9 total posts
Users of iPhones and Macs must update to avoid ..
.. Stagefright-like bug
Do you remember Stagefright?
It was one of the biggest Android security scares of 2015, after it was discovered that a critical bug in the operating system’s Mediaserver could mean that simply opening an email, browsing a website or receiving a media file via MMS could result in malicious code being run on your Android device.
Many millions of Android devices were thought to be vulnerable, and it was such a big deal that it stirred Google into getting more serious about how it would patch and roll-out updates to users in future.
Google Chrome Malware Leads to Sketchy Facebook Likes
Ever wonder how your mild-mannered friend’s Facebook feed suddenly got packed with lewd clickbait? That’s the question Maxime Kjaer was determined to answer when he noticed a friend’s Facebook feed peppered with Likes for sketchy link bait such as “Basic Kissing Tips”.
“Intrigued, I decided to go down the rabbit hole and see what this was all about,” wrote Kjaer, a 19-year-old computer science student at Swiss Federal Institute of Technology in Switzerland, in a blog post Monday.
What he found was what he called a “glaring security hole” in the Google Chrome Webstore that allowed malware authors to infect Chrome browsers via a bogus age verification extension.
Cici’s Pizza: Card Breach at 130+ Locations
Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.
In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.
Cicis restaurant chain experiences data breach
PayPal Fixes CSRF Vulnerability in PayPal.me
PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission.
The issue stemmed from a cross-site request forgery (CSRF) vulnerability that existed in PayPal.me, a site the company launched last year to let its users request money; similar to what Venmo, another property it owns, does.
Florian Courtial, a French software engineer who hunts for bugs in his spare time discovered the vulnerability and discussed it on his personal blog earlier this week. Courtial previously disclosed bugs in Slack and the project management app Trello.
EU Cookie Law Popup Pushes Dodgy Chrome Extension ..
.. Down Your Throat
Belgian security researcher Bart Blaze has come across a new method of pushing Chrome extensions using scareware tactics.
The researcher noticed this new trick while surfing the Web. When on a particular site he did not want to name, he noticed an annoying popup trying to scare users into thinking their browser contained malware.
"Your browser contains MALWARE. You have to install Chrome Malware Removal tool," the popup read, which when the user pressed OK, would redirect him to a Google Chrome Web Store page, where the user could install the Chrome Malware Removal Tool extension.
Firefox to Block Flash in August, Disable in 2017
Starting next year, Firefox users who navigate to pages that contain Flash will be asked for their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.
Benjamin Smedberg, Manager of Firefox Quality Engineering at Mozilla, confirmed in a blog post on Wednesday that the browser will also begin blocking non-essential Flash content next month, as another step to making the browser run more efficiently.
Blog post by Benjamin Smedberg: Reducing Adobe Flash Usage in Firefox
Hacker steals 1.6M accounts from top mobile game's forum
A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.
The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.
In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted.
Clash of Kings forum hacked — data leaked on 1.6M accounts
Companies Behind Warframe, Clash of Kings Games Suffer Data Breaches
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.
That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday.
Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.