Attackers can access a user's Google Drive files and record them through their webcam by tricking the user into clicking hidden links, a researcher found.
The click-jacking attack takes advantage of the Google Picker application interface, which allows users to preview files stored within Drive and via third-party applications.
The sensitive personal information for more than 300,000 faculty, staff, and students at the University of Maryland were stolen in a "sophisticated" cyber attack on the school's recently bolstered security defenses, the school's president revealed late Wednesday.
Private profiles of Instagram users could be made public as a result of a vulnerability that took almost six months to fix.
The flaw would have enabled hackers to change privacy settings within user profiles to expose potentially sensitive photos to the internet, or to lock down popular pages by marking them as private.
LinkedIn is shutting down Intro, its recently launched mobile service for connecting people over email, that raised security concerns.
LinkedIn launched Intro last October, as part of a larger push into becoming a "mobile first" company. The service was made for the iPhone, and was designed to grab LinkedIn profile information and insert it into emails received on phones. The service displayed that information to the recipient from the email's sender if the sender was also on LinkedIn.
Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.
"It's really sad, it's lost now," says Opera co-founder Jon von Tetzchner, reflecting on the fate of the company he left in 2011.
Opera had made serious inroads in the Noughties embedding a browser into consumer products, where it was a pioneer, and had a sizeable following on both desktop and mobile.
Four tech giants embroiled in the government’s secret PRISM collection program reported today that they had received classified national security demands for the contents of at least 59,000 user accounts during the first half of 2013.
In an effort to be fully open, Tumblr unveiled a Transparency Report on Monday that detailed all government requests for user data. This report shows that in 2013, the company received 462 requests and it gave the government data 76 percent of the time. Tumblr said that from now on it will publish these Transparency Reports twice a year.
After the NSA leaks began last summer, tech companies asked for permission to reveal more information about what kind of user data they provide in response to Foreign Intelligence Surveillance Court orders.
There is really only one argument in support of mass surveillance by the State: Increased security can be bought with reduced privacy.
That claim begs the question: "How much liberty buys how much security?"
