Thanks in part to action by the Dutch police, the American authorities have taken offline a criminal marketplace where millions of stolen login details were traded, as well as tens of thousands of credit card details and scanned passports and driver’s licenses. The alleged administrator of the WT1Shop marketplace has also been charged. This is […]
Recent SMS phishing attacks company employees show how easy it is to set up a site that looks like the company’s IAM landing page (f.e. Okta) which asks for a user credentails and a one time passcode for access. This would result in gaining the users’ credententials which would be send to the attacker in […]
All five extensions discovered by McAfee behave with the web app manifest (“manifest.json” file), which dictates how the extension should behave on the system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the attackers control (“langhort[.]com”).The data is delivered through via POST requests each time the user visits a new URL. The info reaching […]
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.
Observer: “Probably to avoid answering questions about Facebook’s cover-up of the Cambridge Analytica data breach Facebook has settled for an undisclosed sum this case just days away from Mark Zuckerberg being cross-examined under oath for six hours.”
Propietary software and technical information stolen of LastPass. No effects according to LastPass on 33 million active end-users and more than 100.000 businesses. LastPass says to update customers with transparency. Up2now LastPass didn’t elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that the break-in had no impact […]
Oracle is an important part of the tracking and data industry. It has claimed to have amassed detailed dossiers on 5 billion people, and generates $42.4 billion in annual revenue. Oracle’s dossiers about people include names, home addresses, emails, purchases online and in the real world, physical movements in the real world, income, interests and […]
iOS Apps that have their own In-App Browser, but what does it do with your privacy? Does the app: – provide a button to open the currently shown link in the default browser?– inject JavaScript code into third party websites to modify its content? This includes adding tracking code (like inputs, text selections, taps, etc.), […]
Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. An attacker can exploit the flaw by sending specially crafted messages to the web server […]
African governments, large corporates, and tech entrepreneurs have embraced the West’s vision of a universal identity system. With support from the World Bank’s Identification for Development (ID4D) programme, governments across Africa have foisted elaborate and expensive biometric ID schemes on citizens and residents with little pushback from civil society. Both the World Bank and digital […]