dslreports logo

News tagged: security


Users in our Frontier forum discuss a major new vulnerability in Frontier's password reset systems that potentially let an attacker acces Frontier subscribers' private data.

A major bug in Frontier's website has exposed the private data of millions of the company's subscribers. The vulnerability, first discovered by security researcher Ryan Stevenson, allows an intruder to take over an account with just a username or email address.

13

 story category

One of the Russian-government linked men responsible for hacking Yahoo has been sentenced to five years in prison. According to an announcement (pdf) by the DOJ, Karim Baratov, 23, was also ordered to pay a $250,000 fine for his role in spearfishing Yahoo employees, which ultimately resulted in the exposure of the data of 500 million Yahoo users.

7

 story category
Users in our security forum are discussing the recent FBI efforts to shut down a 500,000 router strong botnet fueled by a piece of malware named VPNFilter, believed to be a product of Russia and its ongoing cyberwarfare and disinformation attacks around the globe.

 story category

Hackers potentially tied to a state-actor (read: the Russian government) have managed to infect more than 500,000 home and small-office routers around the world with malware that can potentially track your usage, launch attacks on other networks, and permanently destroy the devices upon command. The malware, dubbed VPN Filter according to a Cisco advisory, has managed to infect numerous routers from vendors like Linksys, MikroTik, Netgear, TP-Link, and certain network-attached storage devices from companies like QNAP.

64

 story category

A new bipartisan proposal dubbed the Secure Data Act (pdf) would stop any government agency or court order from forcing a company to build backdoors into encrypted devices and communications. The proposal would protect companies that make encrypted mobile phones, tablets, desktop and laptop computers, as well as developers of encrypted messaging programs (like Signal or WhatsApp), from being forced to alter their products in a way that would weaken encryption.

8

 story category

For the last month AT&T customers have been posting to our forums complaining that AT&T was blocking access to specific DNS servers. More specifically, customers that own hardware like the Arris BGW 210-700 broadband gateway say that they've been blocked from accessing 1.1.1.1 and 1.0.0.1.

53

 story category
Users in our security forum note that Intel is facing another privacy fracas. This time, the company is taking heat for an SPI flash flaw that could potentially let an attacker alter or delete BIOS/UEFI firmware. Pretty much every processor made by Intel in the last five years is vulnerable, though Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3.

 story category

Last year, hackers and security researchers highlighted vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. It's not a small problem; we've been shown how the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations while the intrusion looks like like ordinary carrier to carrier chatter among a sea of other, "privileged peering relationships."

Telecom lobbyists have routinely tried to downplay the flaw after carriers routinely have failed to do enough to stop hackers from exploiting it.

In Canada, the CBC notes that Bell and Rogers are not even willing to talk about the flaw after the news outlet published a November investigation showing how, using only the number of his mobile phone, it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.

13

 story category
Now that we're at least pretending to care about privacy in the wake of the Facebook Cambridge Analytica scandal, a growing number of folks seem to be realizing that such privacy violations are the norm, not the exception. Case in point: Engadget directs your attention to a new study (pdf) 3,337 family- and child-oriented Android apps on Google Play were improperly collecting kids' data, potentially putting them in violation of the US' COPPA law, which restricts such data collection for kids under 13:
quote:
Of the 5,855 total apps included in the study, 281 of them collected contact or location data without asking for a parent's permission.

12

 story category

Russia's ongoing efforts to censor the internet continue to escalate. In 2016, Russia passed a law mandating encryption backdoors into hardware and apps, a move, again that was pushed under the pretense that weakening security for everyone magically increases national security.

29


Archives


    Most Popular

    • Comments
    • Views