Unpatchable security flaw found in popular SoC boards

Xilinx Zynq UltraScale+ SoCs are normally used in automotive, aviation, consumer electronics, industrial, and military components.

Vulnerabilities in Google Nest Cam IQ can be used to hijack the camera, leak data

The indoor security device was subject to bugs which threatened user privacy.

Adult website data leak connected private users to content uploads

An open database provided full access to user emails and the content they uploaded, liked, and shared.

Facebook awards $100,000 prize for new code isolation technique

Facebook awards the 2019 Internet Defense Prize to a team of German researchers for their work on ERIM.

Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests

Twitter will also stop accepting ads paid for by state-run news agencies.

Backdoor found in Webmin, a popular web-based utility for managing Unix servers

Backdoored Webmin versions were available for download for more than a year through the official site.

Facebook to pay researchers to hunt down Instagram apps that abuse user data

Facebook expands Data Abuse Bounty program to Instagram apps.

Malicious Android photography, gaming apps downloaded 8 million times from Google Play

Users of 85 apps were spammed with relentless fullscreen advertising.

IRS begins tax clampdown on unreported cryptocurrency profits

If you’ve been trading but not declaring, the tax service might be on your case.

UK hacker-for-hire jailed for role in SIM-swapping attacks, data theft

The teenager touted his services in exchange for cryptocurrency.

Degrading Tor network performance only costs a few thousand dollars per month

Attackers can flood Tor's bridges with just $17k/month, Tor's load balancers for only $2.8k/month, academics say.

Hy-Vee issues warning to customers after discovering point-of-sale breach

Company doesn't know what locations were impacted, but it's warning customers early so they can keep an eye out for suspicious transactions.

Over 20 Texas local governments hit in 'coordinated ransomware attack'

Infection blamed on Sodinokibi (REvil) ransomware strains.

Google wants to reduce lifespan for HTTPS certificates to one year

A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days.

Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests

The copies are marketed for security research. Apple disputes the validity of the business model.

UK watchdog to investigate King's Cross facial recognition tech used to spy on public

Thousands of people pass through the busy London area on a daily basis.

DanaBot banking Trojan jumps from Australia to Germany in quest for new targets

The malware has evolved from a basic threat to profitable, global crimeware.

700,000 Choice Hotels records leaked in data breach, ransom demanded

Researchers found the unsecured database, but hackers got there first.

Trend Micro fixes privilege escalation security flaw in Password Manager

The vulnerability could be used for privilege escalation and code execution attacks.

Capital One hacker took data from more than 30 companies, new court docs reveal

New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches.

Major biometrics data leak impacts UK Metropolitan Police, banks, enterprise companies

Millions of records including biometric information and fingerprints were exposed.

Facebook is the latest tech giant to admit contractors are snooping on your conversations

Following the example of Apple and Google, Facebook has also “paused” the program, for now.

Adobe security patch update tackles Photoshop, Acrobat, Reader, and more

A wide range of software and critical security issues are included this month.

Microsoft August 2019 Patch Tuesday fixes 93 security bugs

Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.

Microsoft warns of two new 'wormable' flaws in Windows Remote Desktop Services

Microsoft warns of BlueKeep II & III. Says they're wormable, just like the original BlueKeep vulnerability.

Vulnerability in Microsoft CTF protocol goes back to Windows XP

Insecure CTF protocol allows hackers to hijack any Windows app, escape sandboxes, get admin rights.

Steam vulnerability reportedly exposes Windows gamers to system hijacking

The researcher was asked not to disclose the bug but did so anyway.

Four major dating apps expose precise locations of 10 million users

Updated: In some countries, such lax security can be of real risk to a user’s personal safety.

Cloud Atlas threat group updates weaponry with polymorphic malware

Unique IoCs can be generated for each successful infection.

FBI seeks to monitor Facebook, oversee mass social media data collection

Plans to track social media activity will potentially clash with existing privacy policies.

Researchers find security flaws in 40 kernel drivers from 20 vendors

Affected vendors include the likes of Intel, AMD, NVIDIA, ASRock, AMI, Gigabyte, Realtek, Huawei, and more.

