Ashley Madison Hack Data Apparently Released

Hackers have apparently released the data from the Ashley Madison hack. “The data dump reportedly includes the login details of about 32 million users — all seeking extramarital or illicit affairs — and also provides a staggering amount of information such as their names, email and street addresses, how much they have spent on the site and even what they are looking for in a potential cheating partner.”

IRS Hack More Extensive Than First Thought?

The IRS hack appears to have been more extensive than originally thought. “The IRS said in May that cyber thieves used stolen Social Security numbers and other data to try to gain access to prior-year tax return data for about 225,000 U.S. households, which included 114,000 successful attempts. But on Monday, the agency said that an additional 390,000 households were targeted, including about 220,000 “where there were instances of possible or potential access” to prior-year return data, the Wall Street Journal reports. “

Another Malvertising Attack

There’s been yet another malvertising attack. “Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said. The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes.” Y’all, please turn Flash off or use NoScript.

Firefox Getting More Private Browsing Options

Firefox is getting more private browsing options. “Mozilla is testing a new private browsing mode in Firefox that doesn’t just keep no trace of your… browsing habits on your machine but that also blocks online services that could track you while you’re surfing the web. That’s not unlike what plug-ins like Ghostery and the EFF’s Privacy Badger can do for you, but Firefox now combines that with its own incognito mode.”

Windows 10: Free Upgrade, Free Privacy Concerns

Even with all its settings tweaked, Windows 10 seems to have some privacy issues. “Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn’t connected to a Microsoft Account. The exact nature of the information being sent isn’t clear—it appears to be referencing telemetry settings—and again, it’s not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies.”

Google’s “Stagefright” Security Flaw Has Its Own Issues

Remember Android’s Stagefright security flaw? Apparently Google’s patch has its own issues. “On August 5, Google started releasing over-the-air (OTA) security updates for Nexus 4,5,6,7,9,10 and Nexus Player devices to address most of these flaws. However, shortly after the search giant started distributing the patches, researchers at Exodus Intel confirmed their suspicion that the fix for an integer overflow triggered in libstagefright during MPEG4 tx3g data processing (CVE-2015-3824) was flawed.”

Liking a Facebook Post = Violating a Restraining Order?

“Liking” a Facebook post means violating a restraining order? “[Justin] Bellanco’s ex-girlfriend April Holland had filed a restraining order against him after he had threatened to ‘shoot her knee cap to watch her suffer.’ The restraining order forbade Bellanco for having any contact with Holland for at least a year, but he was arrested earlier this week after Holland had told authorities that he had liked 22 of her photos and videos on Facebook.”

Lenovo Gets Caught With the Crapware Again

Ewww. Looks like Lenovo’s in the middle of another crapware scandal. I am actually typing this on a Lenovo, but happy, it’s a Lenovo which was formatted and set up with Linux. Ask me if I’m buying another one. (No.) “Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed. The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that ‘most’ is not ‘all.’ Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, […]

Yet Another Flash Update

Oh how shocking: More Flash updates. “Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.”

Twitter is Expanding Its Transparency Report

Twitter is expanding its transparency report. “Since 2012, we’ve published a biannual transparency report covering government requests and copyright notices. Now, for the first time, we’re expanding the scope of the report to include two new sections: trademark notices and email privacy practices. In addition to the two new sections and updated data, we’ve rolled out a site-wide redesign, including an updated homepage, more mobile-friendly layouts, and easier access to individual country reports.”

Harvesting Facebook Details Through Randomly-Generated Phone Numbers

If you’ve made your Facebook account discoverable through your phone number, you may want to change that. “Facebook has been urged to tighten its privacy settings after a software engineer was able to harvest data about thousands of users – simply by guessing their mobile numbers. The developer obtained the names, profile pictures and locations of users who had linked their mobile number to their Facebook account but had chosen not to make it public.”

HTC Stored Fingerprint Images in Unencrypted Image File

Is there anything worse to store in plain text than passwords? Like, say fingerprint images? “Researchers from FireEye have found that data that could be used to clone a user’s fingerprint was stored as an unencrypted “world readable” image file on HTC smartphones. Four security researchers discovered that the image file, which is clear replica of a user’s fingerprint, could be stolen by rogue apps or hackers.”

Another Big Ol’ Android Vulnerability — Certifi-Gate

Another day, another Android vulnerability. Maybe it is as bad as Flash. “Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app’s plugins to access a device’s screens and actions using an OEMs own signed certificates. That means a nefarious individual could see what you’re doing and control your phone or tablet. And according to the researchers, there’s no reasonable way to revoke the certificates as an end user.”

Nasty Firefox Exploit Found In the Wild

A nasty Firefox exploit has been found. Update! “Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.”