Recent Posts

Pages: [1] 2 3 ... 10
Fraudsters can build a detailed profile of victims without ever using the dark web, according to our latest investigation.

By Faye Lipson

Never mind the so-called dark web – a Which? investigation has revealed that website passwords, signatures, dates of birth and addresses are all readily available on the everyday ‘clear’ web.

Working with experts from cyber-security firm SureCloud, we set out to discover the damage that can be wrought by criminals using personal details available on the public internet.

full article here:
 by Paul Ducklin   

If you’re a Naked Security reader, you’ve probably heard of Ghostery.

Even if you don’t use it yourself, you’re likely to have seen it mentioned, almost certainly positively, in comments by other readers.

In its own voice, “Ghostery is a browser extension that helps you to manage website trackers for a cleaner, faster, safer experience.”

Ghostery’s German owner, Cliqz – itself part-owned by Mozilla – makes a Firefox-based browser called (you may have guessed this already) Cliqz, “the no-compromise browser” that “gives you relevant search results and does not leak your private data.”

full article here:
May 26, 2018  By Pierluigi Paganini

he attack could allow them to exfiltrate data in plaintext from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a second guest on the same machine.

The Secure Encrypted Virtualization feature allows to encrypt and decrypt virtual machines on the fly while stored in RAM to protect them from snooping on VMs.

Thanks to the Secure Encrypted Virtualization, hijacked hypervisor, kernel, driver, or malware should be able to snoop on a protected virtual machine.

full article here:
BY: Brian Krebs

The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of these consumer privacy debacles, many are left wondering who’s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels? These are some of the questions we’ll explore in this article.

In 2015, the Federal Communications Commission under the Obama Administration reclassified broadband Internet companies as telecommunications providers, which gave the agency authority to regulate broadband providers the same way as telephone companies.

The FCC also came up with so-called “net neutrality” rules designed to prohibit Internet providers from blocking or slowing down traffic, or from offering “fast lane” access to companies willing to pay extra for certain content or for higher quality service.

full article here:

By Catalin Cimpanu

Three researchers from Columbia University have created a technique named FontCode that can be used to embed hidden messages inside font glyphs (characters).

The technique takes advantage of how computers work with font glyphs, which for them, are nothing more than mathematical equations used to draw lines and curves on a screen.

full article here:
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by boredog on May 26, 2018, 10:34:40 pm »
Not sure she gets paid like umbra for bypassing software but I am in the dark on this CS -Dan issue.
I know she is highly respected but I have not seen her produce a security product as of yet.
By Jay Bonggolto @@JayarDecenella · May 26, 2018 08:26 EDT

Earlier this week, Cisco's security team disclosed a Russian-developed malware called VPNFilter which compromised at least 500,000 routers built by Linksys, MikroTik, NETGEAR, and TP-Link as well as network-attached storage devices manufactured by QNAP. In addition to the threat protections rolled out by Cisco, the Federal Bureau of Investigation (FBI) has also released a public advisory calling on users of the affected networking devices to reboot the routers in order to destroy the malware.

full article here:
By Catalin Cimpanu

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on servers with AMD CPUs.

The research team says their attack, which they named SEVered, is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that's under attack.

full article here:
BY: Chris Smith

In case you were wondering whether Instagram has any creepy user tracking tools of its own, you should know that yes. Yes it does. The mobile app will look exactly at how you tap and scroll inside the app but there’s supposedly a good explanation for that.

On the other hand, Instagram is a Facebook property, so you don’t be surprised to hear that it’s gathering data about you.

According to Business Insider, Instagram wants to know how you track and scroll while inside the app to eliminate its bots problem.

As I’m sure you know by now because every internet company in the world is currently updating its privacy policy at the cost of our inboxes, Europe’s GDPR law is in effect. Instagram, too, notified its users about the upcoming change, and that ’s how you may have found out that the social network is creeping track of your tapping and scrolling habits.

full article here:

By Eduard Kovacs on May 25, 2018
Law enforcement authorities in Russia have arrested an unnamed 32-year-old man who is believed to be part of a cybercrime ring that made up to $8,000 per day using Android banking Trojans.

According to Russia-based cybersecurity firm Group-IB, the suspect is an unemployed Russian national who had previously been convicted for arms trafficking. He was arrested earlier this month and reportedly already confessed.

The cybercrime group used a malicious Android app named “Banks at your fingertips” to trick the customers of Russian banks into handing over their financial information. The banking Trojan was disguised as a tool that claimed to allow users to access all their bank accounts from one Android app. It offered users the possibility to view balances, transfer money between payment cards, and pay for online services.

full article here:
Pages: [1] 2 3 ... 10