Wednesday, April 21, 2021

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...

Hackers are exploiting a Pulse Secure 0day to breach orgs around the world

Enlarge (credit: CHUYN / Getty Images) Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the...

Venmo’s new crypto service lets you buy and sell bitcoin, ether, and litecoin

Enlarge / Promotional image of Crypto on Venmo. (credit: Venmo) The PayPal-owned Venmo service will let users buy, sell, and hold bitcoin and other cryptocurrencies within the Venmo app, the company announced today. "Customers will have the ability to...

Google Play apps with 700k installs steal texts and charge you money

Enlarge (credit: Getty Images) Security researchers have uncovered a batch of Google Play apps that stole users’ text messages and made unauthorized purchases on users’ dime. The malware, which was hidden in eight apps that had more than 700,000...

Malvertisers use >120 hacked ad servers to target millions of web surfers

Enlarge (credit: Getty Images) Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit...

Dishy McFlatface to become “fully mobile,” allowing Starlink use away from home

Enlarge / A Starlink satellite dish in the Idaho panhandle's Coeur d'Alene National Forest. (credit: Wandering-coder) SpaceX CEO Elon Musk expects the Starlink satellite broadband service to be "fully mobile" later in 2021, allowing customers to use the...

Backdoored developer tool that stole credentials escaped notice for 3 months

Enlarge (credit: Getty Images) A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It's the latest revelation of a supply chain attack that has the potential...

US government strikes back at Kremlin for SolarWinds hack campaign

Enlarge (credit: Matt Anderson Photography/Getty Images) US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent...

US government strikes back at Kremlin for SolarWinds hack campaign

Enlarge (credit: Matt Anderson Photography/Getty Images) US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent...

100 million more IoT devices are exposed—and they won’t be the last

Enlarge (credit: Elena Lacey) Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are...

Microsoft acquires Nuance—makers of Dragon speech rec—for $16 billion

Enlarge / In this 2011 photo, Dr. Michael A. Lee uses Dragon Medical voice-recognition software to enter his notes after seeing a patient. (credit: David Ryan via Getty Images) Earlier today, Microsoft announced its plans to purchase Nuance...

No password required: Mobile carrier exposes data for millions of accounts

Enlarge (credit: Getty Images) Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the...

US adds Chinese supercomputing companies to export blacklist

Enlarge / A staff member works beside China's 'Sunway TaihuLight' supercomputer at the National Supercomputer Center on August 29, 2020 in Wuxi, Jiangsu Province of China. (credit: China News Service | Getty Images) The US has placed...

Comcast nightmare: Six months without Internet despite $5,000 payment

Enlarge (credit: Aurich Lawson | Getty Images) When Edward Koll and his girlfriend, Jo Narkon, bought and moved into a new house in Draper, Virginia, in late September 2020, they had every reason to think that Comcast Internet...

T-Mobile 5G home Internet: $60 a month, 100Mbps speeds, and no data cap

Enlarge / T-Mobile's 5G home Internet gateway. (credit: T-Mobile) T-Mobile yesterday launched a $60-per-month 5G home Internet service, saying that it will generally provide download speeds of 50 to 100Mbps and upload speeds of 10 to 25Mbps. The $60...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...