What Really Caused Facebook's 500M-User Data Leak?

What Really Caused Facebook's 500M-User Data Leak?

Or was it the 419 million Facebook user records, including hundreds of millions of phone numbers, names, and Facebook IDs, scraped from the social network by bad actors before a 2018 Facebook policy change, that were exposed publicly and reported by TechCrunch in September 2019?

Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls

Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls

"Covid for us was really an opportunity to take a step back and evaluate how we’re all working, how things are going, and what might be next for the red team," Ionescu says.

A Windows Defender Vulnerability Lurked Undetected for 12 Years

A Windows Defender Vulnerability Lurked Undetected for 12 Years

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender—renamed Microsoft Defender last year—uses to delete the invasive files and infrastructure that malware can create.

The NSA Warns That Russia Is Attacking Remote Work Platforms

The NSA Warns That Russia Is Attacking Remote Work Platforms

In an advisory today, the National Security Agency said that Russian state-sponsored groups have been actively attacking a vulnerability in multiple enterprise remote-work platforms developed by VMware.

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

The genius of the attack, though, is that the bug was exploitable through an iPhone's Wi-Fi features, meaning that an attacker just needed some antennas and adapters to launch the assault whenever they chose, compromising any nearby iOS device.

A Facebook Messenger Flaw Could Have Let Hackers Listen In

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Discovered by Natalie Silvanovich of Google's Project Zero bug hunting team , the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack.

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

A Critical Flaw Is Affecting Thousands of WordPress Sites

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.

An Alexa Bug Could Have Exposed Your Voice History to Hackers

An Alexa Bug Could Have Exposed Your Voice History to Hackers

Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses.

Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug

Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug

On top of all of that, says Check Point's head of vulnerability research Omri Herscovici, the Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack.

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them.

Encryption-Busting EARN IT Act Advances in Senate

Encryption-Busting EARN IT Act Advances in Senate

The law enforcement operation lasted more than three months and was made possible through police access to a secure communications platform called EncroChat, which offered encrypted messaging, disappearing messages, and an emergency data wiping feature.

The Long Path out of the Vulnerability Disclosure Dark Ages

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.

Cisco Flaws Put Millions of Workplace Devices at Risk

Cisco Flaws Put Millions of Workplace Devices at Risk

Attackers could use related flaws, also disclosed by Armis, to attack batches of Cisco devices at once—like all the desk phones or all the webcams—to shut them down or turn them into eyes and ears inside a target organization.

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

In fact, Neuberger said that disclosing the code verification bug to Microsoft and the public is part of a new NSA initiative in which the agency will share its vulnerability findings more quickly and more often.

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Like, say, the revelation that you can hack Alexa, Google Assistant, and Siri with lasers .Take the two former Twitter employees who allegedly used their insider access to spy on behalf of Saudi Arabia —a stark reminder of how ill prepared even the biggest companies are to protect consumer data from the people who work there.

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

But this is the first instance where I’ve seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability.

FAO - News Article: New pathway for food systems development

FAO - News Article: New pathway for food systems development

FAO’s leader points to the need to turn food systems into accelerators of the SDGs. 25 September, 2019, New York - Food systems are huge economic, social and environmental drivers of transformational change, FAO Director-General Qu Dongyusaid today.

A Password-Exposing Bug Was Purged From LastPass

A Password-Exposing Bug Was Purged From LastPass

Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension.

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

An Operating System Bug Exposes 200 Million Critical Devices

An Operating System Bug Exposes 200 Million Critical Devices

But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates .

China Distributes Spyware at Its Border and Beyond

China Distributes Spyware at Its Border and Beyond

Though they are developed by well-known companies and the location sharing is advertised for accepted uses, these apps also have the potential to be exploited by attackers who have access to victim devices.

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

According to Cavallarin, Apple said it would fix the problem by mid-May. When the company still hadn’t done so by the time a standard 90-day disclosure deadline had passed, Cavallarin went public, publishing a full description and proof-of-concept code on May 24.

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

When security researcher Rob Graham scanned the entire public internet for BlueKeep-vulnerable machines on Monday, using a tool he built, he found that 923,671 machines hadn't been patched, and were thus still exposed to any potential worm.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe .

How Hackers Broke WhatsApp With Just a Phone Call

How Hackers Broke WhatsApp With Just a Phone Call

But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them.

A Cisco Router Bug Has Massive Global Implications

A Cisco Router Bug Has Massive Global Implications

But the Red Balloon researchers found that the way the FPGA was implemented for Cisco’s Trust Anchor, they didn’t need to map the whole bitstream.

The Strange Journey of an NSA Zero-Day Vulnerability—Into Multiple Enemies' Hands

The Strange Journey of an NSA Zero-Day Vulnerability—Into Multiple Enemies' Hands

Most notably, Symantec says the Chinese group's hacking had planted an NSA backdoor on the network of its victims using a zero-day vulnerability in Microsoft's Server Message Block or SMB software, also seemingly learned by studying the NSA's hacking tools.

How can Bhutan better prepare for earthquakes?

How can Bhutan better prepare for earthquakes?

To that end, Bhutan embarked on the $1.29 million Improving Resilience to Seismic Risk project funded by the Japan Policy and Human Resources Development (PHRD) Technical Assistance Program to Support Disaster Reduction and Recovery.

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.