security

Basically just want to know which VPN I should go with here. Right now Surfshark basic is $1.99 a month (on sale right now for Cyberweek). Nord basic is $2.69 (through their retention guy trying to get me back, otherwise $2.99). I'm thinking of going with Surfshark just to save the money, or...

The Department of Justice has formally acknowledged the role that computer security researchers play in testing the safety of networks, devices, and online services. The DOJ has announced that the Computer Fraud and Abuse Act (CFAA) has been revised to recognize the importance of good-faith...

Hi, I know that Windows 7 support has ended back in January this year. I saw a comment that said if you keep using it still you will get hacked. How true is that comment? How will I get hacked if I don't go to malicious websites and use NOD32? Also, can my PC get hacked just by being on idle...

UPDATE 2020-04-17: Zoom hires a bunch of security experts to help fix zero day exploits. https://www.thefpsreview.com/2020/04/17/zoom-invests-into-hiring-outside-security-experts-to-fix-exploits-as-hackers-are-selling-them-online/ UPDATE 2020-04-09: US Senate tells members to not use Zoom...

Hi - I'm very old skool and updating my approach to security because despite good basic habits, I still ended up with 2 rootkits. My work computers have all used these features (managed by IT) but I've neglected learning about them for personal use. What elements of PC configuration should I...

Currently I'm looking for a trustable VPN for business. I was doing a research and found an article about 5 best VPN providers this year, but I want to hear feedback about them if you know one. Looks like the best deals has NordVPN Teams and Zscaler. How they work and which one you already have...

Unless I missed it, this hasn't been posted here yet. #YAIF - Yet Another Intel Flaw. AMD once again not affected. https://www.tomshardware.com/news/intel-disable-hyper-threading-spectre-attack,39333.html https://www.amd.com/en/corporate/product-security

So, Many of us have been curious about what the hell our IoT is doing on our networks, how often it dials the mother ship and what it is sending. Researchers at Princeton University want to know too, and have started a project to collect data from IoT devices on your network to inform you, and...

PewDiePie's battle with Bollywood star T-Series has pushed some of his more enthusiastic fans to extremes. A group of hackers used printers to promote their favorite YouTuber last year, and more recently, they hacked their way into Smart TVs, Chromecasts, and Google Home devices. Now, recent...

According to a recent post on David Sopas' security blog, the very popular, and very cheap, Logitech M185 is vulnerable to a keystroke injection attack. Using a recent version of the "Bettercap" hacking toolkit and a 2.4ghz USB dongle, the security researcher used the mouse to open a script...

As drones get cheaper and easier to control, security and safety issues related to their operation are becoming more important than ever. While governments are working on drone regulations, and some companies are already selling countermeasures to large organizations, a group of enthusiasts and...

In spite of the battle royale craze and a more modern sequel, the original Counter-Strike is still a massively popular game. The FPS had nearly 15,000 concurrent players at the time of this writing, and there are still thousands of registered 3rd party servers. However, a recent study from Dr...

Cloud service, VoIP and remote management software provider Citrix has reportedly been hit by an Irianian-linked hacker group. A little less than week ago, Citrix posted a notice on their website saying the FBI believed "international cyber criminals gained access to the internal Citrix...

The internet turned 30 this year, and CERN celebrated it with a long (and if I'm being honest, not particularly exciting) webcast featuring its creator, Sir Tim Berners-Lee. However, after the recent Cambridge Analytica data scandal and what seems like a new privacy/security related scandal...

Adversis has discovered employees at numerous companies are sharing files by enabling public file sharing in Box Enterprise. This combined with the ability to brute force the the sub-domain, URL, and folder names of Box Enterprise accounts means that these sensitive files, documents, and more...

Security researchers from Pen Test Partners claim they've found serious security vulnerabilities in high end car alarm services from Viper and Pandora. In a quick demonstration, the researchers showed an potential attacker could pull up behind a moving vehicle with one of the commercial security...

Google just publicized a combination of zero-day exploits for Windows 7 and Chrome that are reportedly being exploited together in the wild. The bug in Chrome allegedly involved the browser's file reader, while the vulnerability in Windows "is a NULL pointer dereference in...

Back in 2018, when the Spectre and Meltdown vulnerabilities were first publicized, many security experts feared that they opened a figurative Pandora's box. Those two exploits are part of a wider class of potential speculative execution flaws, and this week, those fears were realized, as...

A big Linux release over the weekend added the "Retpoline" Spectre mitigation to the Linux kernel, but BleepingComputer reports that Windows got the same treatment. Google shared the Retpoline software mitigation technique last year, shortly after they publicly revealed Spectre and Meltdown...

