspect in the leak. The Washington Post is reporting that Joshua Adam Schulte, a...

Your home or phones wiretap digital assistant can hear a lot more than you think. The New York Times is reporting that researchers in China and the United States have begun demonstrating that devices like Siri and Alexa can be vulnerable to hidden commands, not audible to the human ear. In 2016...

Apple has begun cracking down on apps that share location data with third-parties, by removing the application in question, and informing developers that their app violates two parts of their guidelines. 9to5Mac is reporting that they have seen several cases of Apple cracking down on...

Bleeping Computer is reporting that a select number of GitHub users were warned yesterday that due to a flaw in their password reset system, the company had stored their passwords in plain text on internal logs. According to GitHub's email, it's no big deal though because the plain text...

DARKReading has posted an interesting article today, focusing on the new and growing threat of attackers using botnets to flood comment sections in a tactic called skewing. The attacks purpose is exactly what it sounds like, to skew public opinion, I am glad someone is touching on this, as with...

Following the 2014 data breach that left some 500 million users affected, the company formerly known as Yahoo has agreed to pay a $35 million penalty to settle charges that it misled investors for failing to disclose the breach. The Securities and Exchange Commission states that Yahoo's security...

At midnight, users visiting MyEtherWallet.com found a warning for an unsigned SSL certificate. Those that chose to ignore the warning, got their wallets emptied. The Verge is reporting that hackers attacked the infrastructure of the internet, by hijacking a Border Gateway Protocol router in the...

Malwarebytes Labs has written a very in depth article on their blog about a malware campaign that they are calling "FakeUpdates." The campaign uses vulnerabilities in multiple website Content Management Systems to inject malicious code that prompt users that a program on their computer is out of...

On April 2nd we covered that Panera Bread had apparently left millions of customer information available, as plain text, for the last 8 months. Shortly after the story was published, Panera Bread gave a statement to FOX Business stating: "Our investigation to date indicates that fewer than...

A report from PCWorld states that Intel has finished with its microcode updates for the Spectre vulnerability found in its processors, however unfortunately, Intel has not provided updates for all of them. According to the Intel Microcode Revision Guidance paper, last updated April 2nd, Penryn...

In the latest news from the Cambridge Analytica scandal, Mark Zuckerberg will testify before the House Energy and Commerce Committee on April 11 the committee announced on their website today. The announcement comes after lawmakers formally asked Zuckerberg to testify on March 23rd. E&C...

Krebs on Security is reporting that millions of customer records have been leaked by Panera Bread. The data leaked includes customer names, emails, physical addresses, birthdays, and the last four digits of the customer's credit card number. As well, Krebs has learned that this data was...

DARKReading is reporting that Kaspersky Lab has made its threat hunting tool KLara available for open source. The tool runs multiple YARA identifier rules from multiple databases simultaneously. The open source tool is available now on GitHub. Very cool of Kaspersky open-sourcing this. Many...

Saleem Rashid, a 15-year-old programmer has discovered a flaw in the Ledger hardware wallet that allows hackers to get secret PINs before or after the device gets shipped according to a story on his blog. The vulnerability discovered allos for a "supply chain hack" where the device could be...

If you were wondering what Linus thinks of the latest findings on AMD "security bugs" by CTS Labs you came to the right place. Let me just say that he doesn't think too much of these so-called flaws or the company that brought them to light. You might want to go and take a look at his entire...

The Register is reporting that "On a Samba 4 Active Directory domain controller (AD DC) any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts." The problem is in all versions of Samba from 4.0.0 and newer where it...

In a report from SecureList, Kaspersky Lab ICS CERT researchers decided to check how secure a popular smart cameras are. The testers looked at cameras from Hanwha Techwin, and found what they call "severe" security flaws. The team found nearly 2,000 cameras on the internet with a public IP...

uTorrent, the most popular torrent download software has a bug that lets hackers control your PC remotely. TheHackerNews is reporting that the flaw was found by a Google Project Zero researcher in both uTorrent desktop, and the newly launched uTorrent Web. Both versions of uTorrent start a...

Owners of the Nest Cam IQ can look forward to a free update rolling out this week that will install Google Assistant on it. Ina report from the associated press, the update comes just 2 weeks after Nest moved back under Google's direct control instead of it's parent company Alphabet. While the...

