The Mac version of the Shazam music discovery application keeps the device’s microphone active even after the user has switched off the app. While it doesn’t appear that Shazam is trying to spy on users, this behavior does have some security implications.
Patrick Wardle, director of research at Synack, recently warned that malware could silently spy on Mac OS X users through the device’s webcam and microphone by piggybacking on legitimate applications that use these functions, such as FaceTime and Skype.
Continued: http://www.securityweek.com/shazam-mac-keeps-listening-even-when-disabled
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
NEWS - November 15, 2016
More than a million users have downloaded a particularly sneaky Android trojan that's available on the official Google Play Store.
The Russian security firm Doctor Web found that the malware, known as Android.MulDrop.924, likes to disguise itself as games and other apps on Google Play Store and other app marketplaces.
Continued: https://www.grahamcluley.com/android-trojan-downloaded-million-users-google-play/
Discussion is locked
6 Posts
- Collapse
- Collapse -
- Collapse -
Security firm Kryptowire has uncovered a backdoor in the firmware installed on low-cost Android phones, including phones from BLU Products sold online through Amazon and Best Buy.
The backdoor software, initially discovered on the BLU R1 HD, sent massive amounts of personal data about the phones and their users’ activities back to servers in China that are owned by a firmware update software provider. The data included phone number, location data, the content of text messages, calls made, and applications installed and used.
Continued: http://arstechnica.com/security/2016/11/chinese-company-installed-secret-backdoor-on-hundreds-of-thousands-of-phones/
- Collapse -
Hundreds of millions of Adult FriendFinder (AFF) accounts appear to have been exposed once again.
A database of usernames, emails, and passwords of footloose and fancy free members, along with those from associated websites, has leaked and surfaced online.
The breach has not been confirmed by the site’s parent company FriendFinder Networks, which is reportedly looking into claims of yet another hack.
Continued: http://www.theregister.co.uk/2016/11/14/adultfriendfinder_alleged_leak/
- Collapse -
British telecoms firm TalkTalk would love the world to think that they suffered a highly sophisticated and sustained attack. The truth, however, is that they fell foul of a bog standard SQL injection attack - the type that any decent web programmer has been hardening their systems against for the last 20 years or so.
As I describe in my video, the SQL injection attack, combined with leaving database software unpatched 3.5 years after a fix was available, and not putting better monitoring systems in place after earlier attacks, meant that TalkTalk was easy prey for a 16-year-old hacker to breach their systems.
Continued: https://www.grahamcluley.com/teenager-admits-hack-lets-forget-talktalks-shameful-security/
- Collapse -
The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public.
Researchers at Kaspersky Lab said they have already folded the keys into the company’s Rakhni decryptor and victims of CrySis versions 2 and 3 now have a means of recovering their lost files.
Continued: https://threatpost.com/crysis-ransomware-master-decryption-keys-released/121942/
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic