Get All The Breaking Android & iOS News, Google, Tech News, Smartphones, Rumors, Leaks, Reviews, Updates, Apps, Games, Custom roms, Health, Movies and More

Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Facebook investigated for the acquisitions of WhatsApp, Instagram and other companies



If you can't beat them, allies or, better yet, buy them . It is an extreme synthesis, but it gives an idea of ​​the suspicions about the anticompetitive practices that led the US FTC (Federal Trade Commission) to the decision to investigate the work of Facebook in relation to the numerous acquisitions made over the years. Those of WhatsApp (in 2014) and Instagram (in 2012) are the best known, but are placed in a more articulated strategy through which the company of Mark Zuckerberg has incorporated about 90 companies in the last 15 years.

The purpose of the investigation, which is now brought to the media's attention by The Wall Street Journal , is to establish the exact motivation that prompted Facebook to start such a massive '' buying campaign ' ': it was motivated by the legitimate desire to strengthen the resources at its disposal and to expand business activities or the desire to eliminate potential competitors?

Facebook obviously favors the first hypothesis: during the convening at the United States Congress on 16 July as part of the important Antitrust investigation against web giants , Matt Perault , head of Global Policy Development at Facebook, said that these operations they gave an impulse to innovation and allowed to bring together companies with peculiarities and complementary strengths. The startups and companies that joined Facebook, according to Perault:

as part of Facebook they had more chances to innovate than they would have had on their own.


Among the acquisitions that could be passed under the magnifying glass of the FTC is that of 2013 by Onavo Mobile : as recalled by the US daily, Facebook has used its technology to collect data in order to identify promising companies or new product categories /services. The acquisition of WhatsApp would have been decided precisely by analyzing the data collected by the Onavo Protect app, removed in recent months from the Play Store .

We will have to wait for the outcome of the investigations conducted by the FTC to establish whether the Facebook strategy violates the competition rules. If the social network giant were found guilty, various scenarios would open up: from the cancellation of some of the acquisitions - it is an idea supported by a certain part of the US political class , and not only in relation to Facebook - to the application of limits to the use of acquired resources.

A new difficult period is on the horizon for Facebook, after the record $ 5 billion fine that the FTC ordered last July . 


New ransomware on Android uses SMS to spread


Android is suffering from new ransomware that is spreading using SMS, thus trying to reach as many people as possible.

The latest threats are using a variety of methods to contaminate many phones with the Android system, so be careful when you want to stay protected.

The latest threat to the system is ransomware, which uses SMS to propagate, thus spreading quickly and efficiently to other devices.

Ransomware is malware that is intended to encrypt the files and data of infected phones and computers and to request an amount of money to release this data back to the user.


Android / Filecoder.C is the latest ransomware for the Android system, it started appearing in the middle of this month, and proving to be very efficient in propagating.

Unlike other ransomware, Android / Filecoder.C has an almost unique way of working.

When infecting an Android device, the first thing it does is start encrypting files, but at the same time it starts sending SMS to contacts stored in the phone book, thus trying to trick others by sending text and a malicious link to the phone. ransomware installation on the phone.

So far it has been discovered that there are over 42 different types of messages that have been sent, the intention being that the messages are unique and can really mislead who is receiving.


In addition to sending messages, Android / Filecoder.C has a very different operating mode, it does not encrypt files of less than 150KB nor above 50MB, the basic Android items continue to function normally, including unlocking the phone. no major problems

Files affected and blocked by ransomware are only released when users pay a predefined amount, usually somewhere between 0.01 or 0.02 Bitcoins .

So the best thing to do is not to press links on any unfamiliar pages or SMS, even if they are sent by your friends, before clicking, ask your friend if the message really is true and if it was sent by himself.

Source


U.S. Justice Deptartment is opening an antitrust investigation on big tech companies


There have been many antitrust mishaps in the technology world recently, be it due to poor protection of private user data or anti-competitive practices, which have resulted in investigations and fines the show up every now and then. Now, the United States Justice Department is opening up another investigation, but this one is broader than the ones we usually see.

As reported by The Wall Street Journal, the Department will be conducting a review of the biggest companies in technology, including Facebook, Google, Amazon, and Apple. The review can result in additional fines and measures against those companies, on top of the potential consequences of investigations by the Federal Trade Commission, for example.

Unlike the antitrust investigations we usually get, the Justice Department's goal isn't completely clear - instead, it's more of a general review to find any problems that may need addressing. The Department will be looking at how these companies have grown and expanded into additional businesses. What's more, the investigation won't be just about potential antitrust issues. Officials have said that they will be paying attention to any practices that might conflict with other laws, potentially resulting in even more penalties for these companies.

Makan Delrahim, antitrust chief of the Justice Department, said:

“Without the discipline of meaningful market-based competition, digital platforms may act in ways that are not responsive to consumer demands (...). The department’s antitrust review will explore these important issues.”

Big tech companies have been in the sights of many politicians as of late. Some Democratic candidates have called for companies to be broken up, and President Donald Trump has hinted at the possibility of suing them over potential anti-conservative bias. It seems like the threat of some kind of investigation was bound to materialize at some point, and it seems to be happening now.


Source

Google and YouTube are reportedly being fined millions for collecting data on children


A report by The Washington Post suggests the FTC has found Google and YouTube to be in violation of the Children's Online Privacy Protection Act (COPPA), which prohibits websites from collecting data on children under 13 years of age without the consent of their parents.

The investigation was the result of complaints to the agency going as far back as 2015, and the investigation was revealed to the public back in June due to reporting by The Washington Post. Now, it seems the agency has come to a settlement with Google.

The agency will be charging Google a multimillion-dollar fine, though the exact amount of the fine was not disclosed by The Washington Post's sources. The committee adjudicating on the matter was seemingly divided on the subject, with three Republicans in favour of the settlement and two Democrats opposed to it.

While the amount of the fine may not be much of an inconvenience for the tech giant with its billion-dollar revenues, it could potentially set a precedent that would lead the company into more legal trouble in the future. It could also be quite precarious for other tech companies, who may also find themselves in the FTC's crosshairs over the same concerns.

Perhaps in an attempt to avert any future legal action against it, Google has been in the process of making changes to its policies pertaining to kids' usage of its services for a while now. It has started disabling comments on videos featuring young kids and is also actively considering moving all kid-oriented videos from main YouTube app to the Kids app, which is designed for use by children.


Source

German cybersecurity agency identifies critical flaw in VLC Media Player


A German cybersecurity agency, CERT-Bund, which is responsible for organising the country's response to any computer emergencies, has recently discovered what it describes as a critical flaw in the popular VLC Media Player.

VLC is known to be a highly compatible media player, and thus boasts an impressive total downloads of over 3 billion, making this vulnerability all the more dangerous. CERT-Bund classified the vulnerability, officially logged as CVE-2019-13615, to be a "High" (Level 4) exploit, which is the second-highest risk assessment level by the agency.

The exploit is rather nasty and allows attackers to not only execute code remotely but also allows for unauthorised disclosure of information, unauthorised modification of files and disruption of service.

VLC is currently in the process of creating a fix, which can be seen on its website here. However, the ticket shows work on the fix is only 60% complete and there's no ETA on when it might be complete. CERT-Bund says there are no known cases where the exploit has actually been used by attackers, but it might be a good idea to steer clear of VLC for the time being, until the exploit is officially patched. We've reached out to Videolan for more information about the matter, and for an estimate of when a fix might become available.


Source

Google increases Chrome bug bounties, top Chromebook vulnerability now $150K


Google has long maintained bug bounties that pay researchers for discovering and submitting security issues directly. The Chrome Vulnerability Reward Program is now increasing amounts across the board, with a standing $150,000 prize for Chrome OS compromises.

Created in 2010, Google has received over 8,500 reports and paid $5 million out to researchers. The program is now tripling the max baseline reward from $5,000 to $15,000. Meanwhile, the maximum reward amount for high quality reports has doubled to $30,000.

Over the years we’ve expanded the program, including rewarding full chain exploits on Chrome OS, and the Chrome Fuzzer Program, where we run researchers’ fuzzers on thousands of Google cores and automatically submit bugs they find for reward.

The biggest sum is still for a Chromebook or Chromebox compromise with device persistence in guest mode, or “guest to guest persistence with interim reboot, delivered via a web page.” Previously $100,000, such a flaw will now net $150,000. Additionally, security bugs in firmware and lock screen bypasses are have their own reward categories.

This increase for Chrome bug bounties will be applied to submissions filed after today. For reference, the old table is below:


Google is also clarifying what it considers a high quality report so that applicants can maximize the reward potential. Bug categories have also been updated to better reflect the types of bugs that are reported, and what issues the company is especially interested in receiving.

Elsewhere, the Google Play Security Reward Program has increased amounts for remote code execution bugs from $5,000 to $20,000. All Google apps are included and third-party developers can opt-in. Theft of insecure private data and access to protected app components has been tripled to $3,000.


Source

Facebook will reportedly pay $5 billion to the FTC over Cambridge Analytica scandal


Facebook's involvement in the Cambridge Analytica scandal that resulted in user data being inadvertently shared with the analytics company has been quite troublesome for the social network. In addition to the obvious trust issues that come from such an incident, after months of investigations, fines have been issued by different countries, including the ICO in the UK, as well as Italy.

Now, the United States Federal Trade Commission has settled on a $5 billion fine that the social network will have to pay as a result of the scandal, according to a report from the Wall Street Journal citing sources familiar with the matter. The investigation that led to this fine was focused on the fact that Facebook had committed to the FTC to do a better job at protecting users privacy back in 2012, and whether the Cambridge Analytica scandal was a violation of that commitment.

The settlement fine was approved by Republican commissioners, whereas Democratic commissioners voted against the settlement, defending that tougher oversight should be enforced. While some may argue that the fine isn't enough, it would still be, by far, the highest fine ever issued as a result of a violation of an FTC order. The previous record was a $22.5 million fine on Google.

According to the report, the case has now moved to the civil division of the Justice Department, where it will be reviewed before being finalized. Neither the FTC or Facebook commented on the report.


Source

Google admits one of its language reviewers leaked private audio data


It's no longer a shocking secret that tech giants such as Amazon and Google are listening to customer interactions with their digital assistants all in an effort to improve the user experience. There are privacy implications, of course, and a Google-employed language reviewer has clearly crossed the line by leaking private Dutch audio data.

In a blog post detailing how it protects speech data from users, Google admitted that one of its partner language experts violated its data security policies. Its Security and Privacy Response teams are already looking into the situation.

The Mountain View tech giant employs language experts to review and transcribe snippets of recordings made by its users in order to improve how Google Assistant understands different languages. In the process, Google's language experts can listen to approximately 0.2 percent of all audio recordings, though these snippets do not reveal information related to user accounts.

Google says it's re-evaluating its security policy to avoid violations like this in the future. It's worth noting, perhaps, that this isn't the first time the search giant figured in a privacy violation of this sort. In 2015, it was found that the Chromium browser was automatically installing software that contained secret audio code that could be used to listen to users and record everything the program would hear.



Source

Italy imposes €1m fine on Facebook over Cambridge Analytica scandal


Garante Privacy, the official data protection authority in Italy, has found Facebook guilty of crimes committed under the Cambridge Analytica case for which it has issued a penalty of €1m to the social-media behemoth. The protective authority imposes blame on the company for breaching Italian privacy laws pertaining to user data. The fine in question has been charged based on the previous legislation, as the relevant privacy laws were updated in January earlier this year.

Last year it was revealed that the infamous Cambridge Analytica scandal affected over 87 million people across the world. The press release issued by Garante Privacy states that, of the 87 million, the data breach put about 214,077 Italian users at risk. The Italian watchdog also accused the data analytics company of trying to influence the results of the U.S. presidential elections in 2016 by using the data acquired illegally via Facebook.

Facebook was initially charged by the Italian body back in March and managed to reduce the sum to €52,000. Now, however, Garante Privacy has decided to overturn the reduction taking into account the "size of the database", "economic conditions" and "number of global and Italian users" of the social media company.

This isn't the first time that Facebook has been fined due to the Cambridge Analytica case - and probably won't be the last. Investigations have been ongoing for a long time by authorities and bodies across the globe. In March 2018, the EU started looking into the matter over allegations of misuse of Facebook user data. At the same time, the FTC launched a probe on Facebook's data privacy practices. Subsequently, in April 2018 Facebook CEO Mark Zuckerberg underwent heavy questioning and had to testify in front of the U.S. Congress.


Source

Five Eyes reportedly targeted Yandex in late 2018 to spy on user accounts


The Russian search engine Yandex has reportedly been attacked by one or more Western intelligence agencies, possibly from the United States, Britain, Australia, New Zealand, and/or Canada, which make up the so-called ‘Five Eyes’. The attack, according to four people with insider information, said it took place in late 2018 and included rare malware called Regin which the hackers hoped to use in order to spy on user accounts hosted by Yandex.

Yandex has acknowledged the attack which took place between October and November 2018. Ilya Grabovsky, a spokesman at the firm, said:


“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done. Yandex security team’s response ensured that no user data was compromised by the attack.”


When the attack was discovered, Yandex called in the Russian security company Kaspersky which learned that the attack was actually targeting several developers at Yandex. According to the sources, the infiltrators were trying to work out how Yandex authenticates user accounts so that they could impersonate users and gain access to private messages.

The Regin malware that was used was revealed to be a Five Eyes utility back in 2014 after The Intercept published information obtained from the former NSA contractor, Edward Snowden. The sources that spoke with Reuters claimed that the Regin code found on Yandex systems is newer than what has been used before which only increases the likelihood that Western nations are behind the attack.

If it is Western intelligence agencies or associated parties behind the attack, a conclusion deemed likely by Kaspersky's own private assessment, it’s doubtful that we’ll hear any more of the attack unless Yandex or Kaspersky are willing to share more details about what they’ve uncovered.


Source

Small and dangerous: hacker steals data from NASA for almost a year through Raspberry Pi


Raspberry Pi is gaining a new version that gives interested parties up to 4GB of RAM. The product is extremely discreet and uses applicability only depends on the user's imagination, and this news is an example of this.

NASA realized that thanks to one of these connected in its network in the jet propulsion laboratory several files were subtracted by an attacker that took no less than 500 MB of sensitive information.

The most curious is that the infiltrator remained with access to the local network for ten months without being noticed. At that time he had access to 23 files, including two of high military secrecy involving US space technology.

The lab, which is based in Pasedena, Calif., Had no idea that the device was connected to the NASA network. After the episode other unsafe gadgets were discovered there, part of which was inserted by employees who did not take proper care of the space agency's protocols. This is how Pi ended up being the pivot of this problem, inclusively.

In a report that demonstrated the problem, the space agency promises to improve the cyber security of its facilities including the Jet Propulsion Lab, highlighting how crucial it is to defend the integrity of the information and its confidentiality.

It is worth remembering, in February Brazilian hackers invaded a subdomain of NASA and ... they threw Doom through it.


Source

Telegram reports attack on the Chinese government on Wednesday (12)


Telegram's founder Padel Durov has hinted that the instability of the chat application he felt yesterday over a DDoS attack may be related to the Chinese government. On Twitter , he related what happened to the protest in the streets of Hong Kong.


The DDoS attack causes an overload on the servers, preventing the correct operation of the service. Durov said that most of the mapped IP addresses are from China and that DDoS would be "the size of a state actor."


Because of its encryption system, the Telegram is widely used in the region to organize protests far from the eyes of the Chinese government. The attack coincided with the time of a major act against the extradition law to China in Hong Kong. "This case is no exception," commented Durov.

Encrypted protest

Protesters marched on the streets of Hong Kong against a bill that allows the extradition of people from the semiautonomous territory to China, where the government has more power.



To avoid being identified, those who participated in the act used secure means of communication, such as the Telegram, covered the face to avoid the cameras scattered around the streets and did not use transport cards that track the locomotion.

New protests

New protests have been set for the next few days, just knowing if we will feel the reflection here with new instabilities in the Telegram.

Source

Document says Mark Zuckerberg knew Facebook's security flaws


A new document shows that Mark Zuckerberg , CEO of Facebook , was probably aware of the security flaws facing the company.

