Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions. When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. … More Malware sidesteps Google permissions policy with new 2FA bypass technique

Cyberattack exposes travelers’ photos, says US border agency

The images, collected over one and a half months, were taken as the travelers crossed an unspecified border point. The United States’ Customs and Border Protection (CBP) has announced that a security incident at one of its subcontractors has compromised the photos of thousands of travelers entering and departing the country. In addition to the … More Cyberattack exposes travelers’ photos, says US border agency

Spain’s top football league fined over its app’s ‘tactics’

La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy. Spain’s national data protection agency AEPD has slapped a fine of €250,000 (US$280,000) on the country’s top-flight football league, La Liga, for failing to make it adequately clear to users of its … More Spain’s top football league fined over its app’s ‘tactics’

Why cybercriminals are eyeing smart buildings

A recent talk by ESET’s Global Security Evangelist Tony Anscombe looks at the key security challenges facing intelligent buildings. As part of the Segurinfo Argentina 2019 conference in Buenos Aires, ESET’s Global Security Evangelist Tony Anscombe gave a talk on smart buildings, in which he explained the security risks associated with intelligent buildings. Let’s cut … More Why cybercriminals are eyeing smart buildings

More signs that MSPs must master cybersecurity

Is it worth evolving to become a Managed Security and Service Provider (MSSP)?  The business case seems clear for MSP cybersecurity mastery, but how do you tell when an idea’s time has come? Well, if the volume of stories about Managed Service Providers (MSPs) facing increasingly advanced security threats is any indication, then the time … More More signs that MSPs must master cybersecurity

Critical bug found in popular mail server software

If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers. Exim, the popular mail transfer agent (MTA) software, contains a critical-rated vulnerability that can, in some scenarios, enable remote attackers to run commands of their choice on unpatched mail servers, researchers from Qualys have found. Tracked under CVE-2019-10149, the remote … More Critical bug found in popular mail server software