Tuesday, February 18, 2020

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Over 500 Chrome Extensions Secretly Uploaded Private Data

A researcher discovered that hundreds of extensions in the Web Store were part of a long-running malvertising and ad-fraud scheme.

The ‘Robo Revenge’ App Makes It Easy to Sue Robocallers

Mac malware, a Bitcoin mixer, and more of the week's top security news.

Signal Is Finally Bringing Its Secure Messaging to the Masses

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.

Voting App Flaws Could Have Let Hackers Manipulate Results

New research from MIT shows that the Voatz app appears to have some glaring security holes.

The US Fears Huawei Because It Knows How Tempting Backdoors Are

US officials allege that Huawei has backdoors in its technology. The US knows firsthand how powerful those can be.

China’s Hacking Spree Will Have a Decades-Long Fallout

Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a generation.

Conservative News Sites Track You Lots More Than Left-Leaning Ones

One analysis of news outlets found that the median popular right-wing site planted 73 percent more cookies than its left-wing counterpart.

Can the Government Buy Its Way Around the Fourth Amendment?

Immigration authorities are purchasing cell phone location data, and it might be totally legal.  

Google’s Giving Out Security Keys to Help Protect Campaigns

Candidates can also get trained up on how to use Advanced Protection to keep their accounts safe.

How 4 Chinese Hackers Allegedly Took Down Equifax

The Department of Justice has pinned the Equifax hack on China. Here's how they did it, according the indictment.

How to Share Files Securely Online: Dropbox, Firefox Send, and More

You've got no shortage of options sharing documents and more with friends, family, and colleagues. These are your best bets.

Pro-Trump Trolls Flooded the Iowa Caucus Phone Lines

Google photo sharing, Wacom tracking, and more of the week's top security news.

How to Get Your Yahoo Breach Settlement Money

If you had a Yahoo account from 2012-2016, you probably have $100 coming your way.

How AI Is Tracking the Coronavirus Outbreak

Machine-learning programs are analyzing websites, news reports, and social media posts for signs of symptoms, such as fever or breathing problems. 

Facebook’s Bug Bounty Caught a Data-Stealing Spree

A few months ago, Facebook disclosed that apps were siphoning data from up to 9.5 million of its users. They only found out thanks to a bug bounty submission.

After the Iowa Caucus Meltdown, New Hampshire Says It’s Ready

The nation’s first primary is proudly low-tech, but it'll take more than paper ballots to defuse the disinformation threat.

Donald Trump Now Has the Senate GOP’s Blessing to Undermine Democracy

After making it through a criminal investigation and political impeachment unscathed, Trump now has free rein to invite election interference and more.

Hackable Cisco Phones, a Locust Invasion, and More News

Catch up on the most important news from today in two minutes or less.

Cisco Flaws Put Millions of Workplace Devices at Risk

Five vulnerabilities in Cisco Discovery Protocol make it possible for a hacker to take over desk phones, routers, and more. 

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...