According to sources familiar with the company, e-mails obtained by the FTC (Federal Trade Commission), a consumer protection agency that addresses anti-competitive practices in the United States, show information that may be damaging to Facebook's reputation.

In a statement, a company spokesman said the social network fully cooperated with the FTC investigation and provided tens of thousands of documents, emails and archives for investigation. "At no time did Mark (Zuckerberg) or any other Facebook employee know that he was violating the company's obligations under the FTC's consent, nor are there any emails that indicate that they knew," he says.

Facebook's problems with the FTC began early last year when the Cambridge Analytica scandal exploded in the media, revealing that more than 87 million users had their data sold to companies.


No details of the document proving the accusation against the executive were disclosed.

They went too far! Hackers steal medical patient data and sell on Dark Web


The week started with #VazaJato - a report that shows conversations between Sergio Moro and Deltan Dallagnol - reminiscent of the importance of data protection , a recurring theme in the technology segment. Hackers typically seek personal and financial information from users. However, information shows that this is not all that malicious users have been looking for.

The theft of medical information is a form that has bothered a growing number of people, and a report published by the Carbon Black portal shows how hackers use stolen health data for their benefit.

The publication notes four different types of cyber theft:

~Hacking data from providers to steal administrative data, such as medical licenses, to forge medical identity, and are sold on the dark web for about $ 500.

~Forging health insurance cards, medical prescriptions and drug labels with the intention of transporting them on air travel

~Use of personal health information against people who have health problems for extortion and other crimes.

~Hack the login information of an insurance provider and later sell it to a buyer who can obtain the identity of the victim to claim the claim.

The study also mentions security experts who reported, for the most part (83%), having seen increase in cyber attacks in the last 12 months. Almost half of the companies (45%) suffered attacks during the same period. It is noteworthy that, even as companies improved their security practices, the attacks declined. Hence the importance of protecting medical documents.



"Valuable health sector data exceeds Protected Health Information (PHI) and the hottest deals today are provider data, fakes, and login information from hacked health insurers. With the increasing adoption of medical devices and IoTs, the surface area of ​​health attacks is becoming even larger. The problem was compounded by the limitation of cyber security personnel and the stagnant cyber security budgets of the "    Excerpt from the report of the virtual security company Carbon Black


There is not much that an ordinary person does when physicians fall victim to this type of attack, which increases the need for preventive work and effective measures to combat security threats. In addition, IoT devices have allowed hospitals to accumulate medical information in an amount previously unthinkable.

The fact that there is a fertile and profitable market further reinforces the need for companies that handle this data to be even more careful with hospital information.

Source

Microsoft warns: Discovering Office exploits


Microsoft (Microsoft) issued a warning that spam campaigns in Europe are exploiting a vulnerability to perform attacks, as long as the attachment file is opened, it may infect users.

According to Microsoft, this is an active email malware campaign for Europe that spreads RTF files with the CVE-2017-11882 vulnerability, which allows an attacker to automatically run malicious code without user interaction.

The CVE-2017-11882 vulnerability allows the creation of RTF and Word documents and automatically executes commands as soon as they are opened. The vulnerability was patched in 2017, but Microsoft said it has seen an increase in attacks using such vulnerabilities in the past few weeks.

According to Microsoft, when the attachment opens, it "executes multiple scripts of different types (VBScript, PowerShell, PHP, etc.) to download the payload."



"When we test one of the sample documents, when we open the document, it immediately starts executing the script downloaded from Pastebin, which executes the PowerShell command. Then, the PowerShell command will download a base64 encoded file and save it to %temp%\bakdraw.exe. Then copy a copy of bakdraw.exe to %UserProfile% \ AppData \ Roaming \ SystemIDE and configure a scheduling task called SystemIDE to start the executable and add persistence.



Microsoft declares this executable to be a backdoor that is currently configured to connect to a malicious domain that is no longer accessible. This means that even if the computer is infected, the backdoor cannot communicate with its command and control server to receive commands. However, this payload can be easily switched to workload, so Microsoft recommends that all Windows users install security updates for this vulnerability as soon as possible.



