Web Cache Deception Attacks are Still Around, Says New Research

Web Cache Deception Attacks are Still Around, Says New Research

Web Cache Deception Attacks are Still Around, Says New Research.Web Cache Deception attacks are still impacting many popular websites, says new research.Researchers noticed that 25 of the Alexa Top 5,000 websites were impacted by the Web Cache Deception attack.

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic.

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

CacheOut

CacheOut

We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries.We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit

Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit

An October hack of medical testing company LifeLabs exposed the sensitive personal information of an estimated 15 million Canadians.The LifeLabs data breach included lab test results and national health card numbers along with personally identifiable information including names, dates of birth, home addresses and email addresses.

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.

Apple Watch helps cops catch man lying about synagogue stabbing

Apple Watch helps cops catch man lying about synagogue stabbing

A 26-year-old man faked his own stabbing at the West Bloomfield synagogue where he worked and then reported he was attacked because of his Jewish faith, authorities say.

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

WhatsApp is a “Trojan horse” exploited to snoop on millions of users naive enough to believe that the Facebook-owned messenger differs from its parent company, long beset by privacy scandals, Telegram founder Pavel Durov said.

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app.

New 5G flaws can track phone locations and spoof emergency alerts

New 5G flaws can track phone locations and spoof emergency alerts

Last week, the researchers found several security flaws in the baseband protocol of popular Android models — including Huawei’s Nexus 6P and Samsung’s Galaxy S8+ — making them vulnerable to snooping attacks on their owners.

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave.

Researchers hack Siri, Alexa, and Google Home by shining lasers at them

Researchers hack Siri, Alexa, and Google Home by shining lasers at them

While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.

Credit Info Exposed in TransUnion Credential Stuffing Attack

Credit Info Exposed in TransUnion Credential Stuffing Attack

Using a credential stuffing attack, an unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files.

Millions of smartphones vulnerable to SimJacker mobile phone exploit

Millions of smartphones vulnerable to SimJacker mobile phone exploit

At its core, SimJacker works by an attacker sending an SMS message to the target containing special code that is then automatically processed by the SIM card which then allows the attacker to take over the phone through the SIM card’s [email protected] Browser.

Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation

Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation

The main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands, exploiting the presence of a particular piece of software, called the [email protected] Browser on the SIM card .

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google is finally working on a fix for a security problem that leaves more than a billion Calendar users exposed to attack.The threat actors craft their messages to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.

Over half a million active GPS trackers have ‘123456’ as default password

Over half a million active GPS trackers have ‘123456’ as default password

Back in May, UK cybersecurity firm Fidus Information Security revealed a vulnerability in a popular GPS tracker used by elderly patients that can be tricked into sending its real-time location simply by sending it a text message with a specific command.

Confirmed: Google's Android Suffers Sustained Attacks By Anti-Uighur Hackers

Confirmed: Google's Android Suffers Sustained Attacks By Anti-Uighur Hackers

NurPhoto via Getty ImagesJust a day after Forbes reported that Google and Microsoft operating systems were under assault by the same hackers who tried to pilfer private data from Apple iPhones of Uighur citizens, it's been confirmed that Androids of the target Muslim communities have been under heavy attack.

Google says hackers have put ‘monitoring implants’ in iPhones for years

Google says hackers have put ‘monitoring implants’ in iPhones for years

An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.Google said it had reported the security issues to Apple on 1 February.

Malicious websites were used to secretly hack into iPhones for years, says Google

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

CVE-2019-9849 : This vulnerability, which you can fix by installing the latest available update, could allow the inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled.

Apple bleee. Everyone knows What Happens on Your iPhone

Apple bleee. Everyone knows What Happens on Your iPhone

If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number.

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

Nitesh Saxena also confirmed The Hacker News that the attack can not be used to capture targeted users' voice or their surroundings because "that is not strong enough to affect the phone's motion sensors, especially given the low sampling rates imposed by the OS," and thus also doesn't interfere with the accelerometer readings.

Academics steal data from air-gapped systems via a keyboard's LEDs

Academics steal data from air-gapped systems via a keyboard's LEDs

The research team behind this exfiltration method says it tested the CTRL-ALT-LED technique with various optical capturing devices, such as a smartphone camera, a smartwatch's camera, security cameras, extreme sports cameras, and even high-grade optical/light sensors.

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Firefox extension to protect users from reverse tabnabbing

Firefox extension to protect users from reverse tabnabbing

Firefox will further protect its consumers from phishing attacks as Mozilla plans to enable a seldomly-used privacy extension by default. A recent ecosystem-wide HTML specification adjustment has now driven Mozilla to work on a new feature that will mitigate this issue in Firefox by default.

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I could see a public API endpoint that was returning the data for this feed, meaning that anyone could make a GET request (like a simple page load) to see the latest 20 transactions made on the app by anyone around the world.