Security

A network breach on October 5, 2024, forced Casio to delay its G-Shock watch releases, including the GMC-B2100AD-2A and GMC-B2100D-1A models. The company is investigating potential data compromise and securing its systems.

A Chinese state-sponsored hacking group, Salt Typhoon, breached major U.S. broadband providers' networks, posing a huge national security threat by potentially accessing systems used for lawful wiretapping. Investigations are ongoing into the extent of the breach.

The 57th release of the open-source, security-focused OpenBSD operating system is now available and carries the 7.6 version label. Its highlights include support for the Milk-V Pioneer board and Qualcomm Snapdragon X Elite processor, multiple tweaks and fixes, improved video acceleration support, and more.

After updating to iOS 18 and with the VoiceOver function activated, iPhones and iPads leaked saved passwords - a serious security vulnerability that was quickly closed by Apple. Anyone who has already installed iOS 18 should now update to iOS 18.0.1 as soon as possible.

The Sheriff's Department has launched 24/7 camera surveillance of Los Angeles with the grand opening of its first Real Time Watch Center. The Center can access public street cameras, license plate readers, and speeding cameras to identify criminals and conduct remote patrols. The center also has access to private cameras at businesses, churches, and homes if granted permission.

Lorex promises particularly high-res 360-degree in-home surveillance with its latest security camera, as it has 2 lenses and both are rated for 2K recording. The new pan-tilt (PT) model also has a prominent One-Touch button so that the user can immediately connect with a responsible account-holder and a "Smart" band of LEDs for notification alerts or ambient lighting.

Xiaomi is apparently introducing a new feature into its own operating system that could improve privacy more than almost any other function, especially for travelers, and could even help to prevent certain crimes.

Samsung is rolling out a new security update for the Galaxy S24 FE, aimed at device security. The October 2024 patch is slowly becoming available in Asia and Africa, with a global rollout expected soon.

Automatic floor cleaners are one of the most popular and widespread form of household robots right now. However, they come with potential privacy issues that are much less desirable, according to a smart home security researcher. One particular robot vacuum located in Australia reportedly contains vulnerabilities that allow attackers to hijack its camera and speakers completely wirelessly and remotely.

Starting in mid-2025, PayPal will share personal data with third parties due to a new feature, named Personalized Shopping. Thankfully, those not interested in it can opt out, although the problem is the fact that PayPal chose to enable this by default. However, there is plenty of time for them to change this.

Lately, government agencies have been cracking down on privacy-oriented messaging services, leaving many with a sense of uncertainty surrounding their online privacy. Fortunately, SimpleX Chat has taken to solving this issue, and in his latest video, Mental Outlaw explores the unique privacy features that set SimpleX Chat apart.

A ransomware attack has crippled the University Medical Center (UMC) in Lubbock, Texas, forcing it to divert ambulances to other facilities. It's the only level-one trauma center within 400 miles.

The bill that would have forced some AI companies to spend time and resources coming up with safety protocols when developing certain AI models has been vetoed by Gavin Newsom. The official argued that this isn't the best approach for protecting against the dangers of AI. However, experts are still working on similar bills.

UK police are testing an Australian-developed AI tool called Söze that could solve cold cases by analyzing vast, complex data like video footage and financial records in hours - a task that would take humans decades.

Level Lock is the latest in a series of acquisitions that have yielded the 190 brands in Assa Abloy’s portfolio. This purchase comes barely two years after the Swedish locksmith giant gave up August and Yale due to an antitrust lawsuit with the US Department of Justice.

The BingX cryptocurrency exchange has lost over $52 million to a hot wallet hack. The hack occurred around 4 pm UTC+8 in Singapore. BingX has frozen transfers and initiated emergency procedures to minimize losses.

Bounce Imaging, a leader in tactical camera technology, announced a new thermal imaging version of its throwable 360 camera, the Pit Viper 360. This will be the company's latest offering in the tactical camera space.

Reolink has announced that its latest Battery Doorbell is the industry's first to debut with a 2K resolution conferred by a 4MP camera, thereby offering a potentially clearer, sharper and more detailed picture of a visitor. The new home security accessory is also touted to come with upgraded Wi-Fi connectivity and not to demand monthly fees from the user.

