Week in security with Tony Anscombe

ESET research dissects KryptoCibule malware family – Why close unused accounts rather than just remove apps – Microsoft’s new deepfake detector

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

/by

Microsoft debuts deepfake detection tool

As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic

The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity

/by

Houseparty – should I stay or should I go now?

What’s the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app?

The post Houseparty – should I stay or should I go now? appeared first on WeLiveSecurity

/by

Norway’s parliament struck by hackers

Unknown threat actors were able to exfiltrate information from the email accounts of several parliamentarians

The post Norway’s parliament struck by hackers appeared first on WeLiveSecurity

/by

KryptoCibule: The multitasking multicurrency cryptostealer

ESET researchers analyze a previously undocumented trojan that is spread via malicious torrents and uses multiple tricks to squeeze as many cryptocoins as possible from its victims while staying under the radar

The post KryptoCibule: The multitasking multicurrency cryptostealer appeared first on WeLiveSecurity

/by
,

Announcing new reward amounts for abuse risk researchers

Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at Google

It has been two years since we officially expanded the scope of Google’s Vulnerability Reward Program (VRP) to include the identification of product abuse risks.
Thanks to your work, we have identified more than 750 previously unknown product abuse risks, preventing abuse in Google products and protecting our users. Collaboration to address abuse is important, and we are committed to supporting research on this growing challenge. To take it one step further, and as of today, we are announcing increased reward amounts for reports focusing on potential attacks in the product abuse space.
The nature of product abuse is constantly changing. Why? The technology (product and protection) is changing, the actors are changing, and the field is growing. Within this dynamic environment, we are particularly interested in research that protects users’ privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale.
Research in the product abuse space helps us deliver trusted and safe experiences to our users. Martin Vigo’s research on Google Meet’s dial-in feature is one great example of an 31337 report that allowed us to better protect users against bad actors. His research provided insight on how an attacker could attempt to find Meet Phone Numbers/Pin, which enabled us to launch further protections to ensure that Meet would provide a secure technology connecting us while we’re apart.
New Reward Amounts for Abuse Risks
What’s new? Based on the great submissions that we received in the past as well as feedback from our Bug Hunters, we increased the highest reward by 166% from $5,000 to $13,337. Research with medium to high impact and probability will now be eligible for payment up to $5,000.
What did not change? Identification of new product abuse risks remains the primary goal of the program. Reports that qualify for a reward are those that will result in changes to the product code, as opposed to removal of individual pieces of abusive content. The final reward amount for a given abuse risk report also remains  at the discretion of the reward panel. When evaluating the impact of an abuse risk, the panels look at both the severity of the issue as well as the number of impacted users.
What’s next? We plan to expand the scope of Vulnerability Research Grants to support research preventing abuse risks. Stay tuned for more information!
Starting today the new rewards take effect. Any reports that were submitted before September 1, 2020 will be rewarded based on the previous rewards table.
We look forward to working closely together with the researcher community to prevent abuse of Google products and ensure user safety.
Happy bug hunting!

/by

Security flaw allows bypassing PIN verification on Visa contactless payments

The vulnerability could allow criminals to rack up fraudulent charges on the cards without needing to know the PINs

The post Security flaw allows bypassing PIN verification on Visa contactless payments appeared first on WeLiveSecurity

/by

Week in security with Tony Anscombe

Canada’s government services hit by cyberattacks – Vishing attacks surge amid COVID-19 pandemic – DDoS extortionists strike again

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

/by

DDoS extortion campaign targets financial firms, retailers

The extortionists attempt to scare the targets into paying by claiming to represent some of the world’s most notorious APT groups

The post DDoS extortion campaign targets financial firms, retailers appeared first on WeLiveSecurity

/by

New Chrome, Firefox versions fix security bugs, bring productivity features

Chrome gets a new way of managing tabs while Firefox now features a new add-ons blocklist

The post New Chrome, Firefox versions fix security bugs, bring productivity features appeared first on WeLiveSecurity

/by