Confused Feds Subpoena Signal for Data It Doesn’t Collect

“For the second time in several years, Signal has been subpoenaed by federal investigators for data that the encrypted chat app company doesn’t actually collect. In a statement published Wednesday, the company disclosed that it had recently received a summons from the U.S.”

May 7, 2021

Actively exploited Mac 0-day neutered core OS security defenses

“When Apple released the latest version, 11.3, for macOS on Monday, it didn’t just introduce support for new features and optimizations.”

May 4, 2021

Cybercriminals Bought Facebook Ads for a Fake Clubhouse App That Was Riddled With Malware

“Cybercriminals have been pushing Facebook users to download a Clubhouse app “for PC,” something that doesn’t exist. The app is actually a trojan designed to inject malware into your computer.”

April 25, 2021

Scraped personal data of 1.3 million Clubhouse users has reportedly leaked online

“The personal data of 1.3 million Clubhouse users has leaked online on a popular hacker forum, according to a Saturday report from Cyber News. The scraped data of Clubhouse users includes names, social media profile names, and other details.”

April 21, 2021

Chrome users, check if Google is tracking you with new targeted advertising

“Google is keeping an eye on where you go on the internet. Back in 2020 Google announced the beginning of the end of third-party cookies that track you as you click around the Chrome web browser.”

April 19, 2021

Android spyware masquerades as a System Update

“Malware of all kinds on Android are nothing new. Some even manage to get past Google Play Store’s security checks. Most, however, ride on apps that are sourced outside of Android’s sanction app store and those are often able to wreak more havoc than normal harmful apps.”

April 17, 2021

Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls

“SAML XML injection gives attackers free rein over user accounts, although hard-to-execute bug proves real-world threat is minimal UPDATED A class of vulnerability detected in several Single Sign-On (SSO) services might allow attackers to hack into corporate systems, security researchers at NCC Grou”

April 8, 2021

Critical netmask networking bug impacts thousands of applications

“Popular npm library netmask has a critical networking vulnerability. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend on netmask.”

March 31, 2021

T-Mobile: First US network to comply with FCC’s STIR/SHAKEN protocol deadline

“For years now, US carriers have been doing their best to protect their customers against scam callers. It has gotten so bad that the government has even implemented rules against it and encouraged carriers to take the concern seriously.”

March 29, 2021

New Android malware spies on you while posing as a System Update

“New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated.”