latest
CISA issues warning that Russian hackers are bypassing two-factor authentication
2FA is great, but not perfect
Two-factor authentication (2FA) can be an important component of the steps you take to keep your accounts and data secure, but it's not without its flaws. As if the existing threats weren't concerning enough, now we're learning about how Russian state-sponsored hackers are undermining authentication in supposedly secure systems and disguising their access as that of legit account holders.
Dirty Pipe: What is it, is my phone affected, what's being done to fix it, and do I need to be worried about it?
Everything you need to know about the vulnerability
Read update
Little more than a month after Samsung announced its Galaxy S22-series flagship, a security researcher found a major vulnerability that puts them, and a handful of other Android phones at risk. Over the past few days, there's been a lot of questions and concerns about the exploit known as Dirty Pipe. Here's the rundown on the Dirty Pipe exploit, the phones affected by it, and what you can do to stay safe.
Earlier today, a video was posted on Twitter by @Fire30_, showing off the new Dirty Pipe Linux kernel vulnerability to get root in Android on a Galaxy S22 and Pixel 6 Pro, both seemingly running the latest security patches. In each case, root access was achieved in less than a minute with a minimum of fuss, opening the door for both an easy root method enthusiasts might enjoy, and a whole lot of scary security concerns.
Devious Escobar Android malware can steal credentials for 190 financial apps
No relation to Pablo — as far as we know
Colombian drug lord Pablo Escobar died in 1993, but even now, nearly 30 years later, his name remains synonymous with crime. In his time, that never included cybercrime — unless he had his henchmen steal a truckload of AOL installation CDs so customers could snort lines of coke off them, which seems improbable — but the name Escobar is back and attached to an insidious form of malware that can take over your phone and even steal multi-factor authentication (MFA) codes generated by Google's Authenticator app.
Nvidia and Samsung hackers take credit for Ubisoft attack
The game company says no personal info was exposed
Ubisoft may be the latest victim in a cybercrime spree that has already affected chipmaker Nvidia and South Korean electronics giant Samsung. As a result, the company had to take measures to reassure users that their info was safe. While Ubisoft didn't lay the blame on anyone, Lapsus$ — the cyber gang linked to the previous hits — seemed to take credit for this one as well.
In late February, the cyber gang calling itself Lapsus$ broke into Nvidia's internal network and managed to steal a lot of sensitive data, from hashed login credentials to critical trade secrets behind the company's chips. The hackers demanded Nvidia remove the lock on its newer GPUs that automatically slowed them down when mining cryptocurrency and was given until March 4 to comply — or Lapsus$ would release those trade secrets. The cybercriminals have started making good on their threats, and now the fallout from their data dump threatens to help malware avoid detection.
Linux Dirty Pipe kernel bug exposes Android to potential malware vector
Get ready to clean those dirty pipes
If Android were a car engine, and you popped the hood and poked around a bit, you'd find the label "Linux" etched on the engine block. The open-source operating system provides the starting point that Android's built on top of, but sharing code also means sharing vulnerabilities. Now a newly discovered Linux kernel bug is raising concerns for the security of Android devices, as it leaves a door open for malware intrusion.
Samsung confirms massive hack, but says user data is safe
Hackers claim they have source code, encryption keys
Read update
The hacking group Lapsus$ recently targeted Nvidia, demanding the chipmaker eliminate a feature in some GPUs that limits hash rates while mining Ethereum cryptocurrency. The hackers made it clear they had the goods by first leaking internal Nvidia email handles and cryptographically hashed passwords, then setting a deadline of March 4. Lapsus$ isn't stopping there — now Samsung is under the gun, and valuable source code is once again at stake.
Vicious SharkBot banking trojan discovered in Play Store antivirus app
You're gonna need a bigger boat
The SharkBot remote access banking trojan was first spotted in the wild in October 2021. Security researchers at Cleafy discovered it and concluded it was one of a kind, with no connection to malware like TeaBot or Xenomorph — and it had some notably sophisticated and insidious functions. One, Automatic Transfer System (ATS), is new to Android and lets attackers move money automatically out of the victim's accounts, with no human intervention needed. And as British IT security researchers discovered, an updated SharkBot is hiding inside an innocent-looking antivirus app which is still available on the Google Play Store as of Saturday.
