Adidas announced that their US website was targeted by hackers, who made off with the data of "a few million" customers. Data includes names, contact details and "encrypted" passwords. There were more breaches this week too:
- Typeform, the online survey app, was breached: link
- Because of the Typeform breach, many companies who use their service also had their customer data breached. One such company, Monzo, a UK banking app, has shared details here.
- A shooting training center in the US exposed the personal information of thousands of US law enforcement officials: link
- The NHS (National Health Service) in the UK shared health data from 150.000 patients, even though they opted out: link
They introduce two passive attacks that can be used to gather browsing history, and one active attack where they could redirect users to websites of their choosing.
The attacks aren't very practical, and require decent equipment and close proximity, but interesting nonetheless. At this time 5G seems to suffer from the same issues.
It's a much-used extension that let's you restyle/theme any website you visit. After it was sold to an analytics company they apparently started to collect user's web history. The extension was pulled and users are advised to use the open source alternative called Stylus.
The issue is marked as severe. If you use phpMyAdmin you'll want to update.
There's a campaign underway in crypto communities where people are tricked into executing malware which opens the host system to remote code execution. It doesn't get flagged by anti-virus or Mac OS Gatekeeper. Since I know many of you wander the crypto hallways: be careful :-)
Most printers add invisible 'tracking dots' to printed files by default. Researchers from the University of Dresden have created a Python CLI called 'DEDA' that removes or overwrites these dots.
The availability of web applications is critical nowadays, more than ever. But it's also at risk because of very complex application-level denial of service attacks. Read this guide that highlights the different DoS techniques used so you know what to look for.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure. If you sign up today you can manage 10 devices for free, and Fleetsmith's new zero-touch deployment allows you to ship devices without needing IT to set up WiFi and other apps.