How to improve security when using IoT or Smart Home devices

How to improve security when using IoT or Smart Home devices

With the advent of the Internet of Things (IoT) and Smart Home devices, our environments are becoming more connected however this comes with the compromise of security. So what is the best way to secure your network when using IoT or Smart Home devices?

Popular browsers made to cough up browsing history

Popular browsers made to cough up browsing history

One of the visited-link attacks – CVE2018-6137, a bug in Chrome 67 that Google fixed in June – peeled off user browsing history at the rate of 3,000 URLs per second.

The Titan M Chip Powers Up Pixel 3 Security

The Titan M Chip Powers Up Pixel 3 Security

In order to use it to protect keys, that’s a reasonable thing to do, but you know there’s still going to be the risk of attacks like Spectre, Meltdown, and Rowhammer,” says Will Drewry, principle software engineer at Google, referring to prominent examples of pernicious hardware-based attacks.

Buggy software in popular connected storage drives can let hackers read private data

Buggy software in popular connected storage drives can let hackers read private data

The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.

Whonix and Tor Limitations

Whonix and Tor Limitations

For example, it is poor operational security to use the same Whonix-Workstation to check email via Tor, while simultaneously publishing an anonymous document. If a user selects a new entry and exit relay each time the Tor network is used, the attacker can correlate all traffic sent with a probability of (c/n)2.

Hackers Pilfered Sensitive Data From Over 30 Million Facebook Accounts, Extensive Private Info On More Than 14 Million

Hackers Pilfered Sensitive Data From Over 30 Million Facebook Accounts, Extensive Private Info On More Than 14 Million

Over 30 million users have been impacted by the hack, with over 14 million people at risk of continued serious privacy invasions, and Facebook has no plans to provide any protections to the users affected by lax security and over-collection of personal data.

Google: Apple, your sneaky iPhone patching is endangering users

Google: Apple, your sneaky iPhone patching is endangering users

A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patching serious flaws in iOS but not revealing the fact until it fixes the same bugs in macOS a week later.

The Facebook Hack Exposes an Internet-Wide Failure

The Facebook Hack Exposes an Internet-Wide Failure

With those tokens, hackers can take full control of users’ Facebook accounts, but because of Single Sign-On they can also access any other website that those 50 million users log into with Facebook.

YouTube hosts 'how to hack Facebook' videos

On YouTube, the tutorials - some of which have been deleted by Google - explain how to hack into Facebook profiles by stealing "access tokens", digital keys which allow users to log in without entering their passwords every time.

Important Security Update for the Android (Beta) & iOS Apps.

Important Security Update for the Android (Beta) & iOS Apps.

We are currently reviewing our development process to adjust our methods to further maximize the probability of finding security relevant issues prior to releasing new app versions.

Password bypass flaw in Western Digital My Cloud drives puts data at risk

Password bypass flaw in Western Digital My Cloud drives puts data at risk

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year.

Western Digital goes quiet on unpatched MyCloud flaw

Western Digital goes quiet on unpatched MyCloud flaw

Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges.

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data A firmware bug means existing security measures "aren't enough to protect data in lost or stolen laptops," says new security research

The British Airways Breach: How Magecart Claimed 380,000 Victims

The British Airways Breach: How Magecart Claimed 380,000 Victims

Recently, Magecart operatives placed one of these digital skimmers on Ticketmaster websites through the compromise of a third-party functionality resulting in a high-profile breach of Ticketmaster customer data.

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

The Enhanced Open and Easy Connect protocols are not dependent on WPA3, but they do improve security for specific types of networks and certain situations.

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

"You are only affected if you had the MEGA Chrome extension installed at the time of the incident, autoupdate enabled, and you accepted the additional permission, or if you freshly installed version 3.39.4," the company warned.

Schneier on Security

In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel.

Thousands of MikroTik routers are snooping on user traffic

Thousands of MikroTik routers are snooping on user traffic

"The MikroTik RouterOS device allows users to capture packets on the router and forward the captured network traffic to the specified Stream server," the researcher said, adding that ports 20, 21, 25, 110, and 143 appear to be of the most interest to the eavesdroppers.

Rogue MEGA Chrome Extension Stole Passwords and Crypto Keys

Rogue MEGA Chrome Extension Stole Passwords and Crypto Keys

According to a user posting on Reddit, the extension also has the ability to steal private keys to cryptocurrency wallets affecting MyEtherWallet, MyMonero, and Idex.market utilizing the following code.:

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Thomas Hardjono, a secure identities researcher at MIT's Trust and Data Consortium, points to credit card numbers, identifiers authenticated with a chip plus a PIN or a signature. You can get a new credit card as needed; changing your phone number can be incredibly inconvenient.

Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Password breach teaches Reddit that, yes, phone-based 2FA is that bad

A newly disclosed breach that stole password data and private messages is teaching Reddit officials a lesson that security professionals have known for years: two-factor authentication (2FA) that uses SMS or phone calls is only slightly better than no 2FA at all.

PMKID Dumping: WiFi Password Attacks are Easier Than Previously Thought

PMKID Dumping: WiFi Password Attacks are Easier Than Previously Thought

Previously, the primary method for cracking passwords for wireless networks using WPA2 encryption, was for an attacker to capture a four-way handshake between a wireless device and the router.