BSAM: Open-source methodology for Bluetooth security assessment

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of… Continue reading BSAM: Open-source methodology for Bluetooth security assessment

Avast ordered to pay $16.5 million for misuse of user data

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such i… Continue reading Avast ordered to pay $16.5 million for misuse of user data

Microsoft will offer extended security updates for Windows 10

Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay for them. Det… Continue reading Microsoft will offer extended security updates for Windows 10

Quishing: Tricks to look out for

QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying item… Continue reading Quishing: Tricks to look out for

Google ads for KeePass, Notepad++ lead to malware

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malvertising via search en… Continue reading Google ads for KeePass, Notepad++ lead to malware

Researchers warn of increased malware delivery via fake browser updates

ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoi… Continue reading Researchers warn of increased malware delivery via fake browser updates

Sic Permission Slip on data brokers that use your data

Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it. The Permission Slip app (Source: Consumer Reports) US consumer data privacy laws … Continue reading Sic Permission Slip on data brokers that use your data

Easy-to-exploit Skype vulnerability reveals users’ IP address

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulner… Continue reading Easy-to-exploit Skype vulnerability reveals users’ IP address

Surge in identity crime victims reporting suicidal thoughts

Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the 2023 Consumer Impact Report from the Identity Theft Resource Center (ITRC) an… Continue reading Surge in identity crime victims reporting suicidal thoughts

Bogus OfficeNote app delivers XLoader macOS malware

A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample have appeared on VirusTotal throughout July, indicating that the malware has bee… Continue reading Bogus OfficeNote app delivers XLoader macOS malware