@hadtogajo

WIRED
5 months ago
Privacy professionals

You Need to Update Your Browser, Like, Yesterday

Unless you updated your browser in the past few days, it likely contains a critical flaw.The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format.Known generally as a "heap buffer overflow," the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device.Google says the bug has already been exploited in the wild.
...
Initially identified early this week as a zero-day vulnerability in Google's Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozilla's Firefox, Microsoft Edge, Opera, Brave, and more.It also affects apps like Telegram, 1Password, Thunderbird, and Gimp.Patches for the flaw are rolling out now, so keep your eyes peeled for updates.
...
Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, Haaretz reports, allowing attackers to track people and hack their devices.The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time.
www.npr.org
5 months ago
Privacy professionals

Cyberattacks strike casino giants Caesars and MGM

Caesars Entertainment has reported a cyberattack that may have exposed personal information of tens of millions of customers.
The company could not guarantee that the stolen data had been deleted by the unauthorized actor.
A group called Scattered Spider has claimed responsibility for the attack, under the umbrella of a Russia-based operation called ALPHV or BlackCat.
WIRED
5 months ago
Privacy professionals

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

MGM Resorts experienced system outages and disruptions following a cyberattack
Caesars Entertainment suffered a data breach in which personal data was stolen
The fallout from these hacks highlights the ongoing threat of ransomware attacks
Theregister
5 months ago
Privacy professionals

Probe reveals secret Israeli spyware that infects via ads

Israeli software maker Insanet has developed spyware called Sherlock that can infect devices via online ads.
Sherlock can access Windows, Android, and iOS devices.
Insanet received approval from Israel's Defense Ministry to sell Sherlock globally as a military product.
Entrepreneur
5 months ago
Privacy professionals

Steps to Take to Protect Yourself if you are a Victim of Identity Theft | Entrepreneur

Identity theft is when someone steals your personal and financial information to commit fraud in your name.
Being a victim of identity theft can have devastating financial consequences.
Protecting yourself from identity theft requires lots of paperwork and quickly taking action.
Tripwire
5 months ago
Information security

BLASTPASS: Government agencies told to secure iPhones against spyware attacks

CISA has ordered federal agencies to patch their iPhones against vulnerabilities used in a zero-click attack.
The attack, known as BLASTPASS, involves maliciously-crafted PassKit attachments sent through iMessage.
NSO Group, the firm behind Pegasus spyware, is known for targeting well-known figures and activists.
The Verge
5 months ago
Privacy professionals

How to disable Chrome's new targeted ad tracking

A part of Google's new Privacy Sandbox, the API is supposed to replace the third-party cookies that have been following us around for many years now, reporting where we go and what we buy, among other info.
...
In Chrome, start at the three dots in the upper-right corner and go to Settings > Privacy and Security > Ad privacy.(Or just type chrome://settings/adPrivacy into your address field.)
[ Load more ]