It is worth mentioning that FireEye also recently discovered the CVE-2017-11882 vulnerability, which can be used for an attack against Central Asia and installed a new back door called HawkBall. It is not clear whether the two activities are related.


Source

Notebook with 6 'devastating' Virus Sold For $1.3 million


A notebook infected with no less than the six most dangerous malware and ransomwares ever developed by humans was sold on Tuesday (28) for $ 1,345,000.

The notebook, a Samsung Blue Netbook 2008 with Windows XP SP3, was a piece of art that was dubbed "The Persistence of Chaos," designed by the artist Guo O. Dong. According to Dong, the notebook was a representation, "a bestiary, a catalog of historical threats."

Guo O. Dong further notes that if combined, the threats present in the notebook have caused more than $ 95 billion in damage worldwide. Since the live broadcast of the notebook in an enclosed, secure and unplugged room, the artist had asked for $ 1.3 million for the computer.

The buyer of "The Persistence of Chaos" did not reveal his identity and chose to remain anonymous.

Below is the list of the six most dangerous malwares and ransomwares ever developed by humans, according to the artist, present in the notebook:

  • WannaCry: ransomware that infected more than 300,000 machines in 150 countries. To this day he continues to attack outdated computers. An ransomware hijacks the machine when encrypting files and requires a cryptomeo amount for document release

  • BlackEnergy: malware responsible for attacking infrastructure - caused power outages in Ukraine

  • Dark Tequila: malware that steals credentials with targets in Latin America

  • ILOVEYOU: ancient worm, attacked more than 50 million PCs in 2000

  • SoBig: 2003 worm for distribution of viruses, malware and other types of attacks

  • MyDoom: backdoor, 2004 and Russian, paves the way for different types of hits 

Apple, Microsoft and Google criticized British agency proposal to Snoop On encrypted Chats


A group of 47 companies, including Apple , Google , Microsoft and WhatsApp , strongly criticized a proposal by the British intelligence agency GCHQ to monitor chat messages, even those encrypted. In an open letter published in Lawfare, companies said the idea would undermine security, threaten confidence in encrypted messaging services, and ultimately jeopardize citizens' right to privacy and freedom of expression. Businesses complete saying that such proposals would require messaging applications to change, practically deceiving users with these new rules.

Check out the Ad before further reading

The GCHQ proposal was first published in November 2018 as part of a series of trials and does not necessarily reflect a legislative agenda of the intelligence agency at this time. In the essay, two high-ranking British intelligence officials argue that law enforcement should be added as a "ghost" participant in all encrypted message conversations.

That would mean that intelligence agencies would be centered on encrypted messages, without users knowing they were present in a chat. The proponents argue that such a solution is no more invasive than the current practices of clandestine wiretapping in unencrypted telephone conversations.

Check out the Ad before further reading


Responding to the open letter, one of the original authors of the proposal, Ian Levy of the National Center for Cyber ​​Security, said the proposal was "hypothetical" and was intended only "as a starting point for discussion." "We will continue to engage with stakeholders and hope to have an open discussion to reach the best possible solutions," Levy said in a statement to CNBC.

Source

Google announces changes to Chrome and Drive prioritizing users privacy


The Google announced on Thursday (30) measures to increase the privacy of users who use extensions in Chrome. Now developers can request only a "minimum set of required permissions" from users, reducing access to sensitive data.

In addition, Google will also require extensions to follow a privacy policy in the Chrome Web Store. Previously, the measure was a prerequisite only for programs that required "personal and confidential user data," but has now been expanded to any extension requesting access to user information.
Check out the Ad before further reading

The new measures will be implemented soon. Google has promised developers at least 90 days in advance so they can adapt to the changes. After the period, out of standard extensions will be removed from the Web Store and disabled from Chrome browsers.

Google also took the opportunity to announce a similar policy of limited data to applications that connect to Google Drive, as those backup. With the change, the company will allow users to select the files to which third parties may have access. It works like this: when using a third party application, users choose the exact file in which they wish to work, preventing full access to the contents of the drive.