As the concerns regarding the toxicity of social media for teens increase and more studies prove them legit, Instagram decides to turn normal accounts into "Teen Accounts" for users aged under 18. They will be automatically set as private, and changing the defaults will need a parent's approval, who will also be able to monitor them.

US Kaspersky antivirus accounts have been sold to UltraAV, a division of the Pango Group. Kaspersky was forced to abandon the US market after being banned by the Biden administration on June 20, 2024. The action was taken to prevent Russia from collecting and weaponizing data on Americans. All Kaspersky US users will be migrated unless action is taken.

Tile has announced that its latest line of personal tracker devices come with an upgraded Bluetooth range of up to 500 meters (~1,640 feet) in the new Pro variant. The new series also includes updated Mates and Stickers, not to mention an all-new Slim version for wallets. All 4 new trackers are rated to be sleeker, louder, and safer than their predecessors with the integration of Life360 SOS alerts.

Microsoft has officially announced its intent to move security measures out of the kernel, following the Crowdstrike disaster a few short months ago. The removal of kernel access for security solutions would likely revolutionise running Windows games on the Steam Deck and other Linux systems.

While European and US users of Facebook and Instagram were allowed to choose for their data not to be used to train AI, Australians didn't have any opt-out options available. As a consequence, all of their public posts since 2007 were used by Meta. For now, Facebook representatives couldn't confirm a future freedom of choice in the matter to Australian users.

Bringing no less than 11 additional tools, Debian-based Kali Linux 2024.3 is an update that also comes with support for the Qualcomm Snapdragon SDM845 SoC. Additionally, it begins the transition to the Python 3.12 update, which removes some deprecated APIs but also breaks some packages, so it needs more work before being released.

The U.S. Commerce Department is now focusing on both AI and cloud computing service providers with a new proposal, which involves requiring additional reporting from these companies. The goal of these new requirements is to ensure the safety of the technologies developed, such as their ability to handle cyberattacks.

An unpatchable Yubico two-factor authentication key vulnerability has broken the security of most Yubikey 5, Security Key, and YubiHSM 2FA devices. The Feitian A22 JavaCard is also vulnerable. Vulnerable 2FA keys should be replaced as soon as possible, especially when used to secure cybercurrency or top-secret information.

Cybersecurity researchers have finally cracked Cicada3301, a ransomware-as-a-service attack that first surfaced in June of 2024 on a dark web forum. The ransomware is able to target both Linux and Windows systems. It bears a striking similarity to ransomware used in the 2021 attack on the Colonial Pipeline.

As uncovered by security researchers Ian Carroll and Sam Curry, there was a vulnerability in the FlyCASS management system that allowed unauthorized persons to bypass security checks and even get into the cockpit of an aircraft.

Defended by Elon Musk and feared by the executives of iconic tech companies such as Google, OpenAI, and Meta, California’s antagonistic AI safety bill, SB 1047, is now just one step away from reshaping the tech landscape. After passing the state legislature, the bill is now waiting for Gavin Newsom's decision.

Newly reported malware aimed at Android phones steps up the usual social engineering attacks by including an NFC component. Vulnerable users who fall for the scam can have their bank details, and thus their money, stolen.

Cthulhu Stealer is an information-stealing malware targeting macOS users. Available as a MaaS service for $500 per month, it steals sensitive data like passwords, system info, and crypto wallet details. The malware impersonates legitimate software and uses social engineering techniques to trick users into running it.

Microsoft recently pushed out a security update to Windows users that breaks some dual-boot configurations. Users with some older Linux distributions, or any that use GRUB 2, may find their system unable to boot. This article goes over the cause of that, and how to fix it.

Introduced in 2017, the Google Play Security Reward Program offered up to $20,000 for discovering remote code execution bugs. However, this initiative allowed Google to collect data that is now used for automated checks, and since fewer malicious apps are being reported, this initiative will be terminated on August 31st.

