Spyware, Viruses, & Security forum

Alert

NEWS - July 23, 2016

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

A Wi-Fi hack experiment conducted at various locations at or near the Republican National Convention site in Cleveland, US, underlines how risky it can be to connect to public Wi-Fi without protection from a VPN.

The exercise, carried out by security researchers at Avast, an anti-virus firm, revealed that more than 1,000 delegates were careless when connecting to public Wi-Fi.

Attendees risked the possibility of being spied on and hacked by cybercriminals or perhaps even spies while they checked their emails, banked online, used chat and dating apps, and even while they accessed Pokemon Go.

Continued: http://www.theregister.co.uk/2016/07/21/gop_wifi_privacy_fail/

Related:
Turns out that you can't trust 'Trump free Wifi' at the Republican National Congress
https://www.grahamcluley.com/2016/07/turns-trust-trump-free-wifi-republican-national-congress/
Discussion is locked
You are posting a reply to: NEWS - July 23, 2016
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 23, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Users of iPhones and Macs must update to avoid ..

In reply to: NEWS - July 23, 2016

.. Stagefright-like bug

Do you remember Stagefright?

It was one of the biggest Android security scares of 2015, after it was discovered that a critical bug in the operating system’s Mediaserver could mean that simply opening an email, browsing a website or receiving a media file via MMS could result in malicious code being run on your Android device.

Many millions of Android devices were thought to be vulnerable, and it was such a big deal that it stirred Google into getting more serious about how it would patch and roll-out updates to users in future.

Continued: http://www.welivesecurity.com/2016/07/21/users-iphones-macs-must-update-avoid-stagefright-like-bug/
Collapse -
Google Chrome Malware Leads to Sketchy Facebook Likes

In reply to: NEWS - July 23, 2016

Ever wonder how your mild-mannered friend’s Facebook feed suddenly got packed with lewd clickbait? That’s the question Maxime Kjaer was determined to answer when he noticed a friend’s Facebook feed peppered with Likes for sketchy link bait such as “Basic Kissing Tips”.

“Intrigued, I decided to go down the rabbit hole and see what this was all about,” wrote Kjaer, a 19-year-old computer science student at Swiss Federal Institute of Technology in Switzerland, in a blog post Monday.

What he found was what he called a “glaring security hole” in the Google Chrome Webstore that allowed malware authors to infect Chrome browsers via a bogus age verification extension.

Continued: https://threatpost.com/google-chrome-malware-leads-to-sketchy-facebook-likes/119361/

Collapse -
Cici’s Pizza: Card Breach at 130+ Locations

In reply to: NEWS - July 23, 2016

Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.

In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.

Continued: http://krebsonsecurity.com/2016/07/cicis-pizza-card-breach-at-130-locations/

Related:
Cicis restaurant chain experiences data breach
http://www.welivesecurity.com/2016/07/21/cicis-restaurant-chain-experiences-data-breach/
Collapse -
PayPal Fixes CSRF Vulnerability in PayPal.me

In reply to: NEWS - July 23, 2016

PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission.

The issue stemmed from a cross-site request forgery (CSRF) vulnerability that existed in PayPal.me, a site the company launched last year to let its users request money; similar to what Venmo, another property it owns, does.

Florian Courtial, a French software engineer who hunts for bugs in his spare time discovered the vulnerability and discussed it on his personal blog earlier this week. Courtial previously disclosed bugs in Slack and the project management app Trello.

Continued: https://threatpost.com/paypal-fixes-csrf-vulnerability-in-paypal-me/119435/

Collapse -
EU Cookie Law Popup Pushes Dodgy Chrome Extension ..

In reply to: NEWS - July 23, 2016

.. Down Your Throat

Belgian security researcher Bart Blaze has come across a new method of pushing Chrome extensions using scareware tactics.

The researcher noticed this new trick while surfing the Web. When on a particular site he did not want to name, he noticed an annoying popup trying to scare users into thinking their browser contained malware.

"Your browser contains MALWARE. You have to install Chrome Malware Removal tool," the popup read, which when the user pressed OK, would redirect him to a Google Chrome Web Store page, where the user could install the Chrome Malware Removal Tool extension.

Continued: http://news.softpedia.com/news/eu-cookie-law-popup-pushes-dodgy-chrome-extension-down-your-throat-506541.shtml
Collapse -
Firefox to Block Flash in August, Disable in 2017

In reply to: NEWS - July 23, 2016

Starting next year, Firefox users who navigate to pages that contain Flash will be asked for their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.

Benjamin Smedberg, Manager of Firefox Quality Engineering at Mozilla, confirmed in a blog post on Wednesday that the browser will also begin blocking non-essential Flash content next month, as another step to making the browser run more efficiently.

Continued: https://threatpost.com/firefox-to-block-flash-in-august-disable-in-2017/119419/

Blog post by Benjamin Smedberg: Reducing Adobe Flash Usage in Firefox

Collapse -
Hacker steals 1.6M accounts from top mobile game's forum

In reply to: NEWS - July 23, 2016

A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted.

Continued: http://www.zdnet.com/article/hacker-steals-forums-of-clash-of-kings-mobile-game/

Related:
Clash of Kings forum hacked — data leaked on 1.6M accounts
http://venturebeat.com/2016/07/22/clash-of-kings-forum-hacked-data-leaked-on-1-6m-accounts/
Companies Behind Warframe, Clash of Kings Games Suffer Data Breaches
http://news.softpedia.com/news/companies-behind-warframe-clash-of-kings-games-suffer-data-breaches-506535.shtml

Collapse -
Google Fixes 48 Bugs, Sandbox Escape, in Chrome

In reply to: NEWS - July 23, 2016

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.

That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday.

Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.

Continued: https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.