Study shows 50% of repair shops snooped on customer devices
Female customers are most likely to become victims
Facebook may have collected some of your IRS filing data if you used an online tax services
Ain't nothin' sacred anymore!
Users claim Windows iCloud app bug is inserting images and videos from other people into their library
Syncing videos results in a corrupted file that displays random images from unknown sources
Meta fires employees for taking bribes to hijack accounts and helping others recover accounts
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
The FBI warns that tech support scams are still popular
And people are still falling for them
Australia is considering a ban on ransom payments to hackers
But would it cause more problems than it fixes?
Security researchers foil NASA docking procedure with novel attack on Ethernet network
Device disrupts real network switches long enough for fake ones to send in signals
US Army and CDC remove code from apps after finding out it was Russian-made
The Siberian company "misled" government bodies into thinking it was an American firm
Google pays researcher $70,000 for discovering simple Android lock screen bypass bug
Make sure your Android device is up to date
Meet Worok, the cyber espionage group hiding malware within PNG image files
In a nutshell: Security researchers have discovered a new malware threat designed to abuse steganography techniques. Worok appears to be a complex cyber-espionage operation whose individual stages are still in part a mystery. The operation's final target, however, has been confirmed by two security firms.
Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
The latest patchfest from Redmond is a much needed one
Password-based hacks have increased 74% over the last year
There are almost 1,000 password-based attacks every second
Emotet, the botnet that came back from the dead
What just happened? The Emotet botnet was dead, or so researchers thought. The malicious network is now back in business with a new phishing campaign, exploiting a novel technique to push users and companies to infect themselves.
"Polite WiFi" loophole lets modified drones track device locations through walls
Researchers say WiFi chip manufactures need to come up with new WiFi protocol to mitigate the vulnerability
The White House is hosting its second international summit against ransomware
Why it matters: The US government is once again meeting with global partners to try and develop an effective strategy to fight (and win) the war against ransomware. Tech companies like Microsoft are joining as well, bringing their valuable, first-hand expertise to the table.
Cybercriminals are taking advantage of Twitter verification revamp
Don't fall for that phishing email
Emotion analysis technologies could be "immature and discriminating," says UK privacy authority
A hot potato: The United Kingdom's independent authority for privacy doesn't want companies or organizations to use emotion analysis systems based on biometric traits. It's an untested and nascent technology that could even fail to materialize at all.
Reflection DDoS attacks are on the rise again
Why it matters: A resurgence in vulnerable CLDAP servers is making DDoS attacks more powerful and dangerous. Windows network administrators should adopt strict security practices or take the server off the internet if there is no practical need for using the CLDAP protocol.
iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild
PSA: Apple has averaged about one zero-day vulnerability per month since January. The latest came with iOS 16, which hackers may have actively exploited over the last month. Apple issued iOS and iPadOS versions 16.1 and 16 earlier this week. Users with compatible devices should update them immediately.
Samsung's Maintenance Mode aims to hide your private information from repair techs
Rolling out now on select Samsung Galaxy devices
"Dormant Color" malware infects millions of PCs with malicious Chrome extensions
What just happened? Researchers with Guardio Security uncovered a "vast campaign" of malicious data-collecting browser extensions. The analysts dubbed it "Dormant Colors" because of the malware's focus on color and style themes --- Action Colors, Power Colors, Super Colors, and so on. Dormant Colors consists of 30 different extensions that millions of users have downloaded.
Clearview AI fined for violating the European GDPR privacy law
In context: French authorities have imposed the maximum possible fine against Clearview AI, a biometric startup selling its controversial facial recognition technology to governments and law enforcement worldwide. The company must delete the data already acquired on French citizens or face an additional €100,000 fine per day.
Microsoft is testing its own CCleaner alternative
New PC Manager app helps clean up files, but also pushes Edge
Qatar 'requires' World Cup visitors to install state-sponsored 'spyware' on their phones
Authorities would literally be able to read, edit, or delete any information on your phone