security Stories June 3, 2020
security Stories January 9, 2020
Ring fires employees for spying on customer videos stored in the cloud
Video doorbell company Ring, a subsidiary of Amazon, says that it has fired employees for spying on customer videos stored on its cloud servers. Although the doorbell cameras are intended for outdoor coverage, the company also sells cameras for use inside the home …
security Stories June 20, 2019
Update: Google told The Verge that it has now fixed the problem.
We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest. We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.
Used Nest cams allow the original owner to spy on whoever buys them. The problem was discovered by a former owner of the popular Nest Cam Indoor.
Worryingly, the behavior survives the official reset procedure, and right now there appears to be no fix available for it …
security Stories February 5, 2019
Safer Internet Day is officially today, but Google is spending the entire week discussing security and launching new features. The first is a Password Checkup Chrome extension that will advise users to reset credentials breached on third-party sites, while Cross Account Protection extends first-party tools to re-secure breached Google Sign In apps.
security Stories January 29, 2019
Targeting elections is now a common tactic aimed at disrupting democracy around the world. Last year, Google announced voter education, Ads Transparency, and security trainings ahead of European Parliament elections in May. The company today provided an update, including Jigsaw expanding its Project Shield DDoS protections.
security Stories September 28, 2018
Facebook admits cyber attack may have exposed info from 50 million accounts to hackers
Just after confirming the controversial practice of using 2FA phone numbers to send targeted ads to Facebook users, the platform has discovered a flaw that’s left at least 50 million accounts compromised to attackers.
security Stories September 7, 2018
A ‘sophisticated’ attack on British Airways’ mobile app and website has exposed the names, email addresses and full credit card details of 380,000 customers.
Of particular concern is the fact that the attackers captured the three-digit CVV security codes on the backs of cards, something that should not normally be possible …
security Stories September 3, 2018
security Stories August 24, 2018
Google and other tech giants discussing countermeasures to election disinformation
Google is one of more than a dozen tech giants meeting today to discuss countermeasures for state-sponsored disinformation campaigns on their platforms during the run-up to the 2018 midterm elections …
security Stories August 14, 2018
Banks secretly monitoring how you use your phone and computer to detect fraud
Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer …
security Stories August 8, 2018
Researchers funded by the Department of Homeland Security say that they have discovered major security vulnerabilities likely to affect millions of US smartphones.
The flaws have been found in unspecified phones sold by Verizon, AT&T, T-Mobile, Sprint and other carriers …
security Stories August 7, 2018
November’s midterm election will be the first time it’s ever been possible for US citizens to vote using a smartphone app.
Despite an extremely limited rollout, and tests revealing no issues, some election officials and security experts have expressed horror at the potential risks …
security Stories August 1, 2018
G Suite can now alert admins of accounts targeted by government-based attackers
security Stories July 25, 2018
TSA testing 3D scanner that will let you leave your laptop and tablet in your hand-baggage
Going through Security is one of the more tedious aspects of air travel, especially given the need to remove laptops, tablets and liquids from bags, which makes the process even slower …
security Stories July 23, 2018
Two-factor authentication is increasingly becoming a requirement to protect online accounts from phishing attacks. With methods ranging from SMS to prompts, one of the more secure forms involves Security Keys, with Google highlighting the success of rolling out these devices.
security Stories July 18, 2018
Venmo’s default settings expose ‘alarming’ personal data, shows analysis of 200M transactions
A security researcher who analyzed more than 200 million Venmo transactions said that she was able to learn ‘an alarming amount’ about the private lives of users thanks to a privacy weakness in the app.
security Stories July 9, 2018
Timehop hacked: users advised to take urgent steps to protect their cellphone numbers
Timehop, an app which resurfaces memories from your past social media posts, says that it has been hacked. Names, email addresses and phone numbers have been obtained, and the company urges users to take urgent steps to protect their cellphone numbers …
security Stories June 26, 2018
If you’re in the market for a new wireless router, you’d be well advised to look out for models which support a new security standard. After relying on WPA2 for security for more than a decade, the Wi-Fi Alliance has just begun certifying products that use its replacement: WPA3 …
security Stories May 11, 2018
security Stories April 26, 2018
Google will make 3rd-party logins more secure in May with a new account verification feature
Google takes security very seriously, especially when it comes to logging in to your account. Today, the company has announced a new sign-in feature that should help out with upping the security even further.
