Day: December 10, 2023

23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA

Posted on by Robin Edgar

Genetic testing company 23andMe changed its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial days after reports revealing that attackers accessed personal information of nearly 7 million people — half of the company’s user base — in an October hack. In an email sent to customers Read more about 23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA[…]

Your mobile password manager might be exposing your credentials because of Webview

Posted on by Robin Edgar

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and Read more about Your mobile password manager might be exposing your credentials because of Webview[…]

Google calls Drive data loss “fixed,” locks forum threads saying otherwise

Posted on by Robin Edgar

Google is dealing with its second “lost data” fiasco in the past few months. This time, it’s Google Drive, which has been mysteriously losing files for some people. Google acknowledged the issue on November 27, and a week later, it posted what it called a fix. It doesn’t feel like Google is describing this issue Read more about Google calls Drive data loss “fixed,” locks forum threads saying otherwise[…]

Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

Posted on by Robin Edgar

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We’re told the attacks – which are usable against servers running the default configuration of Microsoft Dynamic Host Configuration Protocol (DHCP) servers – don’t Read more about Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets[…]