index vulnerabilities
[Link] Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps
Read: 12/8/2022 www.vice.com
In all these cases, the researchers submitted vulnerabilities to Electron to get them fixed, which earned them more than $10,000 in rewards. The bugs were fixed before the researchers published their research.
chat software chromium cyber hacks cybersecurity discord discord hacks electron apps google chrome microsoft microsoft teams tech tech companies vice.com vulnerabilities vulnerability disclosure web web browser apps web browsers web services
[Link] Stop Leaving Your Smartphone's Bluetooth On
Read: 8/2/2022 lifehacker.com
Bluetooth is a handy feature that allows you to easily connect up your various devices, whether you’re trying to get your new wireless headphones to talk to your Android phone or connecting your Apple Watch to your iPhone.
bluetooth bluetooth devices car phone integration cybersecurity data security mobile devices mobile phone tech mobile phone use mobile phones phone hacks phone tracking privacy security vulnerabilities
[Link] This NFT on OpenSea Will Steal Your IP Address
Read: 27/1/2022 www.vice.com
NFTs are usually passive affairs. A consumer buys the token, and then sells or stores the NFT. The NFT doesn’t really do anything.
crypto exchanges crypto tokens crypto trading cryptocurrency cryptocurrency hacks cyber hacks cybersecurity cybersecurity industry denial of service exploits ip addresses metamask nft critiques nfts opensea personal data privacy privacy circumvention surveillance vice.com vulnerabilities xss exploits
[Link] Researcher Found Way to Brute Force Verizon Customer PINs Online
Read: 6/12/2021 www.vice.com
An independent security researcher discovered a way to brute force Verizon PINs online, meaning they could potentially break into Verizon customer accounts. In response, Verizon has taken the impacted web pages offline.
brute force hacks cyber crime cyber hacks cybercrime cybercrime community cybersecurity race conditions sim cards sim porting sim swappers us telcos us telecoms usa verizon vice.com vulnerabilities vulnerability disclosure
[Link] Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure
Read: 22/11/2021 www.theregister.com
Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online.
certificate authorities chain of trust cryptography cybersecurity fake identity fraud identity documents identity theft internet internet infrastructure mistaken identity public key crypto ssl stolen identity threat vectors university research unknown identity vulnerabilities web browsers
[Link] Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating
Read: 12/11/2021 arstechnica.com
About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10.
cybersecurity cybersecurity industry vpns vulnerabilities vulnerability disclosure
[Link] Top Google Result for NFT Marketplace OpenSea Was a Phishing Site
Read: 11/11/2021 www.vice.com
Earlier this week, if you Googled “OpenSea” looking for the eponymous NFT marketplace, you might have found what looks like the site right at the top of Google.
advertising algorithmic reccomend algorithms alphabet crime crypto wallets cyber crime cyber hacks cybercrime cybersecurity fraud google google ads google search internet search nfts opensea phishing search engine delisting search engines vice.com vulnerabilities web services
[Link] Trojan Source attack: Code that says one thing to humans tells your compiler something very different, warn academics
Read: 3/11/2021 www.theregister.com
Updated The way Unicode's UTF-8 text encoding handles different languages could be misused to write malicious code that says one thing to humans and another to compilers, academics are warning.
code compilers cyber hacks cyberpunk future cybersecurity dependency attack encryption github hidden in plain site infocalypse malicious software novel attacks optical illusion software software dependencies software development source code supply chains threat vectors trojan horse unicode unreliable source lol vulnerabilities
[Link] Cryptocurrency Loan Platform Implodes In $130 Million Hack
Read: 28/10/2021 www.vice.com
On Wednesday, crypto lending service C.R.E.A.M. Finance was the target of a hack that stole over $130 million. It’s not only one of the largest heists ever targeting a so-called “decentralized finance” (DeFi) platform, but also the third such hack targeting C.R.E.A.M.
crime crypto exchanges crypto tokens cryptocurrency cryptocurrency hacks cryptocurrency loans cyber crime cyber hacks cybersecurity ethereum financial services financial transactions fintech hackers lmao cryptocurrency theft us sec vice.com vulnerabilities
[Link] Federation 'ill-equipped' to deal with 21st-century challenges as Australia grows 'vulnerable'
Read: 21/10/2021 www.abc.net.au
More than 250 stakeholders are behind a report, as part of the National Resilience Project (NRP), that makes recommendations on topics including energy security, climate change responses, global and regional security risks, and the ongoing COVID-19 pandemic.
aus covid response aus national cabinet australia australia geopolitics australia imports australian federation australian governance australian health australian imports australian politics british empire climate change colonial destruction colonisation complacency covid covid borders covid compliance covid delta variant covid negligence covid outbreaks covid restrictions covid vaccine covid variants covid19 cultural complacency culture democracy energy energy security energy storage federation future democracy government government transparency hacks health health disparities imperial britain imperialism indigenous australia markets neoliberalism party politics politicians politics public health public health crisis shipping south australia state federation university research vulnerabilities
[Link] Cheat Maker Is Not Afraid of Call of Duty’s New Kernel-Level Anti-Cheat
Read: 13/10/2021 www.vice.com
Activision announced its new anti-cheat system, called RICOCHET, on Monday. The company also said the new system will run in the kernel, the core of the operating system, which controls and has access to most of the computer's functions.
