Saudi Arabia Exploiting Wireless SS7 Flaw to Track Targets In The United States

Saudi Arabia Exploiting Wireless SS7 Flaw to Track Targets In The United States

U.S. carriers like AT&T, Verizon, and T-Mobile routinely receive Provide Subscriber Information (PSI) messages from foreign phone companies to help them track roaming costs for users on foreign cell plans traveling abroad.

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

Firefox gets patch for critical 0-day that’s being actively exploited

Firefox gets patch for critical 0-day that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.

Vulnerability in WebEx and Zoom allows hackers to access their sessions

Vulnerability in WebEx and Zoom allows hackers to access their sessions

Vulnerability testing specialists point out that any web application that uses numeric or alphanumeric identifiers is exposed to enumeration attacks.

Facebook admits app made to keep kids safe actually introduced them to adult strangers

Facebook admits app made to keep kids safe actually introduced them to adult strangers

"We are in regular contact with the FTC on many issues and products, including Messenger Kids," Facebook Vice President Kevin Martin wrote in a letter to two Democrats, which was reported by Reuters.

A new Facebook privacy flaw allowed thousands of children on Messenger Kids to enter group chats with strangers

A new Facebook privacy flaw allowed thousands of children on Messenger Kids to enter group chats with strangers

According to the report, Messenger Kids had a design flaw that allows for a situation in which a child can enter a group chat with other users — including adults — who hadn't been preapproved by their parents.

Tails 3.14: OS performance hit unlikely in defence against ZombieLoad vulnerability

Tails 3.14: OS performance hit unlikely in defence against ZombieLoad vulnerability

However, a representative of Tails told The Daily Swig that most users in the vast majority of scenarios will not incur a performance hit from disabling hyper-threading.

Facebook data reportedly helps companies guess your credit score

Facebook data reportedly helps companies guess your credit score

Some advertisers are able to use Facebook-provided data to target ads based on a user's credit score. The tool in question is called "Actionable Insights,", which Facebook uses to share data about its users' mobile devices with telecom companies.

>20,000 Linksys routers leak historic record of every device ever connected

>20,000 Linksys routers leak historic record of every device ever connected

Hackers abuse ASUS cloud service to install backdoor on users’ PCs Besides handing out device information, vulnerable routers also leak whether their default administrative passwords have been changed.

WhatsApp Users Under Surveillance Attack

WhatsApp Users Under Surveillance Attack

It is confirmed that hackers have been able to remotely install surveillance software on phones and other devices, by taking advantage of a major flaw in what they discovered in messaging app, WhatsApp. WhatsApp is one of Facebook’s family apps, and Facebook’s challenges with privacy and data breaches has been a matter of public show over the last couple of months, as such, this goes on to add to the larger corporate entity’s headaches.

Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco

Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco

But researchers at Fidus Information Security discovered, and revealed on Friday, that the system has a dangerous flaw: you can send a text message to the SIM and force it to reset.

Razer issues fix for well-known Intel ME firmware vulnerability

Razer issues fix for well-known Intel ME firmware vulnerability

"All current Razer laptops are shipped in Intel Manufacturing Mode, and have full R/W on the SPI flash. “To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities.

Huawei laptop 'backdoor' flaw raises concerns

Huawei laptop 'backdoor' flaw raises concerns

"It was introduced at the manufacture stage but the path by which it came to be there is unknown and the fact that it looks like an exploit that is linked to the NSA doesn't mean anything," Prof Woodward said.

A “serious” Windows 0-day is being actively exploited in the wild

A “serious” Windows 0-day is being actively exploited in the wild

with 80 posters participating Share this story Google security officials are advising Windows users to ensure they’re using the latest version 10 of the Microsoft operating system to protect themselves against a “serious” unpatched vulnerability that attackers have been actively exploiting in the wild.

Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild

Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild

Users of Google's Chrome web browser have been advised to update it as a matter of urgency following the discovery of exploits in the wild for a ‘high severity' security flaw publicised in February.

Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History

Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History

A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave release up to the 10.14.3 Supplemental Update released on February 7.

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts (Mis)Uses of Technology from the whoops-a-daisy dept Karl Bode Back in 2017, you might recall how hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world.

Apple releases update to prevent FaceTime eavesdropping

Apple releases update to prevent FaceTime eavesdropping

Apple has released an iPhone update to fix a FaceTime flaw that allowed people to eavesdrop on others while using its group video chat feature. (AP Photo/Brian Skoloff, File) SAN FRANCISCO (AP) — Apple has released an iPhone update to fix a software flaw that allowed people to eavesdrop on others while using FaceTime.

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

Last week, Turkish security researcher Melih confirmed The Hacker News that he discovered the alleged flaw in October 2018, and then responsibly reported it to the Apple's security team with steps to reproduce the bug and a video demonstration, showing how he was able to read personal iCloud data from other Apple users without their knowledge.

Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones

Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones

On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com , in an article that went viral.

Twitter warns that private tweets were public for years

Twitter warns that private tweets were public for years

These are external links and will open in a new window These are external links and will open in a new window Image copyright Reuters Image caption Twitter said it did not know how many people had their private messages exposed Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

What the Experts Say about 2018’s Worst Security Breaches

What the Experts Say about 2018’s Worst Security Breaches

Earlier in the year, it was revealed that the company also allowed a third-party application (Cambridge Analytica) to take the data of over 80 million users, which, though less technical than other hacks, was still significant.

US Postal Service admits flaw exposed exactly what 60 million users were getting delivered

US Postal Service admits flaw exposed exactly what 60 million users were getting delivered

Security investigator KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information. KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

“The interpreter code of the Action Script Virtual Machine does not reset a with-scope pointer when an exception is caught, leading later to a type confusion bug, and eventually to a remote code execution,” Dabah wrote.

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Unpatched Android OS Flaw Allows Adversaries to Track User Location

CVE-2018-9489, now patched as mentioned, allows adversaries to explore and attack the local WiFi network, or identify and physically track any Android device, by exposing a range of WiFi information.

Experian Flaw Just Revealed PINs Protecting Credit Data

Experian Flaw Just Revealed PINs Protecting Credit Data

Experian’s site exposed the personal identification numbers — the PINs needed to thaw credit freezes — after users answered their security questions with a blanket answer: None of the above.

Google faces mounting pressure from Congress over Google+ privacy flaw

Google faces mounting pressure from Congress over Google+ privacy flaw

Republican leaders from the Senate Commerce Committee are demanding answers from Google CEO Sundar Pichai about a recently unveiled Google+ vulnerability, requesting the company’s internal communications regarding the issue in a letter today.

Secure Messenger app, Telegram, leaking users IP addresses

Secure Messenger app, Telegram, leaking users IP addresses

Security researcher Dhiraj that the desktop Telegram app doesn’t offer the ability to disable P2P calls, meaning their IP would be leaked whenever they use Telegram to make a call.