Yes, websites track your behavior online. But some go much further than what you'd reasonably expect, using so-called session replays to create a detailed log of everything you do and type on a site. And new research shows that in some cases these movie-like recordings are even storing your passwords.
Intel reports that it has developed a stable microcode update to address the Spectre flaw for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.
Google's Project Zero team has disclosed another Windows 10 security flaw after Microsoft failed to patch it within the standard timeframe of 90 days. As first spotted by Neowin, the bug is one of a pair that was initially reported to Microsoft in November. The company apparently fixed one of the bugs with its February Patch Tuesday fixes, but left the other untouched.
You probably think your baby is special. Every hacker in the world is just itching to catch a glimpse of that tubby little poo monster. But let’s be real—probably no one is spying on your boring baby.
Nevertheless, on the off chance you are one of the 50,000 parents who bought a Mi-Cam device (presumably to keep track of your bundle of joy while you’re slamming back screwdrivers with the other breeders in your cul-de-sac) you should know that that cheap Chinese-made camera you got is apparently incredibly hackable.
A BitTorrent client with more than 100 million users suffers numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero.
Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public Tuesday but Ormandy says that, after a small tweak, his exploits continue to work in the default configuration.
In an attack reminiscent of the one on Bangladesh Bank in 2016, attackers this weekend made $2 million in unauthorized transfers from India's City Union Bank via the SWIFT financial network, Reuters reports. One of the transfers, for $500,000, was stopped.
The attack comes on the heels of a Friday report that an unnamed Russian bank had suffered a $6 million theft via the SWIFT network last year, and reports last week that insiders at India's Punjab National Bank had conspired in a $1.8 billion fraud case.
Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.
FedEx has revealed that some sensitive customer information was freely available after a security breach. And it now confirms it has secured some of the customer identification records that were visible earlier this month on an unsecured server and so far has found no evidence that private data was “misappropriated.”
Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.
A fast-moving botnet that turns routers, cameras, and other types of Internet-connected devices into potent tools for theft and destruction has resurfaced again, this time by exploiting a critical vulnerability that gives attackers control over as many as 40,000 routers. Despite the high stakes, there's no indication that the bug will be fixed any time soon, if at all.
