Security News

Popular WordPress plugin hacked by angry former employee

ZDNet Zero Day - Sun, 01/20/2019 - 09:24
Hacker defaced the company's website and sent a mass email to all its customers, alleging unpatched security holes.
Categories: Security News

Websites can steal browser data via extensions APIs

ZDNet Zero Day - Sat, 01/19/2019 - 10:42
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Categories: Security News

DNC says Russia tried to hack its servers again in November 2018

ZDNet Zero Day - Fri, 01/18/2019 - 18:27
Democrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful.
Categories: Security News

Friday Squid Blogging: Squid Lollipops

Schneier on Security - Fri, 01/18/2019 - 16:41
Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

WiFi firmware bug affects laptops, smartphones, routers, gaming devices

ZDNet Zero Day - Fri, 01/18/2019 - 15:26
List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.
Categories: Security News

Verizon to roll out free robocoll spam protection to all customers

ZDNet Zero Day - Fri, 01/18/2019 - 12:32
Call Filter service to be made available to all wireless and wired customers with compatible phones in March 2019.
Categories: Security News

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security - Fri, 01/18/2019 - 05:54
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI -- and some of their peer agencies in the UK, Australia, and elsewhere -- argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping. Sometimes... Bruce Schneier
Categories: Security News

These malicious Android apps will only strike when you move your smartphone

ZDNet Zero Day - Fri, 01/18/2019 - 05:52
Apps containing the Anubis banking Trojan and an interesting motion sensor have been found in the Google Play store.
Categories: Security News

Temporary fix available for one of the two Windows zero-days released in December

ZDNet Zero Day - Fri, 01/18/2019 - 05:46
Microsoft did not issue official fixes during the recent January Patch Tuesday update window.
Categories: Security News

Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer

ZDNet Zero Day - Fri, 01/18/2019 - 04:02
The Redmond giant is keenly interested in remote code execution and privilege escalation flaws.
Categories: Security News

Hacker behind 'Football Leaks' arrested in Hungary

ZDNet Zero Day - Thu, 01/17/2019 - 17:08
Hacker is a 30-year-old Portuguese man. Police haven't released his name, but several news outlets claim he's named Rui Pinto, a man they've identified and have been tracking for years.
Categories: Security News

Twitter bug revealed private tweets for some Android users for almost five years

ZDNet Zero Day - Thu, 01/17/2019 - 14:40
Some Twitter for Android users had their private tweets exposed to non-followers and search engines.
Categories: Security News

Online stores for governments and multinationals hacked via new security flaw

ZDNet Zero Day - Thu, 01/17/2019 - 12:35
Little-known database management tool allowed hackers to take over sites and inject malicious code that steals payment card details.
Categories: Security News

West African banks hit by multiple hacking waves last year

ZDNet Zero Day - Thu, 01/17/2019 - 10:46
Banks in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit.
Categories: Security News

Some Android GPS apps are just showing ads on top of Google Maps

ZDNet Zero Day - Thu, 01/17/2019 - 08:13
Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.
Categories: Security News

Oklahoma gov data leak exposes FBI investigation records, millions of department files

ZDNet Zero Day - Thu, 01/17/2019 - 07:21
Updated: An Oklahoma Department of Securities server allowed anyone to download government files.
Categories: Security News

Prices for Zero-Day Exploits Are Rising

Schneier on Security - Thu, 01/17/2019 - 06:33
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage. Previously, Zerodium was offering... Bruce Schneier
Categories: Security News

Facebook removes propaganda network linked to Russian media group Sputnik

ZDNet Zero Day - Thu, 01/17/2019 - 05:57
Facebook says Sputnik employees ran hundreds of Facebook pages and accounts, some posing as politicians in other countries.
Categories: Security News

Zix acquires AppRiver in $275 million deal

ZDNet Zero Day - Thu, 01/17/2019 - 03:02
It seems like 2019 is the year to purchase cloud security companies.
Categories: Security News

Google Chrome extension that steals card numbers still available on Web Store

ZDNet Zero Day - Wed, 01/16/2019 - 18:27
Fake "Flash Player" extension has been available since February 2018, was installed by roughly 400 users.
Categories: Security News