Breach at Indian Airline Affects 1.2 Million Passengers

Breach at Indian Airline Affects 1.2 Million Passengers

Using a brute-force attack, the researcher busted into an unencrypted database backup file containing the private information of more than 1.2 million passengers who flew with SpiceJet last month.

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.

Let’s take back control of our events! #JoinMobilizon

Let’s take back control of our events! #JoinMobilizon

At this point, we are not talking about software, code or graphics yet: we are still focusing on the uses, the reality of organizing events and the real problems faced by the people who set them up.

267 Million Names And Phone Numbers Leaked Online — And They’re All From Facebook

267 Million Names And Phone Numbers Leaked Online — And They’re All From Facebook

Recently, a security researcher named Bob Diachenko found a database of user account info including their name and phone numbers for 267 million Facebook users.There’s no new information about how users can find out if their data was hacked and if the database is still being shared on hacker forums.

New 5G flaws can track phone locations and spoof emergency alerts

New 5G flaws can track phone locations and spoof emergency alerts

Last week, the researchers found several security flaws in the baseband protocol of popular Android models — including Huawei’s Nexus 6P and Samsung’s Galaxy S8+ — making them vulnerable to snooping attacks on their owners.

The Government Is Testing Mass Surveillance on the Border Before Turning It on Americans

The Government Is Testing Mass Surveillance on the Border Before Turning It on Americans

When the idea of a smart wall began gaining traction in 2017, three higher-ups from Palantir — the secretive data tech giant that has long been behind some of the government’s largest surveillance projects — left to co-found Anduril, a company dedicated to creating cutting-edge tech for border security.

New Report Finds Border Communities Inundated with Surveillance Technologies

New Report Finds Border Communities Inundated with Surveillance Technologies

San Francisco - The Electronic Frontier Foundation (EFF) today published “The Atlas of Surveillance: Southwestern Border Communities,” the first report from a new research partnership with the University of Nevada, Reno’s Reynolds School of Journalism.

EFF and Mozilla to Venmo: Clean Up Your Privacy Settings

EFF and Mozilla to Venmo: Clean Up Your Privacy Settings

San Francisco – The Electronic Frontier Foundation (EFF) and Mozilla have teamed up in an open letter to Venmo, telling the popular payment app to clean up its privacy settings, which leaves sensitive financial data exposed to the public.

Facebook is funding brain experiments to create a device that reads your mind

Facebook is funding brain experiments to create a device that reads your mind

The research is important because it could help show whether a wearable brain-control device is feasible and because it is an early example of a giant tech company being involved in getting hold of data directly from people’s minds.

Apple may soon hand special iPhones to security researchers

Apple may soon hand special iPhones to security researchers

As Patrick Wardle, principal security researcher at Jamf that found several issues in macOS, told Forbes: "If you're a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer."

An exposed password let a hacker access internal Comodo files

An exposed password let a hacker access internal Comodo files

A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

Nitesh Saxena also confirmed The Hacker News that the attack can not be used to capture targeted users' voice or their surroundings because "that is not strong enough to affect the phone's motion sensors, especially given the low sampling rates imposed by the OS," and thus also doesn't interfere with the accelerometer readings.

Facebook Embeds 'Hidden Codes' To Track Who Sees And Shares Your Photos, Report

Facebook Embeds 'Hidden Codes' To Track Who Sees And Shares Your Photos, Report

Now in the same week that details of the record $5 billion FTC fine emerged, an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding "hidden codes" in photos uploaded by users onto the site.

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Can tracking people through phone-call data improve lives?

Can tracking people through phone-call data improve lives?

Phone companies don’t legally need subscriber consent to share information that is anonymized and aggregated, says Jeanine Vos, head of the GSMA’s Big Data for Social Good initiative.

Chinese database exposes 42.5 million records compiled from multiple dating apps

Chinese database exposes 42.5 million records compiled from multiple dating apps

Tens of millions of records about users of different dating apps have been discovered in a single database that doesn’t include any password protection, according to new research findings.

CU Colorado Springs students secretly photographed for government-backed facial-recognition research

CU Colorado Springs students secretly photographed for government-backed facial-recognition research

A professor at the University of Colorado’s Colorado Springs campus led a project that secretly snapped photos of more than 1,700 students, faculty members and others walking in public more than six years ago in an effort to enhance facial-recognition technology.

All iPhones And Some Android Phones Are Vulnerable To A New Device Fingerprinting Attack

All iPhones And Some Android Phones Are Vulnerable To A New Device Fingerprinting Attack

The researchers developed a method for creating a much more robust device fingerprint that uses data gathered from the sensors in a smart phone. As with iPhones, there’s good news and bad about SensorID and Android phones.

Empowering User Privacy and Decentralizing IoT with Mozilla WebThings

Empowering User Privacy and Decentralizing IoT with Mozilla WebThings

Before we look at the design of Mozilla WebThings, let’s talk briefly about how people think about their privacy when they use smart home devices and why we think it’s essential that we empower people to take charge. From our user research, we’ve learned that people are concerned about the privacy of their smart home data.

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked

Jonathan Levin, a researcher who has written books about iOS and macOS internals and security and provides training on iPhone security, said that in his opinion, so few iOS zero-days have been caught because they are worth a lot of money, and thus more likely to be used in targeted attacks.

Researcher Finds CSS-Only Method to Track Mouse Movements

Researcher Finds CSS-Only Method to Track Mouse Movements

Wybiral was able to do this by creating a grid of HTML DIVs that utilize CSS :hover selectors to request a new background image when your mouse moves over a box on the grid.

Key Conference on Private Cryptocurrency to be Held in Denver

Key Conference on Private Cryptocurrency to be Held in Denver

The conference will cover multiple private cryptocurrencies, including Monero. The conference will include presentations on these technologies as well as the philosophy of Monero and other private cryptocurrencies in seven sessions:.

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

Depending on the organization that you’re dealing with, responses can be as positive as interested engagement and proactively fixing an issue, to dismissive and uninterested, to actively hostile and ready to pursue legal action.

Why ‘Anonymized Data’ Isn’t So Anonymous

Why ‘Anonymized Data’ Isn’t So Anonymous

The researchers gave this example from one of the two identified individuals: Many of the movies this person rated on Netflix were not rated by this person on IMDb. Deanonymizing the Netflix dataset revealed information that was not already public.

This colorful printed patch makes you pretty much invisible to AI

This colorful printed patch makes you pretty much invisible to AI

They could be used to fool self-driving cars into reading a stop sign as a lamppost, for example, or they could trick medical AI vision systems that are designed to identify diseases.

Hackers Can Tell What Netflix Bandersnatch Choices You Make

Hackers Can Tell What Netflix Bandersnatch Choices You Make

In practice, though, the researchers say that they can analyze Netflix's encrypted interactive video traffic to find clues about what users are watching, and which choices they've made in their movie journeys.

Defense against the Darknet, or how to accessorize to defeat video surveillance

Defense against the Darknet, or how to accessorize to defeat video surveillance

"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register .

Two Thirds of Hotel Sites Leak Guest Booking Info to Third-Parties

Two Thirds of Hotel Sites Leak Guest Booking Info to Third-Parties

Third-party services running on most hotel websites have access to guest booking information, including personal data and payment card details. "This information could allow these third-party services to log into a reservation, view personal details, and even cancel the booking altogether," Wueest says.

EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.