A new adware family changes the contact details of legitimate security companies in search results to promote tech support scams.
Dubbed Crusader, the adware is often installed as part of nuisanceware and free software bundles, downloading itself as a free browser extension for Chrome, a Firefox add-on, and Internet Explorer Browser Helper Object. When executed, the malware requests permissions to read and change the information on websites you visit, and should the user grant permission, their entire internet traffic is at risk of exploit or manipulation. Crusader pulls instructions from a configuration file downloaded after a user is infected.Read more
IXmaps wants to “make visible the secret, dangerous, often illegal forms of surveillance that are increasingly becoming part of everyday life.”
Internet data pinballs across national borders, and for Canadians this means potentially exposing it to eavesdropping by US-based corporations and the National Security Agency. Now, an interactive mapping tool named Internet Exchange Mapping (IXmaps), re-launched for public use today, will show you how — and how easily — you data can be spied on by tracing the oftentimes byzantine routes data takes when traversing the internet.Read more
Tesla and SpaceX founder Elon Musk is launching a new company called Neuralink with the intention of connecting computers directly to human brains.
The billionaire entrepreneur, whose other interests include sending humans to Mars, is exploring “neural lace” technology – the implanting of tiny electrodes into the brain that could be used to give direct computing capabilities. Musk has not officially announced the new company but after the Journal’s report he tweeted confirming more news of Neuralink would come out next week.Read more
Two laptops containing personal information of Hong Kong's 3.7 million registered voters have been stolen. The laptops were reported missing by Hong Kong's electoral office, in what could be the city's largest data breach. They were reportedly stolen from a locked room on Lantau Island, off the main Hong Kong island.
The room was a designated backup venue for the chief executive elections held over the weekend. The stolen data included names, addresses and identity card numbers of voters, the office said in a statement. The data was encrypted, so it'll be a lot harder — albeit not impossible — for information to be leaked.Read more
Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information. X.509 security certificates are widely used and integral to many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure web browsing protocol.
“For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the background there are many different steps that are taken to ensure you are safely and securely connecting to the websites that claim they are who they are.Read more
Microsoft is being sued by three people who claim a Windows 10 update destroyed their data. The company "failed to exercise reasonable care in designing, formulating, and manufacturing the Windows 10 upgrade and placing it into the stream of commerce," the complaint filed in Chicago’s District Court alleges.
The complainants argue the software is defective and that any potential risks about installing it were not made clear by the manufacturer. "As a result of its failure to exercise reasonable care, [the company] distributed an operating system that was liable to cause loss of data or damage to hardware,” the complaint reads.Read more
Amber Rudd has called for the police and intelligence agencies to be given access to WhatsApp and other encrypted messaging services to thwart future terror attacks, prompting opposition politicians and civil liberties groups to say her demand was unrealistic and disproportionate.
The home secretary said it was “completely unacceptable” that the government could not read messages protected by end-to-end encryption and said she had summoned leaders of technology companies to a meeting to discuss what to do. Rudd refused to rule out passing new legislation to tackle encrypted messaging if she did not get what she wanted.Read more
Republican lawmakers in the US Senate approved a measure designed to kill federal broadband privacy protections and allow internet service providers to sell your sensitive private information to the highest bidder.
The vote represents the culmination of a year-long campaign by the nation's largest internet service providers and their GOP allies to torpedo FCC rules that require broadband providers to obtain "opt-in" consent before using, sharing, or selling private consumer data. Consumer advocates accused Republican lawmakers of putting the financial interests of a handful of wildly profitable corporate giants ahead of the privacy interests of the American people.Read more
Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future. Researchers released a report warning that consumer, industrial and service robots in use today have serious security vulnerabilities making them easy targets for hackers or accidental breaches.
In a review of 10 robots, which ranged from home, business, and industrial, IOActive said the risks ranged from insecure communications, authentication issues, weak cryptography and missing authorization. Experts said robots suffer from many of the same security shortcomings of as IoT, medical devices, smart cars and plush toys.Read more
Researchers came across a malicious Word document last week that doesn’t discriminate between OS platforms. The malicious Word document is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.
Like many other strains of malware these days, the sample relies on tricking users into enabling macros. Once opened and macros are enabled, malicious VBA, or Visual Basic for Applications, code is executed, which runs the AutoOpen() macro. The macro goes on to read a base64-encoded string in the file, which depending on the operating system, executes a certain script.Read more