You are here
Home > Posts tagged "Threatpost"

Magecart Group Targets Routers Behind Public Wi-Fi Networks

Using airport wifi? Those ads may carry more than just a great offer...: [...] “When offering Wi-Fi service, most vendors do not support proxying adverts or JavaScript injection,” researchers said. “So why do we often see ads when we connect via captive portals? That’s because Wi-Fi vendors looking to make extra profit from third parties may offer the hotel a discounted price for the Wi-Fi operation if it allows midstream ads to run before guests connect.” That opens the

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

A gentle reminder. If you get a popup that asks you to 'update Flash' or 'Install this video viewer' or other such nonsense, ignore it...: While macOS is often touted as “safer” on the cybersecurity front compared to Windows-based systems, cybercriminals are in fact increasingly targeting Apple’s ecosystem. The number of attacks on macOS users through malicious and potentially unwanted programs has been increasing annually since 2012, and in 2018 it exceeded 4 million att

Facebook Drops Default Facial Recognition Tag Suggestions

Perhaps FB is beginning to understand the public's suspicion of facial recognition?... [...] Facebook is giving users more control over a facial recognition feature used by the company to help identify, or Tag, people on its platform. Starting Tuesday, the company said it would allow its users to opt-out of the Tag Suggestions feature, while at the same time the company is attempting to help users better understand what the feature does. Facebook said it will replace the

Google Launches Open-Source Browser Extension for Ad Transparency

If we are living in a world where the 'free' stuff is paid for by advertising, then it's best to be explicit about it...: [...] While there has been consumer pushback when it comes to browser data privacy, Google explains that the content consumed by users of Chrome and other browsers is free only because it’s supported by data-driven advertisers. With this in mind, Google’s Privacy Sandbox initiative bridge the gap between consumers exploring online content for free while k

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

BA have not had a good time recently with IT. Here's one more problem to deal with ...: [...] Researchers on Tuesday said that check-in links being sent by British Airways to their passengers via email are unencrypted – opening them up to an attack that could expose victims’ booking reference numbers, phone numbers, email addresses and more. Researchers told Threatpost they estimate that 2.5 million connections were made to the affected British Airways domains over the past

DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR

How many people take notice of security notices for their camera? I can see the risk to professional photographers, but it's currently more of an inconvenience to the amateur (until the attacker uploads a picture file to your camera that then infects your computer)...: [...] On Tuesday, Canon issued a security bulletin regarding six vulnerabilities tied to Check Point’s research. “Due to these vulnerabilities, the potential exists for third-party attack on the camera if the

Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Mid-sized companies are struggling to keep up. This represents an opportunity for the managed security providers, but they are failing to persuade potential clients to outsource...: IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm. That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers

Goodbye Passwords: Hello Identity Management

The death of passwords has been announced many times. When my mum stops using them, I'll be convinced that we've finally moved on to something better...: Keeping track of user names and passwords sounds easy, but it is not. In a world where protected network resources are accessed by employees on mobile devices, outside contractors, web applications and internet of things (IoT) devices – passwords just don’t cut it anymore. The stakes are high: Eighty-one percent of confi

Intel Fixes Critical, High-Severity Flaws Across Several Products

Some of these updates involve BIOS so will require careful planning if you're going to avoid taking your data centre offline. I've had notifications from my hosting providers of planned maintenance. hopefully you have as well...: Intel issued fixes for a slew of vulnerabilities across several products – including a critical flaw enabling privilege escalation in its converged security and management engine (CSME). Intel has issued an updated advisory fo...