Security researchers have discovered a potential way to steal users Gmail credentials from a Samsung smart fridge. Pen Test Partners discovered the MiTM vulnerability that facilitated the exploit during an IoT hacking challenge at the recent hacking conference.

The hack was pulled off against the smart fridge, part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app. While the fridge implements SSL, it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. The internet-connected device is designed to download Gmail Calendar information to an on-screen display.

About a decade ago, spam brought email to near-ruin. The contest to save your inbox was on, with two of the world’s biggest tech companies vying for the title of top spam-killer. Microsoft boasted that its spam filters were removing all but 3 percent of the junk messages from Hotmail, the company’s online email service at the time.

Google responded by claiming that its service, Gmail, removed all but about one percent of spam messages, adding that its false positives rate was also about one percent. It was a point of pride for the two companies, particularly Microsoft, whose Hotmail service once carried such a poor reputation for spam.

It’s no secret to anyone to know that Google keeps every bit of data it collects about each of its users. This data includes, but is not limited to, search phrase history, links clicked, Gmail conversations and so on.

All data is kept and processed “in their ordinary course of business,” which obviously includes spam filtering, selecting relevant ads for users and the individual tuning of search results. This last piece is still not obvious to most users, but for the last few years each of us has had our very own Google. If you find something funny or unexpected, or you see your own website on the first page of search results, don’t rush to show this to your friends.

It's easy to understand why privacy advocates and policymakers are sounding alarms about online privacy in general – and singling out Google in particular. If you use Google's search engine, Google knows what you searched for as well as your activity on partner Web sites that use its ad services.

The more Google knows about you, the more it can match you to an advertiser who thinks you are an ideal customer. Advertisers are willing to pay more for ads served to ideal potential customers. For instance, airlines want to target people who love to travel. Want to find out all the things Google knows about you? Here are 6 links that will show you some of the data Google has about you.

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account.

Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer. Researchers say they’ve found a strain of malware on a client’s network that uses that new, furtive form of “command and control”—the communications channel that connects hackers to their malicious software—allowing them to send the programs updates and instructions and retrieve stolen data. 

In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.

The number of requests, contained in a 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than previously disclosed and that oversight protecting Americans from potential abuses is lax. The audit, which was reported on earlier by Politico, found that in many cases the Postal Service approved requests to monitor an individual’s mail.

The popular Mailpoet WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are seeing another string of mass exploitation attempts against WordPress websites.

Those that are not or have not updated are getting infected repeatedly via this vector, the issue is further compounded because the attackers are using it as a spring board into the reset of their account further compromising their entire account. Please, we cannot stress the importance of updating, not just your active website, but any other websites you have in your stack, under the same account. 

Not all accounts are created equal. It’s only natural that you would care less about an ESPN Fantasy Football account than you would care about your online banking or PayPal account.

Anyone who spends even a little time thinking about security is careful to use a strong password and proceed with caution when accessing a service related to personal finance. However, a lot of users are also relatively careless about their primary webmail account, which often serves as a master key to all other accounts. Think about it: whenever you set up nearly any online account, you’re prompted to enter a primary webmail account. There are a number of reasons for this. 

Popular Gmail service could not resist hacking, which led to the promulgation of a huge addresses database. Recently, the same thing happened with Yandex and Mail.ru. 4 929 090 gmail.com accounts became public. Authenticity has not been confirmed, but it is said about 60 percent of current addresses and passwords.

People perceived this information quite easily, saying that such fraud is not new. This is certainly true, but many users find themselves in the lists of exposed information, then they changed the passwords and began to be more careful to the security of their data. From the fact that bases appear from many services, messages from "Yandex" and Mail.ru are correct, and it is not the result of data leakage.

Having pretended to be Gmail Account Services hackers send harmful emails to account owners.

According to the researches of the Chinese security software company, called Trend Micro, hackers have launched a campaign, which gives itself as Google‘s support service and is directed against users of Gmail service. Hackers work in such a way: the victim gets email allegedly from Gmail Account Services in which the owner of an account is informed on the unknown user authorization in his account with the help of unrecognizable device. The expert of the Trend Micro Company Jay Yaneza noted that the email can really be confused with the original notice of Gmail; however the knowing and attentive user will be able to find some differences.