Want to know more about this topic or about us? Contact us!
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers — including Apple Safari, Google Chrome, Microsoft Edge, Mozilla . . . Read more
A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. Telegram groups are being abused by fraudsters peddling fake COVID-19 vaccination cards to the unvaccinated and anti-vaxxer communities, according to . . . Read more
Argyle is paying workers to help hack payroll providers, researchers suspect. Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, . . . Read more
GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords. GitHub, the ubiquitous host for software development and version control (and unfortunate target of a steady pitter-patter of attacks targeting . . . Read more
Analyst finds ransomware evidence, despite a contractor’s denial of compromise. A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware . . . Read more
by Paul Ducklin Apple recently announced a tracking device that it calls the AirTag, a new competitor in the “smart label” product category. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to . . . Read more
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access . . . Read more
by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more
On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child. Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it . . . Read more
by Paul Ducklin This home delivery scam arrives in an SMS that lures you to a website, but then instead of stealing your data directly via the phoney website, it sweet-talks you into installing an app… …and the app steals your data later on: Watch directly on YouTube if the . . . Read more