News

A configuration mistake in the Microsoft News app caused Window 10 users to receive strange test notifications, which caused them to think they were infected. Last Friday, users on Reddit began posting about strange notifications they were receiving in the Windows 10 action center. These notifications indicated they were from the Microsoft News app, but were labeled as coming from Microsoft Movies.Even stranger, these notifications contained messages stating "Test Notification, "thsi test notification", and "this...

Code and infrastructure from two known malware families have been observed with a new threat named Xwo, which helps operators of the MongoLock ransomware discover unprotected web services reachable over the internet.MongoLock targets unprotected MongoDB databases, wiping them from the server and demanding a ransom to restore them. Xwo is a Python-based bot scanner intended for reconnaissance activity. Based on IP ranges received from a command and control (C2) server, the utility probes for default...

Security researchers have found hundreds of millions of Facebook  user records sitting on an inadvertently public storage server.The two batches of user records were collected and exposed from two third-party companies, according to researchers at security firm UpGuard, who found the data. In the researchers’ write-up, Mexico-based digital media company Cultura Colectiva left more than 540 million records — including comments, likes, reactions, account names and more — stored on the Amazon S3 storage server...

The public posts made by Facebook’s CEO Mark Zuckerberg on his personal Facebook profile have been deleted; it included some of the critical updates and important announcements made by the company. All the information shared by Zuckerberg in the year 2007 and 2008 has also vanished.On being enquired, a spokesperson of Facebook said that these posts which included the major announcements like the one regarding the acquisition of Instagram were erased mistakenly because of some...

Homograph attacks are not just an issue for web browsers – they have been shown to cause headaches for users of mobile messaging apps, too.Researchers at Blaze Security have demonstrated bugs against Signal, Telegram, and the Tor browser that might be used as part of social engineering attacks – pushing users towards hacker-controlled sites that host either malicious code, or a phishing attack aiming to hoodwink prospective marks into handing over their login details. Hackers...

PewDiePie, the famous Swedish Youtuber, is no stranger to controversy. This time he is in the news again for the wrong reason after a user, who claims to be his fan, released ransomware with a note that reads ‘Subscribe to PewDiePie’. According to The Independent, the ransomware PewCrypt is designed in such a way that it locks people from accessing their data. The ransomware claims that users will not get back their data until PewDiePie...

A Georgia Tech database breach has exposed the personal information of up to 1.3 million current and former faculty members, students, staff and student applicants, according to school officials.Georgia Tech announced yesterday that a central database was accessed by an unknown outside entity through a web application, though it is unclear exactly who was affected . The school, which typically has around 30,000 students enrolled, said it learned of the security breach in “late March.”While...

A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface (API) keys and use them to attack the vendor’s backend servers and comprise user data, researchers said.The apps in question were all Android and culled from eight sectors including retail banking, healthcare and auto insurance. Companies behind the apps...

Phishing campaigns, some launched as recently as March, aimed at stealing credentials from Verizon mobile customers by spoofing the company's support service.Being mobile-focused and using an identifier for an official service from Verizon is what prompted researchers to categorize it as sophisticated above average.The link delivering the phishing kit includes the abbreviation 'ecrm,' which Verizon uses as a sub-domain - ecrm.verizonwirelesscom - for its Electronic Customer Relationship Management platform. Source: BleepingComputer

Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration. However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security...