Intel has announced that it has released production microcode updates to OEM manufacturers for Kaby Lake, Coffee Lake, and Skylake platforms. Along with this announcement, Intel has finally given us a schedule and availability table for the microcode revisions that can be found here. Nice to...

In a report from Androidpolice, security researchers recently discovered a bug in the Infineon TPM firmware which allows hackers to potentially brute-force a Chromebook to obtain encrypted data. The bug potentially affects all Chromebooks using the newest Infineon TPM chip, the full list can be...

Google's Project Zero has exposed a security flaw in Microsoft Edge according to a report from Neowin. Microsoft began using Arbitrary Code Guard in Edge with the creators update which forced the use of Just-in-Time (JIT) compilers to an isolated sandbox. The problem with this is the address for...

Last month we reported on how Apple plans to delay new iOS features to instead focus on security and performance. Today Bloomberg has detailed some of the upcoming plans. Instead of keeping to an annual schedule, Apple plans to focus on the next two years of iOS updates. While there will still...

Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns...

Google has announced today that with the release of Chrome 68 in July, Chrome will mark all HTTP websites as "not secure." This change is in line with what Google has been trying to do for past several years, and pushing that sites adopt the HTTPS encryption. Sounds like a good plan to me, this...

Hackers have infected thousands of Android phones and smart TVs, turning the devices into Monero miners. Chinese cyber security firm 360Netlab announced that the attack affected more than 7,000 devices in China by taking advantage of an open port 5555. The report says that scan traffic for port...

In a report yesterday, blockchain start up "The Prodeum Project," whose goal was to "revolutionize the fruit and vegetable industry" with Ethereumhas apparently absconded with millions of investor dollars. Upon exiting with the investors money, the website went offline, ad was replaced with one...

Last year, a Windows exploit developed by the NSA was leaked called EternalBlue. That exploit was then used to initiate the WannaCry and NotPetya cyberattacks. Now it seems the same EternalBlue exploit is being used to infect computers with a new strain "WannaMine." After infection, the script...

In a blog post by Securi, it has been found that 5,482 WordPress websites infected with a keylogger. The malware, hiding as "cloudflare.solutions" was a part of a larger infection that injected a fake jQuery and Google Analytics script that was in reality a CoinHive cryptocurrency miner. If...

Slashgear is reporting that intel plans to have versions of its processors that address the Spectre and Meltdown security flaws on the market later this year. News on the processor update came during the earnings call with Intel CEO Brian Krzanich, after the company announced...

A white paper was released today by UK based private cyber intelligence company, RepKnight. The document is an analysis of dark web footprints of domains belonging to the top 500 law firms in the UK, using their "BreachAlert" platform. The analysis found the details of more than 1 million hacked...

In a forum post today, OnePlus has released more details on the breach that forced them to halt credit card payments on their site Tuesday. OnePlus states that "One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it...

It's been 3 years since Amazon finally relented and became the last major tech company to release a transparency report on what requests for data it receives from the government. ZDNet is now reporting that those reports, were not so transparent. Aside from not publishing how many users are...

A report from BleepingComputer states that Microsoft is resuming the rollout of security updates for AMD devices to patch the Meltdown and Spectre vulnerabilities. Microsoft had halted the rollout for AMD-based machines on January 9th, after their patch left users with PCs that were crashing...

After a false alert about an inbound missile, Hawaii's Emergency Management Agency has said a worker clicked the wrong item in a drop-down menu and sent it, and that its system was not hacked. But Hawaii News Now is reporting an AP photo from July has resurfaced, showing the agency's operations...

In a statement, the DHS announced that a data breach exposed personally identifiable information on more than 240,00 current and former employees in 2014. The breach also contained Investigative Data for individuals associated with investigations from 2002-2014, which includes subjects...

Brian Krzanich, Intel's CEO reportedly sold $24 million in company stock, as he was contractually allowed. Krzanich sold the stock in late November, months after Google had informed the company of the security flaw in June. To avoid charges of trading on insider knowledge, executives often put...

Hello, I developed a new website which I installed in a new server and just two days ago pointed the domain to that server. The site is running okay. Earlier I used to test the site using ip address and once satisfied I pointed domain to new server. Last x months of testing didn't reveal...

It has been discovered that several models of OnePlus smartphones were inadvertently left with a Qualcomm diagnostic tool called EngineerMode inside it's smartphones. The application was made to provide manufacturers like OnePlus a tool to test all the components of their devices. Robert...