New Browser Attack Allows Tracking Users Online With JavaScript Disabled

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Although these methods exploit a covert timing channel in the CPU cache, the new attack devised by Ben-Gurion researchers targets a cache-based side-channel in modern web browsers.This string search is followed by a request for a CSS element that requires DNS resolution from the malicious server.

New browser-tracking hack works even when you flush caches or go incognito

New browser-tracking hack works even when you flush caches or go incognito

Researchers from the University of Illinois, Chicago said in a new paper that most browsers cache the images in a location that’s separate from the ones used to store site data, browsing history, and cookies.

Computer-stored encryption keys are not safe from side-channel attacks

Computer-stored encryption keys are not safe from side-channel attacks

In the paper Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers explain how they determine decryption keys for mathematically-secure cryptographic schemes by capturing information about secret values inside the computation taking place in the computer.

Pseudonymization vs. Encryption: Fight!

Pseudonymization vs. Encryption: Fight!

IDC 2020 predictions show that enterprises will prepare for the digitized economy by accelerating investments in key technologies and new operating models to become hyper speed, hyperscaled, and hyperconnected organizations.

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a link!

The Capitol Attack Doesn’t Justify Expanding Surveillance

The Capitol Attack Doesn’t Justify Expanding Surveillance

Right now, a growing chorus is demanding we use facial recognition, cellphone tower data, and every manner of invasive surveillance to punish the mob.Rather than responding to these attacks with a new mandate for expanded policing powers, we need to expand our civilian oversight.

Ransomware Gang Collects Data from Blood Testing Lab

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.

T-Mobile rounds out this awful year with another data breach, affecting hundreds of thousands of subscribers

T-Mobile rounds out this awful year with another data breach, affecting hundreds of thousands of subscribers

T-Mobile has confirmed to Android Police it has shut down a data breach operation that may have harvested a small group of customers' phone numbers, number of lines per account, and call diagnostic metrics.

The widening SolarWinds debacle shows why the reckless idea of backdooring encryption must be dropped forever

The widening SolarWinds debacle shows why the reckless idea of backdooring encryption must be dropped forever

Wilfully introducing a potential vulnerability into encrypted messaging programs used by billions of people is also “an act of recklessness”, given the high probability that national actors or PSOAs will find and exploit weaknesses.

Suspected Russian hackers spied on US federal agencies

Suspected Russian hackers spied on US federal agencies

On Monday, the US national security council said it was working closely with the FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”.

‘Be a mensch’: Hackers leak negotiation texts as Israeli insurer refuses ransom

‘Be a mensch’: Hackers leak negotiation texts as Israeli insurer refuses ransom

The group responsible for the attack, Black Shadow, had said that if the requested sum of 50 bitcoins ($950,000) was transferred into its account by Friday morning it would not publish or sell the information.

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all.

Tesla Hacked and Stolen Again Using Key Fob

Tesla Hacked and Stolen Again Using Key Fob

The key fob for the Model X key uses Bluetooth Low Energy (BLE) to interface with a smartphone app to allow for keyless entry, which is where the vulnerabilities lie, researchers said in a press release published online about the hack.

No Safety without (Cyber-)Security!

No Safety without (Cyber-)Security!

It’s a common experience: I talk to people developing safety-critical embedded systems, be it cars or medical devices, and, while clearly serious about product safety, they show little interest in security.

Privacy News Online | Weekly Review: November 20, 2020

Privacy News Online | Weekly Review: November 20, 2020

In a new blogpost on Microsoft’s blog, Alex Weinert – Director of Identity Security – has urged users to stop using SMS and call based multi-factor authentication.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.

Cyber-Criminals Target Naked Zoom Users

Cyber-Criminals Target Naked Zoom Users

The email, titled "Regarding Zoom Conference call," claims that the attacker exploited a zero-day vulnerability to access the victim's private data.

ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure

ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure

The ICO’s investigation found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).

My friend’s Whatsapp was hacked – and how you can avoid it

My friend’s Whatsapp was hacked – and how you can avoid it

An attacker who has phished your friend’s Whatsapp account may trigger an OTP for your number to your phone, and may message you asking for it.

A New Attack Vector Discovered in Comcast's Remote

A New Attack Vector Discovered in Comcast's Remote

By extensively reverse-engineering both the remote’s firmware and the corresponding software it communicates with on the set-top box, we were able to find a vulnerability in the way the remote handled incoming RF packets.

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Comcast TV Remote Hack Opens Homes to Snooping

Comcast TV Remote Hack Opens Homes to Snooping

“Few people think of their television remote controls as ‘connected devices,’ fewer still would guess that they can be vulnerable to attackers, and almost no one would imagine that they can jeopardize their privacy,” said researchers with Guardicore, in a Wednesday post.

When coffee makers are demanding a ransom, you know IoT is screwed

When coffee makers are demanding a ransom, you know IoT is screwed

Once the device connects to a home network, this ad hoc SSID required to configure the coffee maker and initiate any updates is no longer available.

Bing mobile app database left open to hackers, millions of user data sets compromised

Bing mobile app database left open to hackers, millions of user data sets compromised

Bing is the search engine owned by Microsoft and data related to the mobile app for iOS and Android has been found in an open server.Nearly 100 million records had been collected by bad-actors by the time a second Meow attack hit the server on September 14.

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

Cyber Deception Reduces Data Breach Costs by Over 51% and SOC Inefficiencies by 32%

Cyber Deception Reduces Data Breach Costs by Over 51% and SOC Inefficiencies by 32%

FREMONT, Calif.--(BUSINESS WIRE)--Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced the results of a new research report conducted with Kevin Fiscus of Deceptive Defense, Inc., “Cyber Deception Reduces Breach Costs & Increases SOC Efficiency.” The paper identifies the direct and measurable financial and productivity benefits of deception technology for organizations of all types and sizes.

The 5 biggest data breaches of the 21st century

The 5 biggest data breaches of the 21st century

During the final sale of its core internet business to Verizon in 2017, Yahoo admitted they had actually been the target of several different large scale data breaches bringing the new number of compromised accounts to a staggering 3 billion.

Experian breach affects over 24 million customers and businesses in South Africa

Experian breach affects over 24 million customers and businesses in South Africa

ShareTweet Consumer credit reporting agency Experian has suffered a data breach at their South African branch.

Privacy News Online | Weekly Review: August 21, 2020

Privacy News Online | Weekly Review: August 21, 2020

Court finds UK police use of facial recognition technology breaches privacy rights, data protection laws and equality laws.XCSSET is another new malware discovered by Trend Micro targets Mac devices and the developers that use them.

Alexa hack granted attackers access to an Echo user's smart home network

Alexa hack granted attackers access to an Echo user's smart home network

A number of vulnerabilities have been revealed in Amazon's Alexa, highlighting the need for providers of smart home platforms, such as Apple's HomeKit, to maintain security as part of the service.