security Stories April 12, 2018
Updates on Android have long been a mess. Despite Google’s best efforts to improve security and make updates easier for everyone, it’s rare that an OEM can actually keep up with everything Google is doing. According to a new report, though, some have just been saying they’re up to date, without actually putting in the work…
security Stories April 2, 2018
ACLU & others call for tech companies – including Google – to sign four-point ‘security pledge’
The American Civil Liberties Union (ACLU) and six other campaign groups have responded to the Facebook privacy controversy by calling on tech companies to sign a ‘security pledge.’ The pledge asks companies to make four promises to their customers and users …
security Stories March 23, 2018
Crashing apps happen on all platforms, but on Android, they can be more common because of the numbers of variables developers have to work around. To get data on why an app is crashing, developers often collect crash reports once the user reopens an app. However, some developers are getting a warning from Google to change the way those reports are being collected…
security Stories March 21, 2018
Director of Information Security Engineering leaves Google as industry-wide privacy concerns grow
Google has lost a member of its Information Security team. These past few weeks have been a tumultuous time in terms of Information Security, with recent allegations against Facebook including the Cambridge Analytica scandal, but it’s unclear the reasoning behind his departure.
security Stories March 20, 2018
Telegram loses Supreme Court appeal in Russia, must hand over encryption keys
security Stories February 19, 2018
Google exposes security flaw in Microsoft Edge, no ETA on patch 90 days after discovery
Google has discovered security flaws in competitors products several times in the past, and those discoveries have become the source of some friction. In recent years, that’s included Microsoft, and now Google has discovered yet another issue.
security Stories January 22, 2018
A Google engineer recently spoke at a conference and stated that only roughly 10 percent of all Google account holders have enabled two-factor authentication. That is a surprisingly low percentage of users not taking every step possible to protect their Google and email accounts.
Why haven’t you enabled two-step authentication on your Google account?
Online security is an increasingly big deal in our day-to-day lives, and there are two easy methods of keeping our data secure. First, a strong password, and secondly, two-factor authentication. If used properly, these can do wonders for keeping your online data safe, but so few actually use them as they should…
security Stories January 10, 2018
Spectre and Meltdown took the entire technology industry by storm last week, but fortunately companies are working towards patching the vulnerabilities. For Chrome OS, most recent devices are patched against Meltdown, with Google posting a complete list on the current status of mitigations.
security Stories January 4, 2018
Following yesterday’s disclosure of the CPU Speculative Execution issue raging through the tech industry by the Project Zero team, Google is now detailing the mitigations for the security flaw. In a blog post, the company also discusses the impact to processor and cloud performance.
security Stories January 3, 2018
Over the past 24 hours, the tech industry has been rocked by a wide-ranging CPU vulnerability. Discovered by Google’s Project Zero security team last year, details of the exploits have now officially emerged. Meanwhile, Google has provided a full list of mitigation status for its products from Android to enterprise services.
security Stories December 19, 2017
The Department of Homeland Security found that almost all apps used by emergency professionals have vulnerabilities.
Of the 33 popular first responder apps tested, all but one was found to raise potential security and privacy concerns – and more than half had ‘critical flaws’ …
security Stories December 1, 2017
In recent years, Google has expanded the scope of Safe Browsing to Gmail on the web and third-party Android apps, while protecting against more kinds of threats. The latest update adds additional protections in the forms of user warnings against Android apps that collect user and device data without permission.
security Stories October 25, 2017
Security researchers at Kaspersky Lab say that a number of popular dating apps are vulnerable to up to three types of attack, potentially revealing anything from user location to full identity and employer …
security Stories October 18, 2017
Google defaulting from SMS to phone-based Prompt for new 2-Step Verification users
Last year, Google announced a new method for 2-Step Verification that is built into Android and available on iOS. The Google Prompt replaces the hackable SMS method and was recently updated to include more detailed information. Today, Google announced that the Prompt will become the default method for new sign-ups.
security Stories October 16, 2017
WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.
