File this one away under "watch your permissions." It's recently come to light that an unknown number of third party apps have access to read emails sitting in your Gmail account. While the practice is not new, things like this are coming under increased scrutiny in the wake of Facebook's Cambridge Analytica incident. Here are the important details to bear in mind: Apps that can read your email DO require explicit user permissions. You have to agree to allow these apps access to your … Read more
Bug In Facebook May Have Unblocked People You Blocked
Facebook recently announced a site bug that impacted the privacy settings of more than 800,000 of its users. If you're one of the unfortunate souls who has been affected, then people you had formerly blocked may have become unblocked, and can now see your posts. For many people, that's not a huge deal. In some cases, say for example, if you blocked your ex-girlfriend, boyfriend, or wife and were impacted, they may be able to see things you don't want them to. Facebook's official statement … Read more
Watch Out For Rise In Microsoft Office Attacks
Menlo Security has recently published a new report that will probably dismay you if you're a business owner. Microsoft Office has been named as the attack vector of choice for hackers around the world. The most common form of the attack is a malicious Word document or other office document attached to an innocent looking email. There are, of course, plenty of other ways to take advantage of various security weaknesses in MS Office and Office 365. These include the use of remotely hosted … Read more
Vulnerability In Mac OS Went Unnoticed For Years
Researchers at Okta Security have stumbled across something big. Recently, they discovered a flaw in Apple's OS that would have allowed hackers to completely undermine Apple's code signing process. While at first glance that doesn't sound so bad, the implications are terrifying. In a nutshell, code signing uses cryptographic "signatures" to verify and validate code. If code bears the digital signature, it is considered trusted. If it's trusted, then it's given an automatic free pass, … Read more
Turn Cortana Off At Lock Screen To Avoid Potential Hack
Do you use Cortana? It's a handy virtual assistant (like Siri) built into Windows 10. Unfortunately, as useful as she is, there's a problem. Even if you don't use Cortana yourself, take heed: Microsoft has recently issued a security update based on findings by McAfee researchers. It turns out that Cortana can be "summoned" from the lock screen of your PC and used to execute attacks by tricking the ever-helpful Cortana into indexing files from a USB drive, then executing them. To … Read more
New Trick Lets Hackers Bypass Office 365 Email Security
What's old is new again. Hackers have recently begun re-deploying a decade-old trick called 'ZeroFont' to get around Microsoft's security filters and deliver phishing and spam emails to Office 365 email accounts. The gimmick? Zero-point fonts. As anyone with even passing familiarity to Office 365 knows, if you're drafting a document, you can change the font size to suit your tastes and preferences. What few people realize is that you can use html code to set your font to zero-point … Read more
Google Cracking Down On 3rd Party Browser Extension Installs
Malicious code can wind up on your PC or phone by any number of roads. Companies do their best to guard the digital passes, but invariably, things get missed and the hackers find a way in. It's a constant battle, and sadly, one that the good guys are losing. Recently Google has stepped up its efforts, this time by focusing on Chrome browser extensions installed by third parties. By the end of the year, no extensions will be allowed on Chrome except for those acquired via the Web … Read more
Another Vulnerability Found In Intel CPU’s
More bad news for Intel. Yet another security flaw has been identified in the processors the company makes. This one is so newly discovered that the full technical details have yet to be released. Here's what we know so far, from a recent Intel announcement: "System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch...Lazy restored states are potentially vulnerable to exploits where one process may infer register values of … Read more
Some Private Posts On Facebook May Have Been Exposed
Facebook is in hot water again. Recently, the company admitted that while testing a new feature on the site, they inadvertently made public the posts of more than fourteen million users. The incident occurred between May 18th and May 22nd and occurred when Facebook was testing a new "Featured Posts" enhancement. The goal was that users could selectively make posts visible to everyone. Unfortunately, the error created a situation where any posts users in the test group made were … Read more
Attackers Targeting Job Seekers Via Listings And Recruitment
Cyber-criminals around the world are increasingly focusing their attention on job seekers. According to the security firm Flashpoint, there has been a notable uptick in ploys involving phony job listings that attempt to get job seekers to give up personal information. Perhaps the biggest surprise is the fact that this is only now becoming a growing threat. After all, from the cyber-criminal's point of view, it's low hanging fruit. Job seekers expect that they'll be asked for all types of … Read more