Drive users will soon be able to select specific files they want to share with third-party apps. This prevents access to developers around the platform content (Photo: Playback)

The rule does not apply to full backup services and other applications that require full Drive access. Still, Google has ensured that it will examine the authenticity of the programs before granting access. "Restricted Google Drive API scoping will begin early next year," the company said.

The novelty of Drive is part of Project Strobe, which started last year with Gmail. In the period, the news spread that Gmail developers had almost complete access to users' emails . The following month, Google began limiting developer access to data on most of its platforms.
Check out the Ad before further reading
While no private user information has been leaked by developers, Google wants to avoid the nightmare experienced by Facebook in 2018 when it was discovered that the company shared personal user data with Cambridge Analytica.

Source

Security Alert! Flipboard warns users about leak in your database


News app that recently won the Apple News competition , Flipboard went through trouble recently. According to the app, in a statement sent by email to its users, the database was invaded by an unauthorized person on two occasions: between June 2, 2018 and March 23, 2019, and between 21 and 22 April 2019.

After identifying the user, the Flipboard team immediately initiated an investigation with the help of an outside security company who found the attacker and found that he had obtained copies of specific databases that contain information from users of the application. This database contains name, username on Flipboard, email address and encrypted password.

Check out the Ad before further reading


In the statement, Flipboard stated that passwords are encrypted and protected by a technique known as "salted hashing" (encryption by adding a random value, called salt, to the password, by means of a notation). The advantage of this technique is that it eliminates the need to save keywords in plain text.

The use of a unique salt for each password, in addition to the hashing algorithms, makes it more difficult to discover encrypted passwords, with the need to use large technological resources. Passwords created or changed after March 14, 2012 have the function bcrypt. Those created or altered before that are protected by the addition of salt.

Many users of the app link their data to third-party accounts, such as social networks and Google. Regarding this type of access, Flipboard did not find any evidence that the unauthorized person accessed any third party account linked to the Flipboard accounts. As a precaution, the app team deleted all digital tokens.

Check out the Ad before further reading


"You can continue using Flipboard, you do not have to do anything else. However, the next time you sign in, you'll see that the password for your Flipboard account needs to be updated. Our support page (link below) contains instructions that explain how to create a new password. Also, if you use the same username and password you created on Flipboard in other online services, we also recommend changing the password for those other services.  If you've linked your Flipboard account to a third-party account to see your content, you may find that in some cases you'll need to re-link your account. Our support page also contains instructions that explain how to do this. "

Flipboard, in a statement sent to its user base, by e-mail.

Practical Action Taken by the Company

In the statement, Flipboard claims that all users' passwords have been reset, even those with cryptographic protection, without affecting the account information of all users. In case of new accesses, the system will ask you to create a new password. In addition, the tokens used to connect to all third-party accounts have been unlinked and replaced.

To lessen the possibility of other similar events happening in the future, security measures have been implementedbe improved, and the application has notified the appropriate authorities.


Young hacker invaded Apple's system: thought that Apple at the end of the day could offer him a job because of his abilities


In August of last year we reported that a young Australian hacker invaded Apple's servers and was able to access about 1TB of data from the Cupertino company's internal network, including customer records and confidential files from the brand's services.

The young man - at the time 16 years old - faced two charges related to these attacks, but eventually escaped from bars because the judge ordered eight months probation.

Support by clicking the ad before further reading

In that same period, we still report that Australian authorities were investigating other people's involvement in these attacks, taking into account that everything directed to the participation of a second hacker: and that is exactly what happened.

According to ABC News , the second hacker at the time was only 13, pleading guilty to several counts of hacking into Apple's servers. Utilizing its high level of expertise and information technology skills to create fake credentials and fingerprints, Apple's team came to believe that it was an employee of the company.

Just as in the first case, his lawyer claimed that the teenager had no idea of ​​the gravity of the situation and thought that Apple at the end of the day could offer him a job because of his abilities .

Support by Clicking the ad before further reading



In this circumstance, the lawyer asked him to be spared a conviction because he planned to study digital security and criminology at the university, and a criminal record could affect his job opportunities in the future.

Judge David White then decided not to convict the boy, granting a nine-month probation on the grounds that the teen was " extremely talented " and had a good reputation in his school and that, since the invasion, used his technological knowledge in noble causes.

Source