All platforms are vulnerable, but the paper notes that Android 6.0 and later – along with Linux – is a particularly easy target, an attack against these devices being described as ‘trivial’ …
security Stories July 14, 2017
U.S. Border Protection can search devices but not cloud accounts, as searches climb dramatically
U.S. Customs and Border Protection has advised a Senator that while it has the power to search electronic devices and examine all data stored on them, these powers do not extend to searching data stored in the cloud …
security Stories July 6, 2017
Cabin baggage ban on laptops & tablets over in all but name after latest exemption
The ban on laptops and tablets in cabin baggage on certain flights into the USA is over in all but name as a fourth airline is exempted. It’s clear by this stage that the ban was simply an aggressive way to force airports and airlines to adopt tougher security screening measures.
security Stories May 31, 2017
It’s been more than two months since the U.S. government banned tablets and laptops from cabin baggage on flights from 10 airports, and there has been much talk since of extending the ban.
An iPad bomb plot was said to have been one factor behind the original ban. The Trump administration last month considered extending the ban to all flights from Europe, with the plan said to be ‘under active consideration‘ before it was reportedly rejected.
Now, however, it appears that an even more widespread ban is on the table …
security Stories May 26, 2017
The image above illustrates just one attack vector, clickjacking – where the user thinks they are okaying one thing while invisibly okaying something else. For illustrative purposes, the researchers have made the real action visible behind the overlay, but in real use (seen in the video below) the permission box would be invisible to the user …
security Stories May 24, 2017
PSA: Many major media players vulnerable to attack via malicious subtitles files [Video]
Security researchers have discovered a surprising new way for attackers to gain control of a machine: malicious subtitles. The vulnerability is device-independent, meaning it could be used to gain control of anything from a smartphone to a PC or Mac.
security Stories May 12, 2017
Nobody wants to risk buying a stolen item. Even if you leave aside the morality issue, buying stolen devices creates a market for further thefts. And with smartphones, a stolen device can be be rendered useless by a combination of remote locking and blocks by carriers.
Wireless trade body CTIA has now created a free online tool to allow anyone to instantly check whether a phone is registered as lost or stolen …
security Stories April 25, 2017
A U.S. ban on carrying laptops and tablets in the cabin of inbound international flights may be extended to European countries, including the UK. Any electronic device larger than a phone would have to be placed in hold baggage.
The U.S. government currently applies the ban to flights from 10 airports, mostly Middle Eastern and North African. The measure was introduced last month, the Department of Homeland Security stating that it was in response to intelligence suggesting that terrorists planned to smuggle explosives inside consumer electronics items …
security Stories March 22, 2017
The Android Security team has just published its year in review of the mobile operating system for 2016. Sifting through the report, major highlights include improvements in dangerous app detection and increased collaboration with partners on monthly patches. Google also shared some of its security plans for the year ahead.
security Stories March 21, 2017
Tablets & laptops banned from cabin baggage on flights to USA from 10 airports
The U.S. government has announced a ban on carrying tablets, laptops and other ‘large electronic devices’ in cabin baggage on flights to the USA from 10 airports. The measure is said to be in response to intelligence on terrorism threats from eight countries, mostly Middle Eastern and North African, reports the BBC.
security Stories March 15, 2017
Thousands of Twitter users have this morning had their accounts hijacked and used to tweet a swastika and Nazi hashtags. The attack appears to be in support of Turkey’s President, urging support for a referendum which could allow President Erdoğan to remain in power until 2029.
The Verge reports that many verified and high-profile Twitter accounts were compromised, and that the hijack appears to have been carried out via a third-party app.
Accounts operated by Amnesty International, Duke University, Reuters Japan, and BBC North America were among those hijacked. Several users have noted that all hijacked tweets appear to have been linked to Twitter Counter, a Netherlands-based analytics application. Twitter Counter was previously targeted in a November 2016 attack that caused some high-profile accounts to spread spam.
Twitter confirmed that a third-party app was behind the hack, so checking which apps have permission to access your Twitter account is one important step to take. Here’s a quick checklist to check the security of Twitter and other services …
security Stories March 7, 2017
Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for Android devices, in addition to one targeting Apple’s iOS. A zero-day exploit is one unknown to Google or security researchers, so cannot be protected against.
A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
The CIA is also said to have teams working on attacking Windows and Samsung TVs, ‘which are turned into covert microphones.’
Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware it uses to attack devices …