Budget US Android smartphones found secretly sending personal data to China

Commercial firmware pre-installed on some Android smartphone models sold in the US has been found to be secretly sending highly sensitive data to a third party company based in China, according to analysis by security firm Kryptowire.

Personal data being transmitted without users’ knowledge or consent included text messages, call logs, contacts, app usage data and even a user’s location.

Continue reading “Budget US Android smartphones found secretly sending personal data to China”

The consequences of the Trump presidency on cybersecurity

A situation now revealed in all its hideousness, brought to us by a 400-lb hacker in bed.

Hacking and cybersecurity played a huge role in the presidential election. So much so that Donald Trump, America’s new president-elect, was helped greatly by the acts of criminal hackers in his journey to the White House, and is now an outspoken WikiLeaks fan.

Though, unless he appoints Julian Assange as his Cybersecurity Czar, I doubt we’ll be seeing WikiLeaks coming to Trump’s rescue when he needs help with cyber-policy in the near future. But you never know.

Continue reading “The consequences of the Trump presidency on cybersecurity”

Whatsapp starts rolling out two-factor authentication

Beta Android users should see it now.

Whatsapp is one of the biggest messaging services out there, so it’s a little surprising that it hasn’t supported two-factor authentication. That is, until now — as noted by Android Police, people using the beta version of Whatsapp are starting to see the option to turn on this extra security measure.

Continue reading “Whatsapp starts rolling out two-factor authentication”

Yahoo confirms state-sponsored attacker stole personal data of “at least” 500 million users

As indicated by an earlier report, Yahoo today confirmed it’s working with law enforcement to investigate a data breach which affected the account information of “at least” 500 million users. The company says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor. The stolen information includes people’s names, email addresses, telephone numbers, birth dates, passwords (most hashed with bcrypt), and, in some cases, encrypted or unencrypted responses to security questions and answers.

Continue reading “Yahoo confirms state-sponsored attacker stole personal data of “at least” 500 million users”

FBI detects breaches in US state voting systems

US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the presidential election.

The FBI is urging US election officials to increase computer security after it uncovered evidence that hackers have targeted two state election databases in recent weeks, according to a confidential advisory.

Continue reading “FBI detects breaches in US state voting systems”

A New Wireless Hack Can Unlock 100 Million Volkswagens

JAPAN-GERMANY-AUTO-TOYOTA-VOLKSWAGEN

In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.

Continue reading “A New Wireless Hack Can Unlock 100 Million Volkswagens”

Exploit broker steals Apple thunder, offers $500,000 for iOS zero days

Now $200,000 seems like small change.

macsymantec.jpg

It was only last week that Apple finally launched a bug bounty program, but it did not take long for exploit peddlers to outbid the tech giant.

Continue reading “Exploit broker steals Apple thunder, offers $500,000 for iOS zero days”

Romanian spies want to spot faces in a crowd – illegally, say human rights groups

Romania’s intelligence agency and local human-rights groups aren’t seeing eye to eye over a new facial recognition system that’s officially for fighting terrorism and tax evasion.

cctv-thumb.jpg

Continue reading “Romanian spies want to spot faces in a crowd – illegally, say human rights groups”

Researchers discover advanced cyber-espionage malware

It eluded detection for at least five years.

Both Kaspersky and Symantec have unearthed a new type of malware so advanced, they believe it could have links to a country’s intelligence agency. They’re calling it “Remsec,” “Strider” (Aragorn’s nickname in LOTR) and “ProjectSauron,” because it has several references to the Necromancer in Tolkien’s series. According to Symantec, it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world since 2011. Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium. Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.

Continue reading “Researchers discover advanced cyber-espionage malware”

Oracle data breach opened credit card payment systems to attack

Intruders might have had a gateway to stealing your payment details.

Data thieves don’t always have to go straight to the source to swipe payment details… sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It’s not certain just how many systems were breached (Krebs’ sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn’t have had direct access to payment data, but there’s a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

Continue reading “Oracle data breach opened credit card payment systems to attack”