Google is poised to make an important change to its Chrome browser beginning in July 2018. Here's the summary from Emily Schechter, the Google Chrome Security Product Manager: "For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption, and within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as 'not secure.' Beginning in July 2018 with the … Read more
Use Of Bots Has Increased Fake Account Creations
The ThreatMetrix Cybercrime Report 2017 is out, and is a troubling read for anyone who has anything to do with data security. As a fraud prevention company protecting nearly a billion and a half users around the world, they're uniquely positioned to know, and their insights on the threat landscape is invaluable. Their main finding is that hackers, scammers and fraudsters are moving away from using stolen debit and credit cards, given that these things have such a short shelf life. On the … Read more
Intel Chips Face Another Possible Vulnerability
Intel's year isn't getting off to a very good start. Just after the discovery of a pair of critical vulnerabilities that have been in their chipsets for more than a decade comes the discovery of yet another serious flaw that could impact millions of laptops around the world. A Finnish data security firm called "F-Secure" just reported an issue with Intel's Active Management Technology (AMT) that could allow a hacker to completely bypass the machine's normal login procedure and take control … Read more
Inappropriate Ads Found In Some Game Apps for Kids
Normally, Google's robust series of checks and audits are pretty good at catching malicious code and preventing it from making its way to the Play Store. Sometimes, however, something slips through anyway despite the company's best efforts. This latest one is particularly bad. Researchers from Check Point have identified a new strain of malware called "AdultSwine" lurking in more than sixty gaming apps on the Play Store. Each of these apps has been downloaded between 3 million and 7 million … Read more
Do Not Use These Chrome Extensions
Do you use any of the following Chrome browser extensions? Change HTTP Request Header Nyoogle - (a custom logo for Google) Stickies - (a Post-It note for Chrome) Lite Bookmarks If so, you're not alone. These four extensions have a combined user base of more than half a million. Recently, security researchers from ICEBRG (a US cyber-security company) have discovered malicious codes embedded in copies of these on the official Chrome Web Store. The code allows hackers to … Read more
Backdoor In Certain Lenovo Switches Discovered
Does your company utilize either RackSwitch or BladeCenter networking switches? Are those switches running ENOS (the Enterprise Network Operating System)? If so, there's a backdoor in your network you weren't aware of. Even worse, it's been there since 2004. Engineers at Lenovo recently discovered the backdoor in the firmware when they conducted an internal security audit. These products were added to the company's portfolio via acquisition from Nortel, and Lenovo only just became aware … Read more
Vulnerabilities Found In Some GPS Services
A duo of researchers stumbled across a series of vulnerabilities in literally hundreds of GPS services that leave sensitive GPS tracking data open to hackers. Dubbed "Trackmageddon" by the researchers, the vulnerabilities span a range of weaknesses that include default or easy-to-guess passwords, IDOR (Insecure Direct Object Reference) issues, insecure API endpoints, and data collection folders that are entirely unsecured. The reason so many different tracking services are impacted is that … Read more
Electronic Device Search Rules Better Defined By US Customs
There's a constant tug of war playing out on the national stage. On one side, privacy advocates are pushing for greater autonomy for end users, and hard limits to the types of searches that law enforcement agencies are allowed to conduct. On the other side are the government agencies themselves, which often cite national security concerns as the justification for more and easier access to the sensitive data contained on personal devices like laptops and smartphones. Generally speaking, … Read more
New Wifi Standard WPA3 May Be Coming
Remember the KRACK WiFi (WPA2) vulnerability, discovered by Mathy Vanhoef? It turns out that his discovery was a catalyst for action. Recently, the WiFi Alliance, which is the industry's standards organization, released details about its new WPA3 protocol. Here's a quick rundown of the changes you can expect to see in the months ahead: Enhancements in encryption capabilities - The new protocol will enable encrypted connections between connected devices and the router/access point, and … Read more
Select HP Laptop Models Recalled Over Battery Issue
Did you purchase an HP laptop between December of 2015 and December of 2017? If so, then you may have problems. The US Consumer Product Safety Commission has been made aware of eight instances where HP battery packs overheated, charred, or melted, creating a worrisome fire hazard that has gotten the attention of user groups scattered all over the internet. It also got the attention of HP itself, and the company recently announced "a worldwide voluntary safety recall and replacement … Read more
