Security Alerts

Weekly Roundup: The Good, The Bad and The Ugly

Today is Sunday, October 2nd: time for the weekly roundup of the good, the bad and the ugly tech news of the week! This week’s picks are centered around user privacy. The Good Some browsers (looking at you Chrome) are going out of their way NOT to help protect their user’s privacy. It is a refreshing change to hear Brave, a privacy based browser built off of Chromium will automatically block cookie consent banners/pop-ups in future releases. One of the unfortunate side effects of the EU’s GDPR is those annoying ‘this site uses cookies, please accept them (so our advertisers…

Read More

Meta bypassing beefy Apple security to spy on millions

Three Facebook, Inc. 196,64 +0,99 +0,51% Facebook and Apple Inc. 146,40 +0,30 +0,21% Apple iOS users have filed class action lawsuits against Meta (parent company of Facebook) accusing of them of bypassing Apple’s updated privacy rules from 2021. These rule changes caused so many people to have opted out that the Electronic Frontier Foundation reported that Meta lost $10 billion in revenue over the next year. To ‘work-around’ this Meta updated the coding of their Facebook and Instagram apps so that links users clicked on were opened in an app browser instead of the user’s default browser. This action was…

Read More

Weekly Roundup: The Good, The Bad and The Ugly

It is Sunday, September 25th and time for a new weekly feature where we look back at the tech news this past week and highlight one each of the: The Good, The Bad and The Ugly. This week as a bit of a slow week even with Microsoft’s Windows 11 22H2 update. The Good There has been much talk these days about slowing down climate change and reducing C02 emissions by getting people to ditch their ICE vehicles in favor of battery Electric Vehicles (EVs). However, the effects of climate change (extreme heat/cold) are taking its toll on the US…

Read More

Morgan Stanley fined $35M: Unencrypted and Unwiped Hard Drives Auctioned

This is ugly, sloppy and overall very unacceptable behavior for a company the size and caliber of Morgan Stanley: Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped. Much of the failure stemmed from the 2016 hire of a moving company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the data of millions of customers. The moving company received 53…

Read More

Spellcheck is a blessing and a curse. On one hand you get instant feedback if you mistype something. On the other hand, it causes people not to know how to correctly spell. However, if users have opted-in to use Chrome’s Enhanced Spellcheck or Microsoft Editor (add-on) in Edge, users could unknowingly be sending Personally Identifiable Information (PII) to Google or Microsoft. Users can check if they opted-in to use Chrome’s Enhanced Spellcheck. by entering: chrome://settings/?search=Enhanced+Spell+Check in the Chrome address bar. Enhanced spell check setting in Chrome needs to be opted-in (BleepingComputer) Now you may be wondering what kind of PII could I…

Read More

Microsoft Edge Users Beware: Tech Support Scam via Newsfeed

Microsoft’s Edge Browser is built off of Chrome is the default (and if S Mode is enabled only) browser for Windows 10 and 11. Some users are being feed fake stories in their Microsoft Edge Newsfeed which when clicked-on can bring up a fake Microsoft Defender Security Center landing page with a toll-free number to call Microsoft. Alternatively, clicking the ‘ad’ may bring the user to a decoy page. This is yet another variation of the ever evolving and popular Tech Support Scams. These fake ads/stories have a catchy headline and picture such as ‘Man Finds a Hidden Cave Inside…

Read More

Tik Tok: We were NOT Hacked

TikTok the short-form video hosting service owned by Chinese company ByteDance is strongly denying claims it has been hacked. TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform’s source code and user information (via Bleeping Computer). In response to these allegations, TikTok said its team “found no evidence of a security breach.” “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” TikTok spokesperson Maureen Shanahan said in…

Read More

Windows Defender Throwing False Win32/Hive.ZY Alert

Windows users world wide are in a panic today as Windows Defender is throwing a false Win32/Hive.ZY Alert when certain popular apps (including Microsoft’s own Edge browser) are opened. A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as ‘Win32/Hive.ZY’ each time the apps are opened in Windows. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.ZY. Microsoft is aware of the issue and is pushing out new security intelligence updates. To check for new security intelligence updates Search for and open Windows…

Read More

Samsung Data Breach: Hackers Obtained Customer Data

Yet again a major international corporation has been the victim of a date breach. While Samsung has disclosed hackers did obtain “Customer Data” early reports indicate (for now) the type of data obtained was not that major. The company says that Social Security numbers, as well as credit and debit card numbers, were not accessed. However, the event “may have affected information such as name, contact and demographic information, date of birth and product registration information.” It hasn’t revealed how many people may have been affected. The company is notifying some customers directly via email. Samsung says someone gained unauthorized…

Read More

Malicious Chrome Extensions with 1.4M Installs

If you have any of the five below extensions installed in Chrome, remove them now! The five extensions flagged by McAfee purport to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, company researchers said, the extensions kept a running list of each site a user visited and took additional actions when users landed on specific sites. The extensions sent the name of each site visited to the developer-designated site d.langhort.com, along with a unique identifier and the country, city, and zip code of the…

Read More