Security
Your privacy and rights online. Securing your systems, hacking news and more.
FBI director: TikTok could be China's best espionage tool
Why it matters: Chris Wray has once again shared Washington's concerns over TikTok, an incredibly popular video app that could pose an unprecedented threat to US security. The issue is in the algorithm, and its permeability to the Communist Party's dystopian techno-control apparatus.
Android security defeated with stolen Platform certificates
Facepalm: Like any other modern operating system, Android's design employs a "privilege" based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow.
Hackers find a way to access your personal information and steal your car at the same time
All they need is your VIN, which is visible through your windshield
Mozilla and Microsoft distrust TrustCor certificates due to suspicions over covert spyware operation
TrustCor allegedly had ties with a company making Android spyware
Open-source antivirus ClamAV finally goes 1.0, some 20 years after launch
The antivirus for Linux-based operating systems keeps improving
Google reports on a company selling spyware for Chrome, Firefox, and Windows Defender
Another company similar to RCS Labs and NSO Group
LastPass user information exposed in data breach
These incidents aren't filling customers with confidence
US bans sales and import of products from five Chinese telecoms
A hot potato: The US / China tech clash is entering an even more heated phase, with the FCC acting as a hammer against Chinese companies making network and telecom devices. They're an unacceptable risk to national security, the FCC claims.
New cybersecurity measures are locking aftermarket tuners out of car systems
Networked vehicle systems require additional hardening and encryption to deter cyber attacks
Beware of fake MSI Afterburner that installs cryptojacking and information-stealing malware
The overclocking tool's popularity is being exploited again
A Roblox Chrome extension downloaded by over 200,000 users contains a backdoor
Users should uninstall the Chrome extension "SearchBlox" immediately
PSA: If you have the popular extension SearchBlox installed on Google Chrome, you should immediately uninstall it, clear your cookies, and change your passwords for Roblox and Rolimons. The extension contained a backdoor designed to steal user credentials. Other websites you may have logged into with the extension installed may also be at risk.
A security firm hacked malware operators, locking them out of their own C&C servers
This'll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
Study shows 50% of repair shops snooped on customer devices
Female customers are most likely to become victims
Facebook may have collected some of your IRS filing data if you used an online tax services
Ain't nothin' sacred anymore!
Users claim Windows iCloud app bug is inserting images and videos from other people into their library
Syncing videos results in a corrupted file that displays random images from unknown sources
Meta fires employees for taking bribes to hijack accounts and helping others recover accounts
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
The FBI warns that tech support scams are still popular
And people are still falling for them
Australia is considering a ban on ransom payments to hackers
But would it cause more problems than it fixes?
Security researchers foil NASA docking procedure with novel attack on Ethernet network
Device disrupts real network switches long enough for fake ones to send in signals
US Army and CDC remove code from apps after finding out it was Russian-made
The Siberian company "misled" government bodies into thinking it was an American firm
Google pays researcher $70,000 for discovering simple Android lock screen bypass bug
Make sure your Android device is up to date
Meet Worok, the cyber espionage group hiding malware within PNG image files
In a nutshell: Security researchers have discovered a new malware threat designed to abuse steganography techniques. Worok appears to be a complex cyber-espionage operation whose individual stages are still in part a mystery. The operation's final target, however, has been confirmed by two security firms.
Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
The latest patchfest from Redmond is a much needed one
Password-based hacks have increased 74% over the last year
There are almost 1,000 password-based attacks every second