Users of Apple tech have a new reason to worry. A security researcher named Sabri Haddouche, who works for an instant messaging app called "Wire," has published a proof of concept web page. It contains a fatal exploit that can crash and restart iPhones, iPads and any Mac. Essentially then, the entire Apple ecosystem is vulnerable. Worse, the security flaw can be exploited using nothing more than CSS and HTML code. The flaw resides in Apple's WebKit, which is its web rendering engine used … Read more
Archives for September 2018
Popular NAS Device May Easily Be Compromised
Western Digital has a big problem, and if you use the company's "My Cloud" network-attached storage (NAS) storage devices, you've got one too. The WD My Cloud service is enormously popular because it's so convenient, allowing both business owners and individuals to store their files, perform periodic backups, and of course, access their data from anywhere in the world. Recently, security researchers have discovered an authentication bypass vulnerability that could allow an attacker to gain … Read more
Malware Reports Continue To Rise
We've known for some time now that the next big crisis the internet will have to come to grips with is the dramatic rise of the Internet of Things (IOT). The problem isn't with the devices themselves, which are enormously helpful and rapidly growing in their popularity. Rather, it lies in the fact that the overwhelming majority of IoT manufacturers have been notoriously lax when it comes to building even basic security protocols into the goods they make and sell. The lack of security and … Read more
New Google Chrome Feature Created For Better Password Security
Google is taking yet another important step to help save us from ourselves. The company is releasing a complete redesign of their Chrome browser, which is exciting. There's one feature in particular, however, that bears taking a special look at. Perhaps the most significant change to the browser is the addition of a new password manager, which will offer to generate a random password when you sign into a website for the first time. The randomly generated password will be securely tucked away … Read more
SmartHome Users Aren’t Keeping Up With Security Updates
The Internet on devices continues to be a major problem when it comes to security. Unfortunately, a big part of the reason why comes down to end users. Recently, Bitdefender released a new report entitled "The IoT Threat Landscape And Top Smart Home Vulnerabilities in 2018," and it paints a grim picture indeed. The average home now contains twenty smart devices, and most of them contain security vulnerabilities. 95 percent of those vulnerabilities reside in the firmware. While the majority … Read more
Microsoft Outlook is Rolling Out New Design Changes
Microsoft is making some long overdue and welcome changes to Outlook to include the Windows and the Web-based version. People who use either one will now see a "Coming Soon" option that allows users to toggle between the version they've got now, and the new and improved version with the changes. As to those changes, they fall broadly into three groups: Better Organization - The improved Outlook offers intelligent technology, specialized icons, visual changes and a "highlights" feature … Read more
Another Chrome Extension Is Stealing Passwords
Do you use the Chrome browser extension for the MEGA file storage service? If you do, please read this article carefully. The official extension for that service has been compromised. It has been replaced with a malware version that has the capability to steal user login data for a number of popular websites, including Github, Google, Amazon, Microsoft and more. The extension was compromised on September 4th, when an unknown attacker breached MEGA's Chrome Web Store account and uploaded the … Read more
Name Of Utility Company That Leaked Information Just Released
In 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld. That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident. Initially, the company … Read more
Tech Support Scammers Are Advertising Online
Tech Support scams are nothing new, but they are getting increasingly sophisticated. Worse, tech giants like Google are finding it notoriously difficult to detect them. A report recently released by the venerable data security firm, Symantec, indicates that tech support scammers are increasingly integrating call optimization into their schemes, which allows them to insert phone numbers into web pages dynamically. Among other things, this allows the scammers to display the phone number of … Read more
New Versions Of Ransomware Continue To Wreak Havoc
2017 was "The Year of Ransomware." It saw an incredible number of ransomware attacks and infections, paired with a tremendous number of innovations. Although 2018 hasn't seen quite the same level of ransomware activity, it's still a major threat with one company coming under attack about every ten minutes. Although there haven't been as many innovations so far this year, that doesn't mean they're not occurring, and some of the new ransomware strains are particularly nasty. Of interest, … Read more