How to improve security when using IoT or Smart Home devices

How to improve security when using IoT or Smart Home devices

With the advent of the Internet of Things (IoT) and Smart Home devices, our environments are becoming more connected however this comes with the compromise of security. So what is the best way to secure your network when using IoT or Smart Home devices?

Popular browsers made to cough up browsing history

Popular browsers made to cough up browsing history

One of the visited-link attacks – CVE2018-6137, a bug in Chrome 67 that Google fixed in June – peeled off user browsing history at the rate of 3,000 URLs per second.

Privacy vs. security: Why the widespread use of encryption is essential to national security

Privacy vs. security: Why the widespread use of encryption is essential to national security

Most recently, the Australian government has waged a campaign to promote encryption backdoors, which would weaken the right to privacy and make us all less safe. Proponents of these kinds of laws say encrypted services, like WhatsApp or ProtonMail, allow criminals to plan and carry out attacks beyond the reach of police.

The Titan M Chip Powers Up Pixel 3 Security

The Titan M Chip Powers Up Pixel 3 Security

In order to use it to protect keys, that’s a reasonable thing to do, but you know there’s still going to be the risk of attacks like Spectre, Meltdown, and Rowhammer,” says Will Drewry, principle software engineer at Google, referring to prominent examples of pernicious hardware-based attacks.

Buggy software in popular connected storage drives can let hackers read private data

Buggy software in popular connected storage drives can let hackers read private data

The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.

Whonix and Tor Limitations

Whonix and Tor Limitations

For example, it is poor operational security to use the same Whonix-Workstation to check email via Tor, while simultaneously publishing an anonymous document. If a user selects a new entry and exit relay each time the Tor network is used, the attacker can correlate all traffic sent with a probability of (c/n)2.

Hackers Pilfered Sensitive Data From Over 30 Million Facebook Accounts, Extensive Private Info On More Than 14 Million

Hackers Pilfered Sensitive Data From Over 30 Million Facebook Accounts, Extensive Private Info On More Than 14 Million

Over 30 million users have been impacted by the hack, with over 14 million people at risk of continued serious privacy invasions, and Facebook has no plans to provide any protections to the users affected by lax security and over-collection of personal data.

Facebook says hackers accessed highly-details personal data of 15 million users

Facebook says hackers accessed highly-details personal data of 15 million users

Having previously advised that the access tokens stolen by hackers had not been used to infiltrate other apps and services, the social networking giant now says 15 million people have had their names and contact details exposed.

Facebook hacker accessed personal details for 29 million accounts

Facebook hacker accessed personal details for 29 million accounts

In September, a group of hackers used a flaw in Facebook’s “view as” feature to gain unauthorized access to millions of accounts — and today, the company released its most comprehensive statement yet on exactly what data was taken as part of the breach.

Google: Apple, your sneaky iPhone patching is endangering users

Google: Apple, your sneaky iPhone patching is endangering users

A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patching serious flaws in iOS but not revealing the fact until it fixes the same bugs in macOS a week later.

Facebook says other apps not caught in hack

Facebook says other apps not caught in hack

Facebook has said that services which let users log in using their accounts do not appear to have been compromised in the recent security attack.

The Facebook Hack Exposes an Internet-Wide Failure

The Facebook Hack Exposes an Internet-Wide Failure

With those tokens, hackers can take full control of users’ Facebook accounts, but because of Single Sign-On they can also access any other website that those 50 million users log into with Facebook.

YouTube hosts 'how to hack Facebook' videos

On YouTube, the tutorials - some of which have been deleted by Google - explain how to hack into Facebook profiles by stealing "access tokens", digital keys which allow users to log in without entering their passwords every time.

Important Security Update for the Android (Beta) & iOS Apps.

Important Security Update for the Android (Beta) & iOS Apps.

We are currently reviewing our development process to adjust our methods to further maximize the probability of finding security relevant issues prior to releasing new app versions.

Password bypass flaw in Western Digital My Cloud drives puts data at risk

Password bypass flaw in Western Digital My Cloud drives puts data at risk

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year.

Western Digital goes quiet on unpatched MyCloud flaw

Western Digital goes quiet on unpatched MyCloud flaw

Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges.

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data A firmware bug means existing security measures "aren't enough to protect data in lost or stolen laptops," says new security research

The British Airways Breach: How Magecart Claimed 380,000 Victims

The British Airways Breach: How Magecart Claimed 380,000 Victims

Recently, Magecart operatives placed one of these digital skimmers on Ticketmaster websites through the compromise of a third-party functionality resulting in a high-profile breach of Ticketmaster customer data.

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

The Enhanced Open and Easy Connect protocols are not dependent on WPA3, but they do improve security for specific types of networks and certain situations.

An SEO Expert Has Shown How Chrome’s Back Button can be Hijacked to Spy on Users

An SEO Expert Has Shown How Chrome’s Back Button can be Hijacked to Spy on Users

Typically, a security researcher would first confidentially disclose a vulnerability in the Chrome browser directly to Google, instead of to the world, as Petrovic did on the Dejan website.

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

"You are only affected if you had the MEGA Chrome extension installed at the time of the incident, autoupdate enabled, and you accepted the additional permission, or if you freshly installed version 3.39.4," the company warned.

British Airways hack exposes personal and financial details of 380,000 customers

British Airways hack exposes personal and financial details of 380,000 customers

In all, 380,000 payment cards are affected, and British Airway urges anyone who believes their details may have been compromised to get in touch with their bank or credit card company.

Schneier on Security

In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel.

Thousands of MikroTik routers are snooping on user traffic

Thousands of MikroTik routers are snooping on user traffic

"The MikroTik RouterOS device allows users to capture packets on the router and forward the captured network traffic to the specified Stream server," the researcher said, adding that ports 20, 21, 25, 110, and 143 appear to be of the most interest to the eavesdroppers.

Rogue MEGA Chrome Extension Stole Passwords and Crypto Keys

Rogue MEGA Chrome Extension Stole Passwords and Crypto Keys

According to a user posting on Reddit, the extension also has the ability to steal private keys to cryptocurrency wallets affecting MyEtherWallet, MyMonero, and Idex.market utilizing the following code.:

System Hardening Checklist

System Hardening Checklist

↑ Selfrando provides a significant security improvement over standard address space layout randomization (ASLR) present in Tor Browser and other browsers. ↑ This provides an additional fail-safe to protect from accidental clearnet leaks that might arise from hypothetical Whonix bugs, but does not address potential Qubes ProxyVM leaks.

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Thomas Hardjono, a secure identities researcher at MIT's Trust and Data Consortium, points to credit card numbers, identifiers authenticated with a chip plus a PIN or a signature. You can get a new credit card as needed; changing your phone number can be incredibly inconvenient.

The Internet of Things Needs Food Safety-Style Ratings for Privacy and Security

The Internet of Things Needs Food Safety-Style Ratings for Privacy and Security

To that end, Consumer Reports announced last year it would begin working with non-profit privacy research firm Ranking Digital Rights (RDR) and nonprofit software security-testing organization Cyber Independent Testing Lab (CITL) on a new open source standard intended to help make internet-connected hardware safer.

New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

But at the Usenix conference held in Baltimore last week, a seven-man team from Georgia State University (GSU) detailed a new technique that recovers RSA encryption keys within seconds.

More