vulnerability

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…


2 min read

Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.


56 sec read

Toms Shoes newsletter “hacked by a nice man”

Footwear retailer Toms has had its email newsletter compromised by someone who calls himself “a nice man”.

And he has strong opinions on the behaviour of other hackers…


1 min read

How a GIF could let a hacker view your WhatsApp messages

A flaw in WhatsApp could have allowed hackers to snoop upon your chat history just by tricking you into opening a boobytrapped GIF image.

If you’re going to run WhatsApp, make sure that it’s properly updated.


1 min read

It’s been a couple of days, so Apple releases yet another iOS update

Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.


1 min read

tripwire.com

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

15,000 private webcams left open to snooping, no password required

Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet connection to spy upon.

Read more in my article on the Bitdefender BOX blog.


0 sec read

bitdefender.com

How to get away with hacking a US satellite

The US Air Force wants to know if you can hijack control of an orbiting satellite and turn its camera from staring at Earth to point at the moon instead.

Read more in my article on the Hot for Security blog.


0 sec read

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.


1 min read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Ex-Amazon worker – suspected of hacking Capital One – faces charges of breaching 30 other companies to mine cryptocurrency

Capital One isn’t the only organisation allegedly to have had its data breached by Paige Thompson, the former Amazon systems engineer.

Read more in my article on the Hot for Security blog.


0 sec read

iOS 12.4.1 update fixes jailbreak vulnerability that Apple accidentally reintroduced

Apple has fixed the jailbreaking vulnerability in iOS that it previously unfixed.


27 sec read

Hostinger resets passwords following security breach

Web hosting firm Hostinger has reset the passwords of all of its customers after it discovered hackers had breached its systems and accessed a database containing millions of records.


1 min read

bitdefender.com

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

Read more in my article on the Hot for Security blog.


0 sec read