Facebook apps expose millions of users’ Facebook data

Posted on April 6th, 2019 by Responsible Cyber

by Paul Ducklin It’s happened again! Unsecured personal data found lying around in the cloud! Unfortunately for Facebook, which has been caught up in numerous “concerned about cybersecurity” stories lately, this isn’t just any old data… …it’s data that was acquired via Facebook by third-party apps. It’s a little bit like what happened with Cambridge […]

Read More

Why ‘PWNED!’ is appearing on some GPS smartwatches

Posted on April 6th, 2019 by Responsible Cyber

by Lisa Vaas We’re sort of accustomed to Google Maps shenanigans, but usually they’re funny, and/or cat-obsessed. Like, say, the New Zealand map-cat behemoth that was for a time stretching off one side of Auckland’s Hobson Bay Walkway over to where its head was nearly touching the northwestern section of the trail: a full 250 […]

Read More

Android banking and finance apps’ security found wanting

Posted on April 6th, 2019 by Responsible Cyber

by Danny Bradbury Many mobile finance apps are littered with bugs that could allow attackers to access users’ sensitive data, a report revealed this week. The smallest providers of mobile financial apps had the best security practices, while the larger players produced the most vulnerable apps, according to a six-week analysis commissioned by application protection […]

Read More

Facebook won’t ask for your email password any more

Posted on April 6th, 2019 by Responsible Cyber

by Lisa Vaas Facebook isn’t going to ask new users for their email password anymore, it said on Tuesday after a furious backlash. A Twitter user called out the practice on Sunday, calling it “a HORRIBLE idea from an #infosec point of view.” What Facebook called a “very small group of people” were getting prompted […]

Read More

Apache needs a patchy! Carpe Diem, update now

Posted on April 6th, 2019 by Responsible Cyber

by John E Dunn The maintainers of one of the world’s most popular web servers, Apache HTTP Server, have patched a critical vulnerability that could give an attacker a way to gain full ‘root’ admin control on Unix-based systems. Named ‘Carpe Diem’ by the researcher who discovered it, Ambionics engineer Charles Fol, techies might prefer […]

Read More

Serious Security: GPS week rollover and the other sort of “zero day”

Posted on April 5th, 2019 by Responsible Cyber

by Paul Ducklin I bet you’ve heard of GPS, short for Global Positioning System. It’s owned and operated by the US government but it’s available for free to anyone in the world – and, boy, is it widely used. GPS is a fantastic feat of science and engineering that is anything but simple in implementation, […]

Read More

Patch now! Magento e-commerce sites targeted by SQLi attacks

Posted on April 5th, 2019 by Responsible Cyber

by John E Dunn Cybercriminals are reportedly exploiting a critical flaw in the Magento e-commerce platform only days after it was made public by the researchers who discovered it. Scoring a 9.0 on CVSS, the bug doesn’t yet have a CVE number to identify it but Magento refers to its patching list as PRODSECBUG-2198 (the […]

Read More

Hoax! Nope, hackers aren’t posting invisible sexual videos on your wall

Posted on April 5th, 2019 by Responsible Cyber

by Lisa Vaas Should you “share, share, share” the “urgent warning” that hackers are “posting sexual videos and pictures on your walls” that are completely invisible to you? No, you should not sharedy-sharedy-SHARE-share-share, because this latest viral Facebook copy-and-paste-me warning is just another social media sneeze, spreading its hoaxy germs in spite of the fact […]

Read More

Nvidia patches severe bugs in edge computing modules

Posted on April 5th, 2019 by Responsible Cyber

by Danny Bradbury Nvidia has released 13 patches targeting two low-end embedded computing boards. The processor company explained in a security advisory this week that the flaws could lead to code execution, denial of service, escalation of privileges, or information disclosure. These security bugs won’t turn up in your gaming PC, but they could cause […]

Read More

New law will punish social media companies for users’ violent content

Posted on April 5th, 2019 by Responsible Cyber

by Lisa Vaas In the wake of last month’s massacre at two mosques in New Zealand, Australia has passed sweeping legislation (PDF) that threatens huge fines for social media companies and jail time for their executives if they don’t promptly remove “abhorrent violent material” from their platforms. Such content includes videos depicting terrorist acts, murders, […]

Read More