According to the Washington Post, Comcast extolled the advantages of setting the default PIN on Xfinity Mobile phone service accounts to 0000 as a convenience for its customers. "Comcast's help site for switching carriers suggests this is to make things easier: 'We don't require you to create an...

TechSpot reports that Samsung is pre-installing Mcafee Security on its 2019 TVs because McAfee is paying them to do it. As the publication points out, Samsung TVs run the partially open source, largely Samsung developed Tizen OS, so whatever software McAfee installs won't have much in common...

While Fortnite is the current king of the hill in the PC gaming world, and Apex Legends is one of the hottest new releases, PlayerUnknown's Battlegrounds is still immensely popular. The game still regularly has hundreds of thousands of concurrent players on Steam alone, and according to a recent...

Last week, researchers unveiled a 19 year old bug in an ancient ACE archive decompresser that, up until recently, shipped with modern builds of WinRAR. WinRAR's own website suggests that the software has a userbase of over 500 million, and while the latest beta versions of the software have...

Nvidia released the 419.17 drivers a few days ago, and as we noted, they featured a number of new SLI profiles, GPU video encoding improvements, and the usual round of bug fixes and enhancements. But yesterday, BleepingComputer found that the new drivers also came with fixes to a number of...

The FIDO Alliance has announced that compatible devices running Android 7.0+ are now FIDO2 certified. FIDO2 certification allows these devices to have simpler, stronger authentication capabilities as users can utilize the device's built-in fingerprint sensor and/or FIDO security keys for secure...

Security researchers from Checkpoint have reportedly discovered a bug in WinRAR that just might be older than you. According to their bug report, recent version of WinRAR shipped with an ancient "unacev2.dll" file designed to decompress the equally ancient ACE archive format. A bug in the .dll...

As we reported before, Tesla has added a new security feature to its cars called Sentry Mode. Sentry Mode uses the car's cameras to monitor its environment to detect potential threats. It will display a message on the touchscreen and record the encounter if the threat is minimal. But if it...

A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For...

Numerous security experts have (justifiably) expressed concern with the security of IoT devices that enter the market every day, But today, the Japanese government is doing something about it, as they will start testing the security of their own citizen's IoT devices. "NOTICE," as they call it...

Integrated circuit designers from Rice University claim they've developed a digital fingerprint technology that is "10 times more reliable than current methods" used in IoT devices. Their "physically unclonable function," or PUF, supposedly uses physical imperfections in the security device's...

A security researcher spotted a bug in Facebook that would've allowed attackers to take over accounts from users that clicked on a single link. According to Youssef Sammouda, a vulnerable endpoint easily allowed him to makes posts on a user's timeline, delete profile picture, or delete accounts...

According to a recent BBC report, about 2.7 million calls made to a Swedish national health service telephone line have been "exposed." The calls date back to 2013, and supposedly contain sensitive medical information and social security numbers, while Martin Svensson says that there was no...

The NATO Strategic Communications Centre of Excellence published a report on the challenges governments face with online security, and Wired managed to spot a particular interesting experiment within the multi-section report. As part of an experiment, the independent NATO organization used...

Apple's Developer Enterprise Program has gotten quite a bit of scrutiny after both Facebook and Google seemingly violated the program's guidelines. Now, Reuters reports that "software pirates" are abusing the program to distribute modified versions of apps that enable users to "stream music...

Today, security researchers published a paper on techniques that can be used to "escape" an Intel Software Guard Extension enclave on modern CPUs. Sample code for the exploit has already been published on Github, and the researchers note that it was successfully tested on an i7-6700K and an...

Back in 2017, we posted several articles on how SS7 cellular network vulnerabilities are being exploited around the world. Back then, they were using exploits to intercept 2 factor authentication requests and location data. Now, according to a recent Motherboard report, hackers are commonly...

Google has announced a new extension for Google Chrome called Password Checkup that will monitor the passwords that you type into websites to see if they have been compromised in a third-party data breach. Google says it has access to over 4 billion credentials that have been compromised and...

Following the leak of 773 million records from what security researchers call "Collection #1" earlier this month, experts are now saying that Collections #2 - #5" contain even more information. The Hasso Plattner Institute says that "around 2.2 billion e-mail addresses and the associated...

Apple has received both praise and criticism for their efforts to secure iDevices from everyone and everything, including law enforcement. Now, Motherboard reports that Rene Mayrhofer, Google's Director of Android Platform Security, is saying that Google is following in Apple's footsteps with...

IEEE Spectrum reports that engineers from Carnegie Mellon University won a DARPA challenge to develop a machine that finds, and fixes, software exploits in bytecode all by itself. "Mayhem," as they call it, reportedly found over 14,000 unique vulnerabilities within the entire Debian Linux...