Google definitely got the message that users weren't happy about the auto-sign in/out link implemented in the previous version of Chrome. The company has launched an updated version of the browser (version 70) that makes it a lot easier to disable this annoying feature — among other changes.
Tagged With security
We often forget that routers are very complex machines that run software designed to manage a massive array of functions - software that can carry vulnerabilities. Throw in the fact many people don't know how to secure their network or router and you have a ticking time-bomb that bad guys are waiting to detonate. What can you do defuse this potentially explosive situation?
Hangzhou Xiongmai Technology (Xiongmai) is a company whose products you may have in your home or office but have never heard of. That's because they make products that are then rebranded by other companies. Their focus is on security products such as cameras and video recording equipment. SEC Consult has been scouring the Internet and found products made by Xiongmai are vulnerable to attack.
In a recent blog post titled "Hardening macOS," Ricard Bejarano offers an extensive list of settings you can tweak to make macOS as secure as possible. It's a comprehensive list of tasks — and we love it — but it's important that you understand the "why" behind his recommendations, too. Here are a few of his top tips and explanations for why you're adjusting, installing, or modifying your Mac that way.
Threat actors are refining their methods and are executing malicious acts with greater efficiency and effectiveness. Monzy Merza, the Head of Security Research at Splunk, says that while what the bad guys are doing isn't substantially changing, the landscape they operate in is. With the increased pervasiveness of cloud and mobile apps, we're seeing increased malicious activity across a broader spectrum of surfaces. I asked Merza what we can do about this as well emerging threats such as cryptojacking.
In perhaps one of the most audacious and worrying revelations in the battle for privacy, it's been found that the manufacturing supply chain for a number of servers has been compromised. A Bloomberg investigation reports that servers made in China's technology hub have been tainted with the installation of a tiny chip that can siphon data. At least 30 major tech companies are affected in the sophisticated nation-state attack.
It's often said that the safest password you can have is one you don't know. Which is why so many password management programs create passwords for you that impossible for you to remember. But Microsoft is going a step further. They are enabling password-free access to more services through their Authenticator app.
A few years ago a friend told me about Streak, a Gmail extension that allows you to track whether your email has been opened. For me it was a game changer, simply because it allowed me to have some concept of whether or not a message had made it to the person I intended or had gotten stuck in a spam folder in cyberspace somewhere.
Another day, another Facebook hack. This time around, the accounts of some 50 million users were left vulnerable for over a year, with Facebook only identifying and fixing the problem on September 25. Find out exactly what happened, if you're affected, and what you can do to protect yourself in the future.
Mozilla has officially launched its new Firefox monitor service. Now, if your user credentials have been compromised in a data breach, anywhere in the world, you'll be automatically notified rather than learning about it the hard way. The feature has been in testing for some time and works with the Aussie-made HaveIBeenPwned service created by cybersecurity expert Troy Hunt.
Chrome wasn't the only browser to get a visual overhaul this week, because the privacy-focused Tor Browser was also given a new lick of paint, as well as a host of under-the-hood upgrades, and refinements to make it easier to use for newcomers. There are now more reasons than ever to make Tor your daily browser of choice.
We've learned to be highly suspicious that the GPS, camera and microphone in our smartphones can be used to track our every move, listen into our conversations and watch our most intimate moments. But what about the act of tapping and swiping our screens? Can that be used by a bad actor? Researchers from CSIRO's Data 61 have found just that.
ServiceNow might have started out as a ticket management and IT service management tool but the company has evolved into all areas of business workflow. And part of that evolution has been a push into information security. The company now boasts tools for automating security response so limited security resources can focus on critical threats and not be distracted by known attack vectors that can be actioned by an automated responder. Yuval Cohen is ServiceNow's CISO and I spoke to him about the current threat landscape and what security professionals need to focus on.
With all the brouhaha going on in Canberra recently, the draft of a piece of very important legislation was introduced along with an explanatory note. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 might sound all soft and fluffy but it's anything but that. This is a piece of legislation that will compel IT companies that create encrypted systems to "assist" the government with access to encrypted communications.
Flash is dead. Very dead. It lingers, however, mainly in the form of web games. Right now (at least in Chrome) you can give your favourite Flash game sites permission to run the plugin. That will change next month with Chrome 69, when constant "explicit permission" will be required.
Browser developer tools are super-handy, allowing you to do all sorts of wonderful things to the sites you visit. All good things, of course. But, through social engineering, these tools can be used for evil. Turns out this was enough of problem for Facebook to stick a very visible warning in the website's source code.