Saturday, July 20, 2019

Silent Mac update nukes dangerous webserver installed by Zoom

Enlarge (credit: Kena Betancur/Getty Images) Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the...

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan) Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage...

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon) When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to...

Windows 10 May 2019 Update now rolling out to everyone… slowly

Enlarge (credit: David Holt / Flickr) To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update,...

33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy) More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can...

The radio-navigation planes use to land safely is insecure and can be hacked

Enlarge / A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.) Just about every aircraft that has flown over the past...

New speculative execution bug leaks data from Intel chips’ internal buffers

First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months...

Bloomberg alleges Huawei routers and network gear are backdoored

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images) Vodafone, the largest mobile network operator in Europe, found backdoors in...

Password1, Password2, Password3 no more: Microsoft drops password expiration rec

For many years, Microsoft has published a security baseline configuration: a set of system policies that are a reasonable default for a typical organization. This configuration may be sufficient for some companies, and it represents a good starting point...

Latest Windows patch having problems with a growing number of anti-virus software

Enlarge / This is a colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith) (credit: CDC) The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing...

Hackers could read non-corporate Outlook.com, Hotmail for six months

Enlarge (credit: Getty / Aurich Lawson) Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts, and was able to read, among...

To catch a drug thief, hospital secretly recorded births, women’s surgeries

Enlarge / Not where you want a hidden camera. (credit: Getty | Brendan Hoffman) A California hospital faces a lawsuit from 81 women who allege they were secretly filmed by hidden cameras in labor and delivery operating...

Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago

Enlarge (credit: The White House / Flickr) A woman carrying four cellphones, two Chinese passports, and a thumb drive containing malware was arrested over the weekend after gaining access to President Donald Trump’s Mar-a-Lago resort under false pretenses,...

How Microsoft found a Huawei driver that opened systems to attack

Enlarge (credit: Valentina Palladino) Huawei MateBook systems that are running the company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges. The insecure driver was discovered by Microsoft using some of the...

Microsoft ships antivirus for macOS as Windows Defender becomes Microsoft Defender

Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.