There’s a security best practice where sign ins aren’t supposed to say “password is incorrect”. Instead they’re supposed to say the…

The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check ...Read More

A popular smart security system maker has ignored warnings from security researchers that its flagship device has several serious vulnerabilities, including allowing anyone access to the company’s central store of customer-uploaded video recordings. The researchers at 0DayAllDay found that Gu…

Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.

If you’ve ever used a Sennheiser headset or speakerphone device with your Mac (or Windows PC), the accompanying HeadSetup app has left your machine wide open to attack. In what has been descr…

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Frequently, it's some long-forgotten site they haven't even thought about in

A mysterious (and fake) Chrome extension. A clever data exfiltration scheme. They would have gotten away with it, too, if it weren't for those meddling security analysts using ExtraHop Reveal(x)! Follow along as we go from threat detection to response in this real-life threat hunt with network traffic analysis.

Auto thefts are on the rise across the Greater Toronto Area, by 30 per cent in the city alone, and wireless key fobs may have a role to play.

Don't Skype & Type! Keyboard acoustic eavesdropping tool. - SPRITZ-Research-Group/Skype-Type

Introduction

Tools for capturing and analysing keyboard input paired with microphone capture - ggerganov/kbd-audio

Yes, even the Tor browser can be spied on by this nasty code

When users have been installing Sennheiser's HeadSetup software, little did they know that they were also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as they thought.

TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap –open -p 8008 192.168.1.0/24 | awk ‘/is up/ {print up};…

The companies named in our bombshell report weigh in.

The attack added to the company’s woes as it contends with fallout from its role in a Russian disinformation campaign.

It can be hard to keep track of when your information has been stolen, so we’re going to help by launching Firefox Monitor, a free service that notifies people when they’ve been part of a data breach.

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears