Job hunting? Beware hiring scams using spoofed company websites

Cybercriminals are putting a new twist on an old trick Scammers are combining spoofed company websites and fake job ads to trick unsuspecting job seekers into surrendering their sensitive information and paying fraudulent fees. According to a recent public service announcement by the FBI’s Internet Crime Complaint Center (IC3), fraudsters increasingly post job openings on legitimate job boards and, in order to boost their aura of authenticity, direct people to fake domains whose names resemble those of real, reputable companies. The goal is to hoodwink job seekers into parting with their personal information that could be misused for a whole range of illicit activities, such as opening bank accounts in the victims’ [...]

Google: Flaws in Apple’s privacy tool could enable tracking

Safari’s anti-tracking feature could apparently give access to users’ browsing habits An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed multiple vulnerabilities in the browser’s privacy tool that could allow bad actors to take a peek at your browsing and search history. Apple counts users’ privacy safeguards as one of the cornerstones of its business and one of its main selling points. In 2017, the company released a privacy tool for Safari, called Intelligent Tracking Prevention (ITP). [...]

Microsoft exposed 250 million customer support records

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection More than 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and a browser could have accessed the data. The same set of 250 million records was stored on five Elasticsearch servers, which were spotted by Comparitech’s security researcher Bob Diachenko and his team on December 29th. They immediately notified Microsoft, which secured the data and started an investigation within two days. Microsoft apologized for the incident and [...]

Dating apps share personal data with advertisers, study says

Some of the most popular dating services may be violating GDPR or other privacy laws Unbeknownst to their users, several popular dating apps, including Tinder, OkCupid and Grindr, share detailed personal data on their users with third parties for advertising purposes, a study conducted by the Norwegian Consumer Council has found. The details spanned the gamut and included location, age, gender, as well as, in some cases, sexual orientation, drug use, and religious and political views. Some of the information-harvesting habits violated the European Union’s General Data Protection Regulation (GDPR), said the consumer group. The study examined a total of 10 apps, including popular menstrual health apps such as Clue and MyDays. [...]

3 ways to browse the web anonymously

Are you looking to hide in plain sight? Here’s a rundown of three options for becoming invisible online As concern about internet privacy grows and grows, more and more people are actively seeking to browse the web anonymously. There are various ways to avoid being identified or tracked on the internet, although, in fact, “attempt to avoid” might often be more appropriate. Online anonymity can often feel like a fleeting goal, and a problem as complex as online privacy has no solution that is bulletproof under all circumstances. Besides rather simple options such as proxy services or virtual private networks (VPNs), there are other services that you can use in order to [...]

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system. The remote-code execution (RCE) security hole affects IE versions 9, 10 and 11 running on all supported Windows desktop and server versions, as well as the no-longer-supported Windows 7. The [...]