Tuesday, September 25, 2018
PC Mag

This Bug Can Crash Firefox by Forcing Repeated Downloads

Security researcher Sabri Haddouche is demonstrating the flaw with a web link that'll freeze the Firefox browser when it attempts to open the page. Mozilla is working on a fix.
PC Mag

Google Faces Privacy Backlash Over Chrome’s ‘Forced Login’ Policy

If you sign into any Google service on Chrome 69, like Gmail, the browser will automatically log you into Chrome, too. That prompted concern that Google was collecting browser histories via the sync feature, but Google says that's not...
PC Mag

Data on Millions from Unwiped Servers Sold Over Craigslist

A shady dealer on Craigslist appears to have been selling access to millions of customer records taken from servers used by a bankrupt electronics retailer called NCIX, which had customers in both Canada and the US.
PC Mag

Twitter Bug May Have Exposed Direct Messages

Twitter said it hasn't discovered any instances where DMs were delivered to the wrong party. But, the microblogging service also 'can't conclusively confirm it didn't happen,' so it's notifying the 'less than 1 percent of people on Twitter' who...
PC Mag

Google: Apps Can Scan And Share Your Gmail Data, With Consent

A year ago, Google ended its controversial email scanning practice, but the company still lets third-party apps and add-ons scan your Gmail inbox, despite concerns over privacy risks.
PC Mag

CrowdStrike, Symantec, ESET Face Lawsuit Over Product Testing

NSS Labs says the companies conspired to hamper independent reviews of their antivirus products. CrowdStrike dismisses the allegations as baseless.
PC Mag

Newegg Hacked to Steal Customers’ Credit Card Data

The credit card skimming occurred from mid-August to Sept. 18, and secretly forwarded customers to a payment processing page under the hackers' control, security researchers say. Newegg is investigating the incident.
PC Mag

Pegasus Spyware Targets iOS, Android Devices in the US

The Pegasus spyware strain, which can infect iOS and Android devices, appears to be targeting victims in the US, says Citizen Lab, a watchdog group at the University of Toronto. However, the Israeli maker of the spyware rejects the...
PC Mag

Facebook Seeks to Defend Political Candidates From Hacking Threats

The company's new pilot security program is designed for the candidates and any staff members associated with their political campaigns. Once the person enrolls, the company will start monitoring their accounts for potential hacking threats.
PC Mag

This Apple Safari Bug Can Crash Your iPhone

The Safari browser contains a bug that'll force the software to freeze and reboot when it tries to load up a webpage rigged to contain a massive line of HTML web elements. Both iOS and Mac devices appear to...
PC Mag

Chrome to Support Fingerprint Scans on Android, Mac

Google's beta release for Chrome 70 adds support for the fingerprint sensors on Android devices and Touch ID on macOS, which will let website developers use biometrics for account sign-ins.
PC Mag

US Lawmakers: AI-Generated Fake Videos May Be a Security Threat

On Thursday, three US lawmakers sent a letter to the Director of National Intelligence requesting a full report investigating the dangers of AI-generated 'deepfake' videos being used to spread misinformation.
PC Mag

US Carriers Push Using Your Phone For Account Protection

AT&T, Sprint, T-Mobile, Verizon have banded together to create Project Verify, which proposes using a mobile app on your phone as an extra step to unlocking your accounts.
PC Mag

Trend Micro: Sorry Our Mac Apps Collected Browser Histories

Trend Micro has decided to remove the ability to collect browser histories from its Mac apps, and dumped all browser history logs from the Amazon server.
PC Mag

Tor Browser Has a Flaw That Governments May Have Exploited

A cyber arms dealer called Zerodium tweeted out details of the vulnerability, which can let a website run malicious Javascript code over the browser. Fortunately, the new Tor version 8.0 is free of the flaw.
PC Mag

ProtonVPN and NordVPN Bugs Left Windows Vulnerable to Hackers

Hackers could have used the bugs to execute code via an OpenVPN exploit, threatening the security of Windows users and allowing access to private information. Thankfully both VPNs have been patched, but users need to apply the update.
PC Mag

Tor Browser Arrives on Android

This alpha release promises to bring the same privacy protections found in the desktop version, but the Tor Project warns it may be buggy.
PC Mag

This Mac App Is Spyware That Collects Your Browser History

A popular paid app called Adware Doctor will store your browser history from Safari, Chrome, and Firefox into a zip file that is then uploaded to a server in China, according to security researchers.
PC Mag

FTC Seizes Army.com, Other Phony Military Recruitment Sites

The websites asked prospective military applicants to provide personal data in exchange for information about joining the armed forces, the FTC said. The operators of these sites then sold the data as marketing leads to post-secondary schools for $15...
PC Mag

Customer Data Stolen From British Airways Website, App

Approximately 380,000 transactions were affected, with names, email addresses, credit card numbers, expiration dates, accessed. UK regulators are examining the breach.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...