Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking
Technology Apple designed for its Safari web browser to protect users from being tracked when they surf the web may actually do just the opposite, according to new research from Google. Google researchers have identified a number of security flaws in Safari’s Intelligent Tracking Protection that allow people’s browsing behavior to be tracked by third parties, according to a report published in the Financial Times (FT) Wednesday. The research will soon be disclosed publicly, the report said.
Vivin Nets Thousands of Dollars Using Cryptomining Malware
A recently uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign. Vivin is unique due to its longevity — the threat actor has been active since at least 2017 — and researchers with Cisco Talos point to Vivin as a good example of why cryptomining malware isn’t going anywhere, despite a loss in the value of Monero over the past few years.
Cybercriminals using fake job listings to steal money, info from applicants
Be extra careful when looking for a job online, the Internet Crime Complaint Center (IC3) warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity.
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted. Sodinokibi claims that this data was stolen from GEDIA Automotive Group, a German automotive supplier with production plants in Germany, China, Hungary, India, Mexico, Poland, Hungary, Spain, and the USA.
Plastic surgery patients at risk after ransomware attack
Companies and organisations are being hit by ransomware attacks all the time. And, normally, the impact on current and former customers of the affected firms are more likely to be inconvenienced rather than be put in any direct peril themselves. But the nature of ransomware is changing, as online criminals might seek to not just extort money by encrypting an organisation’s data files but also threaten to find other ways to monetise data they might have stolen from compromised computer systems.
Cisco issues firewall, SD-WAN security warnings
Amongst Cisco’s dump of 27 security advisories today only one was rated as critical – a vulnerability in its Firepower firewall system that could let an attacker bypass authentication and execute arbitrary actions with administrative privileges on a particular device. The Firepower Management Center (FMC) vulnerability comes from improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server.
Apple Addresses iPhone 11 Location Privacy Concern
Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1 include a new setting that lets users disable the “Ultra Wideband” feature, a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature.
Serious Vulnerabilities Expose Honeywell Surveillance Systems to Attacks
Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered. Researcher Joachim Kerschbaumer told SecurityWeek that he reported his findings to Honeywell in September 2019 and the vendor released patches after roughly 2 months, which he says is a fast response time compared to other physical security systems manufacturers he has contacted to report flaws.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
The Star Wars film franchise has fascinated society with unprecedented fervor for over 40 years, and it's easy to see why: They're Shakespearean tales with lightsabers and spaceships. But aside from timeless lessons about love and friendship and good versus evil, there are tertiary lessons about technology that can be useful for our progression toward a truly safe Internet. Warning: Spoilers are coming.