Clever attack uses SQLite databases to hack other apps, malware servers

Tainted SQLite database can run malicious code inside other apps, such as web apps or Apple's iMessage.

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

New Saefko Trojan focuses on stealing your credit card details, crypto wallets

The multi-tool malware is being sold on the Dark Web.

Threesome app exposes user data, locations from London to the White House

‘Special relationships’ appear to also be blooming at Number 10, Downing Street.

Microsoft names top security researchers, zero-day contributors

Yuki Chen of Qihoo 360's Vulcan team named top bug hunter. Palo Alto Networks named top zero-day reporter.

Apple expands bug bounty to macOS, raises bug rewards

Apple also announces it will provide selected security researchers with access to special "hackable" phones.

Windows malware strain records users on adult sites

New Varenyky trojan records videos of users navigating adult sites. Currently targeting only French users.

Decade-old remote code execution bug found in phones used by Fortune 500

The firmware vulnerability lurked undetected for ten years.

WordPress team working on daring plan to forcibly update old websites

WordPress team wants to forcibly auto-update older WordPress versions to newer releases.

Trojan targets news website with watering hole attack to backdoor your PC

Hackers are experimenting with ways to use legitimate websites to infect user systems.

Spanish brothel chain leaves internal database exposed online

"Men's club" exposes data about escort girls, customer reviews, and club finances.

WhatsApp vulnerabilities 'put words in your mouth,' lets hackers take over conversations

The bugs could be used to dictate your responses in conversations.

Instagram boots ad partner Hyp3r for mass collection of user data

The startup has allegedly been scraping data for the purposes of user profiling.

Three ads generate 5.5 times more revenue than a web-based cryptojacking script

New academic research shows web-based cryptojacking nowhere near as efficient as ads at generating website revenues.

State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack

State Farm suffered a credential stuffing attack in July and is now notifying impacted customers.

New Windows malware can also brute-force WordPress websites

Avast discovers strange new malware strain that besides stealing and mining cryptocurrency on infected hosts, it also launches brute-force attacks on WordPress sites.

LokiBot malware now hides its source code in image files

The sophisticated malware has been upgraded to hide its source code in seemingly innocent images.

Smominru hijacks half a million PCs to mine cryptocurrency, steals access data for Dark Web sale

Commodity cryptomining appears to be shifting to a data theft model.

Twitter may have shared user data with ad partners without user consent

Twitter said it shared some user data such as country and device type with some advertisers since May 2018.

New ‘warshipping’ technique gives hackers access to enterprise offices

Delivery workers may inadvertently provide the bridge between hacker and victim.

Facebook files lawsuit against two Android app developers for click fraud

Facebook sues LionMobi and JediMobi, two Android app developers.

Security bugs in popular Cisco switch brand allow hackers to take over devices

The three vulnerabilities are as bad as it gets in terms of security flaws -- an authentication bypass, a remote code execution, and a command injection.

AT&T employees took bribes to plant malware on the company's network

DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company's network, unlock more than 2 million devices.

Unpatched KDE vulnerability disclosed on Twitter

Just viewing --not running-- a malicious .desktop or .directory file inside a file browser can run malicious code on a user's system.

QualPwn vulnerabilities in Qualcomm chips let hackers compromise Android devices

Patches for the QualPwn vulnerabilities have been released earlier today by both Qualcomm and the Android team.

FBI warns of rising trend where cybercriminals recruit money mules via dating sites

Instead of requesting money from victims, romance scammers are now tricking partners into relaying stolen funds.

Microsoft: Russian state hackers are using IoT devices to breach enterprise networks

Microsoft said it detected Strontium (APT28) targeting VoIP phones, printers, and video decoders.

Monzo admits to storing payment card PINs in internal logs

Bug in Monzo mobile apps sent account PINs to internal logs. The logs were encrypted, Monzo said.

Microsoft launches Azure Security Lab, expands bug bounty rewards

Researchers can earn up to $40,000 for reporting Azure vulnerabilities.