Security News > 2020 > July

Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.

Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.

Amazon today said an internal email banning its staff from using TikTok on smartphones connected to their corporate inboxes was sent in "Error." The admission - or climb down, depending on how skeptical you are - came after the memo was obtained and leaked by journalists. So what Amazon's trying to say now is that it was wrong to ban TikTok from mobile devices: its policy is that it's OK to use the software on phones used for work email.

A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The most troubling bug Kent found was an insecure implementation of an SSL certificate on the Kasa mobile application.

Without consulting the design docs slash reference materials, the best you can know is that you don't know, but most people aren't humble enough to admit that. Don't be silly enough to put preconditions or constraints on the rules for what and how we can access It. No, you've just got to learn how the communication channel works, the protocol and the passwords, the abilities and limits, the laws and ramifications, and how obeying the rules allows greater access, greater comprehension, greater clarity, both within and without.

Google will soon prohibit ads on its platform that promote stalkerware products and services - but the tech giant's ban comes with a catch that some security experts worry will render it ineffective. Google said that its ban on stalkerware ads will not extend to private investigation services or services designed for parents to track or monitor their underage children - which some are condemning as a big loophole for surveillanceware companies.

Facebook announced on Friday that it's offering significant rewards through its bug bounty program for vulnerabilities found in Hermes and Spark AR. Hermes is a JavaScript engine that Facebook released as open source one year ago. Hermes is used by the social media giant's React Native apps for Android and other software, including Spark AR, an augmented reality platform that is used to create effects on Facebook, Instagram and even on Facebook's Portal smart displays.

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more.

Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose. These smartwatches are utilized by elderly patients with dementia who need reminders for taking their medication and to carry out everyday tasks.

Google this week announced that, starting next month, an update to its policy will effectively result in the rejection of ads for surveillance technology. The updated Google Ads Enabling Dishonest Behavior policy, which will "Prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization," will be enforced starting August 11, 2020, the Internet giant announced.