Pretending to be someone you're not in an email has never been quite hard enough—hence phishing, that eternal scourge of internet security. But now one researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing, imperfect protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient.
PayPal has revealed that its recently acquired company TIO Networks has suffered a data breach compromising the personal information of 1.6 million customers. PayPal bought the Canadian payment processing company, which has over 60,000 utility and bills payment kiosks across North America, for $238m (£177m) in cash in July.
On Friday, 1 December, PayPal said a review of TIO's network showed evidence of a breach that may have compromised the details of about 1.6 million users, including locations that stored personal data of TIO customers and customers of TIO billers.
Conservative MP Nadine Dorries has come under fire for having a lax attitude to cybersecurity after divulging on Twitter that she shares her login and passwords with staff, including temporary interns.
She was defending her colleague, Damian Green, who has been accused of having pornography on his Commons computer, when she made the admission.
The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 (and thus were running a prior version of the OS when they received the security update) found that installing 10.13.1 resurfaced the bug, according to a report from Wired.
A memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has been making the rounds and it states some pretty bold claims about drone-maker DJI.
The massive password heists keeping coming, and one thing is certain: the way we prove our identities online is in need of a major upgrade. A growing chorus of technologists and entrepreneurs is convinced that the key to revolutionizing digital identity can be found in the same technology that runs cryptocurrencies.
HP has been caught installing a new telemetry-gathering system on its Windows 10 PCs without informing users it was doing or so requesting permission to gather data. In a recent update (it’s not clear if HP or Microsoft pushed out the software), multiple HP owners have reported the “HP TouchPoint Analytics Client” is connecting on a daily basis to upload various information to HP’s servers.
Detlef Krentz contacted Borncity to report the software, writing:
Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in "root" as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.
Researchers have discovered a new technique that lets hackers and unscrupulous websites perform in-browser, drive-by cryptomining even after a user has closed the window for the offending site.
Samsung has big plans for 2018. Aside from the remarkable folding Galaxy X, the biggest excitement has been for plans a radical new Galaxy S9. But following several positive reports, a new leak has delivered the first bad news...