Dan Goodin
Dan Goodin
CRITIC
img-contested
N/A
0 reviews
PUBLIC
img-contested
N/A
2 reviews

RECENT ARTICLES

Sort by:
No Rating
Backdoored password manager stole data from as many as 29K enterprises

Backdoored password manager stole data from as many as 29K enterprises

As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app maker told customers.In an , Passwordstate creator told customers that bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers. The file, named “moserware.secretsplitter.dll,” contained a legitimate copy of an app called , along with malicious code named "Loader," according to a from security firm CSIS Group.The Loader code attempts to retrieve the file archive at...

April 23, 2021
Share
Save
Review
No Rating
A New Facebook Bug Exposes Millions of Email Addresses

A New Facebook Bug Exposes Millions of Email Addresses

last month's belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public.Ars TechnicaThis story originally appeared on , a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link accounts...

April 22, 2021
Share
Save
Review
No Rating
A New Facebook Bug Exposes Millions of Email Addresses

A New Facebook Bug Exposes Millions of Email Addresses

last month's belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public.Ars TechnicaThis story originally appeared on , a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link accounts...

April 22, 2021
Share
Save
Review
No Rating
Microsoft says mandatory password changing is “ancient and obsolete”

Microsoft says mandatory password changing is “ancient and obsolete”

Microsoft is finally catching on to a maxim that security experts have almost universally accepted for years: periodic password changes are likely to do more harm than good.In a , Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”The change of heart is largely the result of research that shows passwords are most prone to...

June 3, 2019
Share
Save
Review
No Rating
No password required: Mobile carrier exposes data for millions of accounts

No password required: Mobile carrier exposes data for millions of accounts

, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.Dania, Florida-based Q Link Wireless is what’s known as a Mobile Virtual Network Operator, meaning it doesn’t operate its own wireless network but rather buys services in bulk from other carriers and resells them. It provides government-subsidized phones and service to low-income consumers through the FCC’s . It also offers a range...

April 9, 2021
Share
Save
Review
No Rating
Windows and Linux devices are under attack by a new cryptomining worm

Windows and Linux devices are under attack by a new cryptomining worm

A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said.Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits that has increased over time.The malware also included a cryptominer that uses infected...

April 9, 2021
Share
Save
Review
No Rating
How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control a manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday.The ransomware, known as Cring, came to public attention in a . It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for...

April 7, 2021
Share
Save
Review
No Rating
Russia’s Twitter throttling may give censors never-before-seen capabilities

Russia’s Twitter throttling may give censors never-before-seen capabilities

Russia has implemented a novel censorship method in an ongoing effort to silence Twitter. Instead of outright blocking the social media site, the country is using previously unseen techniques to slow traffic to a crawl and make the site all but unusable for people inside the country.Research published Tuesday says that the throttling slows traffic traveling between Twitter and Russia-based end users to a paltry 128kbps. Whereas past Internet censorship techniques used by Russia and other nation-states have relied on outright blocking, slowing traffic passing to and from a widely used...

April 6, 2021
Share
Save
Review
No Rating
Malicious cheats for Call of Duty: Warzone are circulating online

Malicious cheats for Call of Duty: Warzone are circulating online

Criminals have been hiding malware inside publicly available software that purports to be a cheat for Activision’s Call of Duty: Warzone, researchers with the game maker warned earlier this week.Cheats are programs that tamper with in-game events or player interactions so that users gain an unfair advantage over their opponents. The software typically works by accessing computer memory during gameplay and changing health, ammo, score, lives, inventories, or other information. Cheats are almost always forbidden by game makers.On Wednesday, Activision that a popular cheating site was...

April 3, 2021
Share
Save
Review
No Rating
Actively exploited Mac 0-day neutered core OS security defenses

Actively exploited Mac 0-day neutered core OS security defenses

When Apple on Monday, it didn't just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms, some that were in place for more than a decade.Together, the defenses provide a comprehensive set of protections designed to prevent users from inadvertently installing malware on their Macs. While and even exploits rightfully get lots of attention, it’s far more common to see trojanized apps that disguise malware as a game, update, or...

April 27, 2021
Share
Save
Review
OUTLETS
wired.com

wired.com

CRITIC
img-trusted
92%
PUBLIC
img-trusted
82%
arstechnica.com

arstechnica.com

CRITIC
img-trusted
82%
PUBLIC
img-trusted
86%