The FBI might have gone ahead and fixed your Microsoft email server

The FBI might have gone ahead and fixed your Microsoft email server

The FBI has begun quietly accessing hundreds of American computers hacked through Microsoft’s Exchange email program, removing malicious code that the hackers left behind.

Chinese spyware code was copied from America's NSA: researchers

Chinese spyware code was copied from America's NSA: researchers

WASHINGTON (Reuters) - Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020.

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a link!

Telegram feature exposes your precise address to hackers

Telegram feature exposes your precise address to hackers

Advertisement A proof-of-concept video the researcher sent to Telegram showed how he could discern the address of a People Nearby user when he used a free GPS spoofing app to make his phone report just three different locations.

The widening SolarWinds debacle shows why the reckless idea of backdooring encryption must be dropped forever

The widening SolarWinds debacle shows why the reckless idea of backdooring encryption must be dropped forever

Wilfully introducing a potential vulnerability into encrypted messaging programs used by billions of people is also “an act of recklessness”, given the high probability that national actors or PSOAs will find and exploit weaknesses.

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all.

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Comcast TV Remote Hack Opens Homes to Snooping

Comcast TV Remote Hack Opens Homes to Snooping

“Few people think of their television remote controls as ‘connected devices,’ fewer still would guess that they can be vulnerable to attackers, and almost no one would imagine that they can jeopardize their privacy,” said researchers with Guardicore, in a Wednesday post.

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip, here’s what it could mean

New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip, here’s what it could mean

All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave.

Huge Data Breach: Promo Marketing Video Maker

Huge Data Breach: Promo Marketing Video Maker

It includes the following data that got leaked in Promo Data Breach: Email addresses: The breached database contains the email addresses of the users of this platform.IP Addresses: The breached database contains the IP addresses of the users of the Promo video maker platform.

Popular Chinese-Made Drone Is Found to Have Security Weakness

Popular Chinese-Made Drone Is Found to Have Security Weakness

Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the world’s most popular consumer drones, threatening to intensify the growing tensions between China and the United States.

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

The hacking tool relied on an unknown flaw—also called a zero-day in hacker lingo—in the default video player included in Tails, a well-known Linux-based operating system that’s used by journalists, dissidents, human rights activists, and security-focused users all over the world.

Android Rookies - Everything about Tech

Android Rookies - Everything about Tech

Huawei development team mails an HKSP (Huawei Kernel Self Protection) Linux patch with a backdoor to Linux Foundation, Huawei denies involvement.It was immediately scrutinized by different people including the developers of Grsecurity, a project that provides its own set of security-hardening patches for the Linux kernel.

Is it safe to use an old Android phone?

Is it safe to use an old Android phone?

As a result, Google and the phone-makers eventually have to cut support for older handsets, usually once a device gets to be two or three years old.Those handsets then will no longer receive security updates meaning that when a threat is detected on that phone, it simply won't be fixed.

Enterprise Security Woes Explode with Home Networks in the Mix

Enterprise Security Woes Explode with Home Networks in the Mix

The work-from-home (WFH) paradigm that has become the new normal in the age of coronavirus comes with exacerbated network security risk – as evidenced by growing a number of botnets and automated attacks that are taking advantage of known vulnerabilities in both consumer and corporate IT gear.

ZecOps discovers current iOS mail app vulnerability that has been exploited in the wild

ZecOps discovers current iOS mail app vulnerability that has been exploited in the wild

In the meantime, iPhone and iPad users are vulnerable as it’s impossible for the default Mail App daemon to be turned off without rooting your iOS device.

Flaw in iPhone, iPads may have allowed hackers to steal data for years

Flaw in iPhone, iPads may have allowed hackers to steal data for years

WASHINGTON/SAN FRANCISCO (Reuters) - Apple Inc (AAPL.O) is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

Unpatched bug in iOS 13.3.1 and later stops VPNs from encrypting all connections

Unpatched bug in iOS 13.3.1 and later stops VPNs from encrypting all connections

The VPN bypass bug in iOS 13.3.1 and later causes some internet connections to continue with their original, unencrypted connection – which is a security and privacy concern.Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization.

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic.

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behavior rules: Only enable Bluetooth if strictly necessary.

Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Durov says that despite iOS devices having “loads of privacy-related issues,”, WhatsApp is the culprit here, as the corrupt video vulnerability exposes not only iPhones, but also Android and Windows Phone devices.

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved.They dub this vulnerability "iGPU Leak" and describe it as an information leakage vulnerability on the Intel integrated GPU architecture.

US government urges everyone to update Mozilla Firefox to v72.0.1 because of an active exploit that allows remote code execution

US government urges everyone to update Mozilla Firefox to v72.0.1 because of an active exploit that allows remote code execution

Remote code execution is the holy grail of zero day vulnerabilities, and the fact that one of the most popular privacy and security focused browsers in the world had such a flaw should be a massive wake up call to internet browser users around the world.

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

This release includes an improved solution, which addresses the issue on a broader scope, avoiding this to reoccur in other areas of the code in the future.

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.