activision anti cheat systems blizzard call of duty cybersecurity multiplayer games os kernel vice.com video game announcements video game cheats video game communities video game hacks video games vulnerabilities
[Link] Hackers drain cryptocurrency accounts of thousands of Coinbase users
Read: 10/10/2021 www.pcgamer.com
Between March and May of 2021, hackers managed to get into the accounts and move funds off the platform, draining some accounts dry. Thousands of customers had already begun to complain to Coinbase that funds had vanished from their accounts.
coinbase crypto exchanges cryptocurrency cryptocurrency hacks cyber crime cyber hacks cybersecurity hacks multi factor auth phishing vulnerabilities
[Link] This $40 Trojan virus is a reminder to two-factor all your gaming accounts
Read: 7/10/2021 www.pcgamer.com
Online security firm Kaspersky, makers of one of the best antivirus software options out there,has in recent years been emphasising that gaming accounts are an extremely attractive target for the bad 'uns. Last month for example it reported blocking 5.
credential theft cybersecurity malicious software trojan horse video game hacks video games vulnerabilities
[Link] Former OnlyFans Employees Could Access Users’ and Models' Personal Information
Read: 30/9/2021 www.vice.com
Some former OnlyFans support staff employees still had access to users' data—including sensitive financial and personal information—even after they stopped working for the company used by sex workers to sell nudes and porn videos.
cybersecurity insider threat onlyfans pornography privacy sex work tech companies vice.com vulnerabilities web services
[Link] Spaghetti Detective Users Boiled By Security Gaffe
Read: 22/8/2021 hackaday.com
For readers that might not spend their free time watching spools of PLA slowly unwind, The Spaghetti Detective (TSD) is an open source project that aims to use computer vision and machine learning to identify when a 3D print has failed and resulted in a pile of plastic “spaghetti” on the build p
3d printing cybersecurity hackaday products vulnerabilities web services
[Link] New phishing campaign uses Morse code to bypass security controls
Read: 15/8/2021 www.itpro.co.uk
Hackers used Morse code to evade detection in a year-long phishing campaign, according to Microsoft researchers. Researchers said the campaign, first spotted in July 2020, targeted Office 365 users and attempted to get them to hand over credentials using targeted, invoice-themed XLS.
cybersecurity malicious software microsoft microsoft research morse code phishing vulnerabilities
[Link] Conti ransomware affiliate goes rogue, leaks “gang data”
Read: 15/8/2021 nakedsecurity.sophos.com
If you like a touch of irony in your cybersecurity news, then this has been the week for it. And if that’s not enough to bring a wry smile to your lips, then there’s more.
cyber hacks cybercrime cybercrime community cybercrime infrastructure cybersecurity hacker groups internet malicious software ransomware sophos vulnerabilities
[Link] Discord malware is a persistent and growing threat warns Sophos
Read: 13/8/2021 www.pcgamer.com
A few weeks back, leading cybersecurity company Sophos issued a warning that Discord is becoming an increasingly common target for hackers.
cheats cybersecurity discord malicious software moderation social media sophos tech companies video game cheats video games vulnerabilities
[Link] All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability
Read: 9/8/2021 www.theregister.com
Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider.
alphabet amazon aws cybersecurity dns google internet internet infrastructure microsoft privacy tech companies vulnerabilities
[Link] Is Your Crummy Router Giving Away Your Location?
Read: 8/8/2021 au.pcmag.com
Security researchers at Black Hat showed a new way to discern street-level location data. The key? Crummy routers often provided by internet service providers.
computer hardware internet internet infrastructure isps privacy routers vulnerabilities
[Link] Black-Box Attacks on Perceptual Image Hashes with GANs
Read: 7/8/2021 towardsdatascience.com
A Perceptual image hash (PIH) is a short hexadecimal string (e.g. ‘00081c3c3c181818’ ) based on an image’s appearance. Perceptual image hashes, despite being hashes, are not cryptographically secure hashes.
ai algorithms cryptography cybersecurity hashing algorithms machine learning vulnerabilities
[Link] With help from Google, impersonated Brave.com website pushes malware
Read: 3/8/2021 arstechnica.com
Scammers have been caught using a clever sleight of hand to impersonate the website for the Brave browser and using it in Google ads to push malware that takes control of browsers and steals sensitive data. The attack worked by registering the domain xn--brav-yva[.
brave browser cyber hacks cybercrime cybersecurity google ads internet advertising malicious software search engines tech companies vulnerabilities web browsers
[Link] Feds list the top 30 most exploited vulnerabilities. Many are years old
Read: 31/7/2021 arstechnica.com
Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits.
cyber hacks cyberforensics cybersecurity microsoft vulnerabilities