Security Alerts & News
by Tymoteusz A. Góral

History
#1653 Your home’s online gadgets could be hacked by ultrasound
This may have happened to you. You idly browse a pair of shoes online one morning, and for the rest of the week, those shoes follow you across the Internet, appearing in adverts across the websites you visit.

But what if those ads could pop out of your browser and hound you across different devices? This is the power of ultrasound technology, says Vasilios Mavroudis at University College London – and it offers a whole new way in for hacking attacks and privacy invasions. He and his colleagues will spell out their concerns at next week’s Black Hat cybersecurity conference in London.

So far, this kind of ultrasound technology has mainly been used as a way for marketers and advertisers to identify and track people exposed to their messages, like a cross-device cookie. High-frequency audio “beacons” are embedded into TV commercials or browser ads. These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device. But the technology has many more applications. Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers’ phones as they shop.

“It doesn’t require any special technology,” Mavroudis says. “If you’re a supermarket, all you need are regular speakers.”
Read more
#1660 Critical vulnerabilities pose a serious threat to Joomla sites
#1659 Web Bluetooth API privacy
#1658 Security update patches 13 Android vulnerabilities discovered by Trend Micro
#1657 AtomBombing: A code injection that bypasses current security solutions
#1656 Killing Mirai: Active defense against an IoT botnet
#1655 Google joins Mozilla and Apple in distrusting WoSign certificates
#1654 Kaspersky DDOS intelligence report for Q3 2016
#1653 Your home’s online gadgets could be hacked by ultrasound
#1652 Bug bounty hunter launches accidental DDoS attack on 911 systems via iOS bug
#1651 Google identified major vulnerability in Apple’s OS and iOS cores
#1650 How security flaws work: SQL injection
#1649 New, more-powerful IoT botnet infects 3,500 devices in 5 days
#1648 Microsoft says Russian APT group behind zero-day attacks
#1647 Firefox disables loophole that allows sites to track users via battery status
#1646 Phony Android Flash player installs banking malware
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12