Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

Firefox gets patch for critical 0-day that’s being actively exploited

Firefox gets patch for critical 0-day that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.

Cops Are Giving Amazon's Ring Your Real-Time 911 Caller Data

Cops Are Giving Amazon's Ring Your Real-Time 911 Caller Data

According to some internal documents, police CAD data is received by Ring’s “Neighbors News team” and is then reformatted before being posted on Neighbors in the form of an “alert” to users in the vicinity of the alleged incident.

The State of State Data Laws, Part 1: Data Breach Notification Laws

The State of State Data Laws, Part 1: Data Breach Notification Laws

Either way, data breach notification laws that require companies to tell customers when data have been exposed are intended to enable consumers to make choices about what to do when such events happen and protect themselves if their information was compromised.

How Hackers Broke WhatsApp With Just a Phone Call

How Hackers Broke WhatsApp With Just a Phone Call

But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them.

Hospitals Failing on Security Hygiene

Hospitals Failing on Security Hygiene

Healthcare organizations (HCOs) are increasingly at risk from legacy operating systems, device complexity and the use of commonly exploited protocols, according to a new study from Forescout.

How to hide from the AI surveillance state with a color printout

How to hide from the AI surveillance state with a color printout

In some countries the technology constitutes a powerful new layer of policing and government surveillance. “What our work proves is that it is possible to bypass camera surveillance systems using adversarial patches,” says Wiebe Van Ranst, one of the authors.

Engineers Develop Ingenious Method to Defeat AI Surveillance... With a Color Printout

Engineers Develop Ingenious Method to Defeat AI Surveillance... With a Color Printout

Suffice it to say, we were quite pleased when we learned that engineers from the University of KU Leuven (Belgium) developed a way – specifically, an adversarial attack – to effectively disrupt object detection AI powered by the YOLOv2 algorithm.

Researchers design patch to make people ‘virtually invisible’ to AI detectors

Researchers design patch to make people ‘virtually invisible’ to AI detectors

Researchers at Katholieke Universiteit Leuven have demonstrated how a small, square, printed patch can be used as “cloaking device” to hide people from AI object detectors.

Defense against the Darknet, or how to accessorize to defeat video surveillance

Defense against the Darknet, or how to accessorize to defeat video surveillance

"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register .

Google Chrome zero-day used in the wild to collect user data via PDF files

Google Chrome zero-day used in the wild to collect user data via PDF files

Image: Google A security firm said this week that it discovered malicious PDF documents exploiting a Google Chrome browser zero-day. The company said it spotted two distinct sets of malicious PDF files exploiting this Chrome zero-day, with one series of files being spread around in October 2017, and the second set in September 2018.

Whonix LIVE - Testers Wanted!

Whonix LIVE - Testers Wanted!

Whonix now has the option of booting into a live system . When live-mode is chosen, all write operations will go to RAM instead of the hard disk. Follow Whonix live-mode Development: With the setup you could run whonix always as a live system.

The tech industry is suddenly pushing for federal privacy legislation. Watch out.

The tech industry is suddenly pushing for federal privacy legislation. Watch out.

This seeming willingness to subject themselves to federal regulation is, in fact, an effort to enlist the Trump administration and Congress in companies’ efforts to weaken state-level consumer privacy protections. Companies know that many states have mustered the political will to pass strong privacy protections that address consumer concerns.

Internet lobby group hopes to guide federal privacy laws

Internet lobby group hopes to guide federal privacy laws

Your expectations as a user and certainly for companies trying to innovate, you can’t have 50 different standards; we want to have one robust national standard that protects people,” said Michael Beckerman, Internet Association CEO.

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

Bengaluru-based cyber security analyst and software developer Anand Venkatanarayanan, who also analysed the software for HuffPost India and shared his findings with the NCIIPC government authority, said the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.