“[I]n the coming weeks,” Google will show a new blanket setting to “turn off smart features” which will disable features like Smart Compose, Smart Reply, in apps like Gmail; the second half of the same prompt will disable whether additional Google products — like Maps or Assistant, for example — are allowed to be personalized based on data from Gmail, Meet,…
Tag: phishing
Microsoft: Russian, North Korean Cyberattacks Target COVID-19 Vaccine Efforts
Microsoft said Friday it has detected at least seven attacks on companies working to develop a COVID-19 vaccine or treatments. From a report: The company said attacks by three nation-state actors — two from North Korea and one from Russia — have targeted companies in Canada, France, India, South Korea and the United States. “Two global issues will help shape people’s…
Chrome To Block Tab-Nabbing Attacks
Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. From a report: The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term “tab-nabbing” refers to a…
Massive Criminal Trial Begins For ‘Cyberbunker’ Dark Web Server
The Times of London reports:
A gang of cyberexperts turned a former German military bunker into one of Europe’s biggest hubs for the “dark web” and a superhighway for at least a quarter of a million offences, including drug trafficking and the falsification of identity papers, a court has been told. Four people from the Netherlands, three Germans and a Bulgarian are…
Facebook Just Forced Its Most Powerful Critics Offline
Facebook is using its vast legal muscle to silence one of its most prominent critics. The Real Facebook Oversight Board, a group established last month in response to the tech giant’s failure to get its actual Oversight Board up and running before the presidential election, was forced offline on Wednesday night after Facebook wrote to the internet service provider demanding the…
‘Google App Engine’ Abused to Create Unlimited Phishing Pages
Google’s cloud-based service platform for developing and hosting web apps “can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products,” reports Bleeping Computer, citing a startling discovery by security researcher Marcel Afrahim: A Google App Engine subdomain does not only represent an app, it represents an app’s version, the service name, project ID, and region…
Bug Allowed Hijacking Other Firefox Mobile Browsers on the Same Wi-Fi Network
“Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same Wi-Fi network and force users to access malicious sites, such as phishing pages,” reports ZDNet: The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab. The actual vulnerability resides in the Firefox SSDP component. SSDP stands for…
Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
An anonymous reader quotes a report from The New York Times: Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets…
‘Unusually Large Number’ of Breached Sendgrid Accounts Are Sending Spams and Scams
Krebs on Security reports:
Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast…
235 Million Instagram, TikTok and YouTube User Profiles Exposed In Massive Data Leak
An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100…