In 2018 developer Dylan McKay noticed that Facebook was doing something unexpected with information from his Android phone — it was recording names, numbers, and duration for every call. Shortly after he made this public via Twitter, multiple Android smartphone users got together and filed suit against the social media giant, alleging a violation of privacy. It's taken almost exactly four years, but now it looks like Facebook is ready to settle the claims.
Just after Russia invaded Ukraine on February 24, US-based chipmaker Nvidia was hacked. It wasn't a minor incident — cybercriminals managed to take down vital services including email and developer tools. While the timing there fueled suspicion that the attack could be connected to the invasion somehow — after all, Nvidia chips are in devices everywhere, making it a valuable target — it's since become apparent that we're instead looking at a crypto-motivated shakedown attempt.
Remote access trojans, or RATs, can wreak havoc on your finances. Attackers come at you from every digital direction and the malware they cook up is often insidious in its adaptability. Android banking trojan TeaBot, which has been around since 2021, originally tried to lure users via "smishing," or fake SMS messages from innocent-looking services embedded with malicious links. Unfortunately, it hasn't been fully vanquished, as this year it acquired new methods for creeping onto your phone.
Google shores up security measures in wake of Russia-Ukraine war
Increasing account security, removing disinformation, and highlighting safer practices
As the Russian invasion of Ukraine continues, Google is taking steps to strengthen account security and reduce the reach of hacking and disinformation campaigns. The Google Europe twitter account posted a thread detailing changes it is taking along with advice for high-risk targets and people in the affected vicinity.
Sometimes it feels like we've all got more data than we know what to do with, and turning to Network Attached Storage (NAS) devices like those we've covered from Synology and QNAP can really ease the load for home users and for small businesses. People establish shared home storage or back up security systems, Over time, a good NAS can pay for itself with convenient and easily accessible storage. Unless, of course, it falls prey to insidious ransomware — which is exactly what's happening to some unlucky users right now.
Software that covertly pulls info off your phone is a danger none of us want to face, and the fact that there are companies out there selling these tools to anyone who may want to spy on us is outright chilling. If that threat weren't bad enough already, it turns out that a number of these "stalkerware" apps are themselves woefully insecure, and end up leaving your data potentially exposed to even more prying eyes.
Samsung shipped millions of smartphones with a serious security flaw
At least your new Galaxy S22 is safe
Samsung tends to be vigilant about updating security on its devices, but no phone manufacturer is perfect, and sometimes the problems stay very well-hidden. One issue that shipped with some major models didn't become public until recently, and anyone who owns certain Galaxy phones could have fallen prey to the exploit and never realized it.
Ring will soon support third-party cameras, but probably none of yours
The change will primarily affect businesses
Amazon's smart home security brand Ring is opening a gate to its walled garden of apps and devices. As long as any non-Ring camera has certain capabilities, you will eventually be able to use it with Ring's app. While the company hasn't released a list of supported models, we do know that it's likely to be a limited group, at least for now — and depending on your current subscription plan, it may require paying a little more for the service.
Scary-sounding Xenomorph banking trojan is only the latest to be discovered in Play Store apps
Nuke this threat from orbit or it's game over, man, game over
The Android app ecosystem gives developers room for creativity — but the trade-off is that hackers are getting creative with malware, too. Such dangerous apps can end up in Google's Play Store and don't always get pulled as quickly as we'd hope, often thanks to clever concealment. The most recent example is the banking trojan Xenomorph, which has been targeting Android users across Europe.
If you’re familiar with the state of smart home security systems, you probably weren’t shocked when Wyze launched its Cam Plus subscription in 2020. It’s become the standard business model for companies within the space, and as features associated with recurring costs roll out, like storage and AI image processing in the cloud, the money for that has to come from somewhere. Subscriptions also give companies more dependable year-round income so they don’t have to rely solely on hardware sales to stay profitable — a point Wyze made in its video about almost going bankrupt.
Beijing's app for Olympic athletes and visitors looks like a free data buffet for hackers
Thousands at risk of having personal data exposed
There are privacy concerns for the thousands of foreigners in Beijing for the 2022 Winter Olympics after Canadian research group Citizen Lab revealed vulnerabilities in an app that handles sensitive health information and is required by the Chinese government for anyone involved with the games.