News

Facebook boss Mark Zuckerberg says users will be able to turn off political adverts on the social network in the run-up to the 2020 US election. In a piece written for USA Today newspaper, he also says he hopes to help four million Americans sign up as new voters. Facebook has faced heavy criticism for allowing adverts from politicians that contain false information. Rival social platform Twitter banned political advertising last October. “For those of...

Plex has patched and mitigated three vulnerabilities affecting Plex Media Server for Windows that could enable attackers to take full control of the underlying system when chained together. Plex Media Server is a desktop app and the backend server for the Plex media streaming service, designed for streaming movies, TV shows, music, and photo collections to over the Internet and on local area networks. The three vulnerabilities tracked CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742 were found by Tenable security researcher Chris Lyne and reported to...

Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled "Cloud as an Attack Platform", five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series of interviews they conducted with computer security pros attending the Black Hat and DEF CON conferences. Of the 75...

Cosmetics giant Avon is recovering from a mysterious cyber-security incident that took place last week, on June 8, sources have told ZDNet. The company has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure. The company said the incident "interrupted some systems and partially affected operations." Last week, Avon distributors reported problems accessing the company's backend, where...

A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered. A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s Twitter API and other parts of the app. “While the exposed keys allowed access to many parts of the app,...

A new hack allowed researchers to discern sound — including “Let it Be” by the Beatles, and audio from a Donald Trump speech — from lightbulb vibrations. Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which...

Norway, Bahrain, and Kuwait are amongst the "most dangerous" for privacy in their deployment of COVID-19 contact tracing apps, as they track their citizens' locations on a live or near real-time basis. These apps adopt an "invasive centralised approach" and pose a "great threat to privacy", according to an Amnesty International study. The group's research, however, does not include countries in Asia or the US. Conducted by Amnesty's Security Lab, the study assessed contact tracing...

In what can be described as the case of both cybersquatting and phishing, threat actors have reportedly created a site that imitates the legitimate secure note sharing service privnote.com to steal bitcoins. The creators of privnote.com, a legitimate site that offers a self-destructive pastes service, were concerned that someone had created a fake version of their website to trick users into using it. "Earlier this year, KrebsOnSecurity heard from the owners of Privnote.com, who complained that someone had...

The United States has announced it has amended the ban on US companies doing business with Huawei. The move entails allowing US companies to share information about technologies with Huawei for the purpose of developing joint standards without requiring an export licence. US Secretary of Commerce Wilbur Ross said, however, that the change in policy is not a softening on the government's stance against Huawei, which is still placed on the Entity List. Rather, the amendment...

Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot (also known as Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional malware on compromised machines. Among the banks whose customers have been targeted in this Qbot campaign, the...