Using a brute-force attack, the researcher busted into an unencrypted database backup file containing the private information of more than 1.2 million passengers who flew with SpiceJet last month.

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.

At this point, we are not talking about software, code or graphics yet: we are still focusing on the uses, the reality of organizing events and the real problems faced by the people who set them up.

Recently, a security researcher named Bob Diachenko found a database of user account info including their name and phone numbers for 267 million Facebook users.There’s no new information about how users can find out if their data was hacked and if the database is still being shared on hacker forums.

Last week, the researchers found several security flaws in the baseband protocol of popular Android models — including Huawei’s Nexus 6P and Samsung’s Galaxy S8+ — making them vulnerable to snooping attacks on their owners.

When the idea of a smart wall began gaining traction in 2017, three higher-ups from Palantir — the secretive data tech giant that has long been behind some of the government’s largest surveillance projects — left to co-found Anduril, a company dedicated to creating cutting-edge tech for border security.

San Francisco - The Electronic Frontier Foundation (EFF) today published “The Atlas of Surveillance: Southwestern Border Communities,” the first report from a new research partnership with the University of Nevada, Reno’s Reynolds School of Journalism.

San Francisco – The Electronic Frontier Foundation (EFF) and Mozilla have teamed up in an open letter to Venmo, telling the popular payment app to clean up its privacy settings, which leaves sensitive financial data exposed to the public.

The research is important because it could help show whether a wearable brain-control device is feasible and because it is an early example of a giant tech company being involved in getting hold of data directly from people’s minds.

As Patrick Wardle, principal security researcher at Jamf that found several issues in macOS, told Forbes: "If you're a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer."

A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.

Nitesh Saxena also confirmed The Hacker News that the attack can not be used to capture targeted users' voice or their surroundings because "that is not strong enough to affect the phone's motion sensors, especially given the low sampling rates imposed by the OS," and thus also doesn't interfere with the accelerometer readings.

Now in the same week that details of the record $5 billion FTC fine emerged, an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding "hidden codes" in photos uploaded by users onto the site.

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Phone companies don’t legally need subscriber consent to share information that is anonymized and aggregated, says Jeanine Vos, head of the GSMA’s Big Data for Social Good initiative.

Tens of millions of records about users of different dating apps have been discovered in a single database that doesn’t include any password protection, according to new research findings.

A professor at the University of Colorado’s Colorado Springs campus led a project that secretly snapped photos of more than 1,700 students, faculty members and others walking in public more than six years ago in an effort to enhance facial-recognition technology.

The researchers developed a method for creating a much more robust device fingerprint that uses data gathered from the sensors in a smart phone. As with iPhones, there’s good news and bad about SensorID and Android phones.

Before we look at the design of Mozilla WebThings, let’s talk briefly about how people think about their privacy when they use smart home devices and why we think it’s essential that we empower people to take charge. From our user research, we’ve learned that people are concerned about the privacy of their smart home data.

Jonathan Levin, a researcher who has written books about iOS and macOS internals and security and provides training on iPhone security, said that in his opinion, so few iOS zero-days have been caught because they are worth a lot of money, and thus more likely to be used in targeted attacks.

Wybiral was able to do this by creating a grid of HTML DIVs that utilize CSS :hover selectors to request a new background image when your mouse moves over a box on the grid.

The conference will cover multiple private cryptocurrencies, including Monero. The conference will include presentations on these technologies as well as the philosophy of Monero and other private cryptocurrencies in seven sessions:.

Depending on the organization that you’re dealing with, responses can be as positive as interested engagement and proactively fixing an issue, to dismissive and uninterested, to actively hostile and ready to pursue legal action.

The researchers gave this example from one of the two identified individuals: Many of the movies this person rated on Netflix were not rated by this person on IMDb. Deanonymizing the Netflix dataset revealed information that was not already public.

They could be used to fool self-driving cars into reading a stop sign as a lamppost, for example, or they could trick medical AI vision systems that are designed to identify diseases.

In practice, though, the researchers say that they can analyze Netflix's encrypted interactive video traffic to find clues about what users are watching, and which choices they've made in their movie journeys.

"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register .

Third-party services running on most hotel websites have access to guest booking information, including personal data and payment card details. "This information could allow these third-party services to log into a reservation, view personal details, and even cancel the booking altogether," Wueest says.

EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.