Pindrop has unveiled the Pulse Inspect software to detect AI-deepfake voice clones to help stop fraud and disinformation. Cloned voices have become so convincingly real that millions have been lost to fraud, and fake phone calls and videos by politicians are becoming more common. The software reliably detects over 90% of AI-generated voices.

CheckMag Android power users love splurging those hard-earned salaries on apps to make their lives not only more efficient, but full of fun as well. Let's take a look at some of the best paid Android apps for August 2024.

Microsoft has detailed a critical Windows security vulnerability that allows attackers full control over IPv6 in the CVE-2024-38063 threat. Users of affected Windows OSs should apply the August patches now or disable IPv6 in the network adapter settings.

In August of 2024, one of the largest data breaches in history took place, exposing roughly 2.7 billion personal records. The set reportedly contains data on citizens of the United States, Canada, and the United Kingdom.

The NIST has finalized three post-quantum cryptography standards after nearly a decade of work to better protect the Internet, cryptocurrency, and communications. This move is in preparation for the ability of emerging quantum computers to crack public-key cryptosystem technologies such as RSA.

The Edward Snowden-endorsed live Linux distro Tails is back with version 6.6. This refresh brings Thunderbird and Tor Browser up to date, as well as packing support for new hardware and improving the persistent storage capabilities of this Debian-based piece of code, which targets those seeking complete Internet anonymity.

In an SEC filing, ADT mentions last month's cybersecurity breach but insists it has “no reason to believe” its customers' home security was compromised. Meanwhile the hackers are already advertising a wealth of customer data they claim was obtained from the breach.

Focused on delivering an easy initial setup and post-install configuration, IPFire is a Linux distro designed for firewalls. Version 2.29 Core 187 comes with an additional layer of protection against denial-of-service (DoS) attacks. This capability is useful in high-bandwidth and cloud deployment scenarios.

A critical vulnerability, Sinkclose, has been discovered in AMD processors. The flaw allows attackers to gain near-total control of affected systems. While AMD is working on patches, users are urged to update their systems immediately to mitigate risks of data theft, system takeover, espionage, and possible infrastructure disruption.

The "0.0.0.0 Day" vulnerability, discovered 18 years ago, allows malicious websites to bypass security protocols in Google Chrome, Mozilla Firefox, and Apple Safari, primarily affecting Linux and macOS devices. This flaw lets attackers remotely alter settings, access protected information, and potentially execute code on affected systems. Despite its initial disclosure in 2008, the vulnerability remains unresolved, though browser developers are now taking steps to address it. Additional security measures are recommended for developers to protect their applications.

Cameras support the robot vacuum cleaner at work or detect falls in the home. Unfortunately, there is always a risk of misuse, which a new type of camera system can prevent.

At Black Hat USA 2024, a researcher showcased a method for taking over the Windows Update Process to craft a custom system downgrade. With the system downgraded, threat actors can elevate privileges, bypass security features, and exploit previously patched vulnerabilities.

Researchers have developed an AI-powered method to reconstruct images displayed on a computer screen by intercepting electromagnetic radiation emitted from the HDMI cable. Hackers could remotely capture sensitive information, such as passwords or financial data. While the average user is unlikely to be targeted, organizations handling sensitive information should be aware of this and take necessary measures if needed.

WazirX has outlined a strategy to address a recent cyberattack that resulted in the loss of over $230 million in crypto assets. The crypto exchange has implemented a two-tiered recovery plan, allowing users to choose between prioritized asset recovery with limited access or immediate access with delayed recovery. To mitigate losses, WazirX will distribute recovered funds among affected users through a “balanced crypto basket” approach.

CheckMag We're sorry, but unfortunately NBC Notebookprotect Safe Browsing filter doesn't recognise this blurb. This article might try to do unpredictable things to your computer.

After years of working on a plan to eliminate third-party cookies, which enable tracking user activity across websites, from the Chrome browser, Google has decided not to go ahead with it, citing adverse effects on its advertising business. Instead, it now plans to give users the choice to opt out of third-party cookies in favour of its new Privacy Sandbox tech.

After a faulty update of the security solution CrowdStrike caused history-making IT failures last week, entrepreneur Elon Musk took the logical step and banned the software from his companies.