Posts

With Chrome 70, hundreds of popular websites are about to break

A lot of secure sites are set to grind to a halt with security error messages in the next version of Google  Chrome, after the browser will drop trust for a major HTTPS certificate provider following a series of security incidents.

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites … Read more...

This is how cyber attackers stole £2.26m from Tesco Bank customers

Poor debit card security and a “series of errors” in reporting exacerbated an incident that could have been easily avoided.

The inner workings of a cyber attack against Tesco Bank which saw £2.26m stolen from 9,000 customers — and resulted in the bank being fined over £16.4m for the failings that allowed it to happen — have been revealed.

The … Read more...

Hackers have planted credit card stealing malware on local government payment sites

Security firm FireEye  has confirmed that a widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers.

Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server that allowed the attacker to upload malware to siphon … Read more...

Facebook says at least 50 million users affected by security breach

Facebook  has said at least 50 million user accounts may be at risk after hackers exploited a security vulnerability on the site.

The company said in a blog post Friday that it discovered the bug earlier in the week. The bug is part of the site’s “View As” feature that lets a user see their profile as someone else. Facebook … Read more...

NSA has yet to fix security holes that helped Snowden leaks

It would still be possible for someone to sneak out sensitive data.

Edward Snowden’s success in leaking NSA data was chalked up in part to the agency’s own security lapses, so you’d think that the agency would have tightened up its procedures in the past five years… right? Apparently not. The NSA Inspector General’s office has published an audit indicating … Read more...

Samsung patches multiple Smart Things Hub security flaws

Samsung’s SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some … Read more...

How I made my own WireGuard VPN server

WireGuard claims to be faster and more secure than OpenVPN

Some of you may have heard about VPN protocols that let you establish a connection between your device and a server, such as OpenVPN and IPsec. But there’s a brand new shiny protocol that promises to be faster and more secure at the same time .

But WTF is a Read more...

Email encryption flaws can expose Apple Mail, Outlook, and Thunderbird messages

Ahead of a full release of details on May 15, European researchers and the EFFare providing an early warning that messages encoded with PGP/GPG and S/MIME are vulnerable to a set of serious security vulnerabilities — an issue impacting over 20 email clients. As there are “currently no reliable fixes for the vulnerability,” the researchers are advising users to … Read more...

Windows 10: We’re going to kill off passwords and here’s how, says Microsoft

Microsoft wants to banish ‘​inconvenient, insecure, and expensive’ passwords. So what’s going to replace them?

Microsoft wants to banish the use of passwords to log into Windows devices, and has showcased some of the new technologies it wants to use to make this happen.

“Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so … Read more...

Over a million vulnerable fiber routers can be easily hacked

Most of the GPON home gateways are found in Mexico, Kazakhstan, and Vietnam.

Over a million fiber routers can be remotely accessed, thanks to an authentication bypass bug that’s easily exploited by modifying the URL in the browser’s address bar.

The bug lets anyone bypass the router’s login page and access pages within — simply by adding “?images/” to the … Read more...