Latest news with #ZDNet
Forbes
31-07-2025
- Forbes
TSA Warning—Stop Using These Smartphone Chargers
Republished on July 31 with new guidance for Android and iPhone owners on the specific vulnerabilities for their devices following TSA's warning. It's holiday season. And as millions of travelers prepare to jet off from airports across the U.S. and beyond, the Transportation Security Administration's recent phone charger warning for airline passengers has suddenly been given some added urgency. The security agency has told airport travelers to 'bring your TSA-compliant power brick or battery pack and plug in there,' rather than use public charging points. 'When you're at an airport, do not plug your phone directly into a USB port.' This relates to so-called juice jacking, which along with the overhyped threat from public WiFi is guaranteed to irk cybersecurity professionals. But just as TSA's airport WiFi warning has been reinforced by the security industry, so it is now with charging. 'Public USB ports should never be treated as safe,' warns NordVPN's Adrianus Warmenhoven (via ZDNet), following its new report into the threat from choicejacking. This enhancement on juice jacking can bypass the protections in your smartphone to trick it into accepting a data cable connection when it shouldn't. Warmenhoven describes choicejacking as 'a dangerous evolution in public charging threats. With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.' Per Hackread, 'the rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.' That's debatable. Most public charging warnings are met with a fair amount of cyber derision. It's a blunt force attack. You're only likely to be specifically targeted by a malicious charging point or cable if you're in a high risk vocation or location. But what choicejacking has done is shown how a phone can be tricked into thinking a physical connection is one thing — a keyboard for example, while in reality it's something else. And data can be stolen as a result. If you consider your risk profile to be high, this should be a consideration. Use your own charger and cable. And bear in mind that when your phone is unlocked while charging, it's more vulnerable to this attack — if juice jacking attacks really exist, of course. Meanwhile, Android Authority has issued guidance for Android and iPhone users, setting out the different risks for each platform. Again, subject to that reality check. Attacks on Android phones 'exploit permissions for peripherals,' the website explains, using Android's Open Accessory Protocol for accessories such as 'mice or keyboards. Attackers can then begin hijacking system input through ADB (or Android Debug Bridge), which can simulate user input and change the USB mode to allow data transfer. The attack then proceeds with a series of commands aimed at gaining complete control of the device and gaining key access for further control.' iOS is different. 'A rigged USB cable or charger can be used to trigger a connection event for a Bluetooth device. Although it may appear as a regular Bluetooth-based audio accessory to your iPhone, it could act as the machinery to secretly allow data transfer and gain access to specific files and photos. However, it cannot access the entire iOS system as it can on Android.'
Korea Herald
14-07-2025
- Business
- Korea Herald
LG's hit portable screen StanbyME 2 goes global
LG Electronics is expanding the overseas reach of its portable screen StanbyME 2 with a global rollout, the company said Monday. The stylish tablet product will launch this week in Hong Kong and Turkey, to be followed by releases in the US, Canada, Vietnam and Singapore later this month. It will debut in major European markets including the UK, Germany, France and Spain in August. StanbyME 2 has shown immense popularity in Korea since its launch in February. More than 1,000 units sold out in 38 minutes during its initial live broadcast, and domestic sales over the past five months have surged to four times those of the previous model. The new version emphasizes enhanced mobility and user convenience. Users can now detach the screen from its stand with a single button, using it as a tabletop display or hanging it like a picture frame. It features a 27-inch 1,440p touch screen, a high-capacity battery that lasts up to four hours and webOS, LG's smart TV platform supporting streaming, cloud gaming and vertical content. The product has already caught the attention of international media. ZDNet called it 'the most eye-catching TV' with 'a brilliant balance of innovation and performance,' while USA Today labeled it a 'must-have smart TV' that's 'hard to resist taking home.' 'We're strengthening our global leadership in the portable screen market with a completely reimagined product that reflects what customers truly want,' said Lee Chung-hwan, head of LG's TV business.
Yahoo
22-06-2025
- Yahoo
「歷上最大規模,160 億網絡帳戶密碼被洩」有疑點?但你都應該要改密碼!
近日網路安全媒體 Cybernews 發布報告,聲稱發現史上最大規模數據洩漏事件,涉及 160 億筆登入資料,海外和本地媒體都有因應標題聳動而轉載。但同時亦有具經驗的媒體質疑 Cybernews 只是「標題黨」,認為實際並未發生單一的全新資安洩漏事件。不過大家也需要加強網絡安全意識,包括定期更換高強度密碼,以策安全。在 Cybernews 的文章中所寫,他們的研究團隊自 2025 年初以來持續監控網路,發現 30 個已曝露的數據集,包含從數千萬到超過 35 億筆記錄不等,總計包含 160 億筆登入憑證,而且涵蓋 Apple、Google、Facebook、GitHub、Telegram 等主要網絡服務,以及各國政府服務。 然而 BleepingComputer 和 ZDNet 兩大資深資安網媒都有發文指責 Cybernews,認為他們的發現並非新的數據洩漏事件,而是先前洩漏憑證、資訊竊取惡意軟體竊取的數據,以及憑證填充攻擊的匯編。簡單來說就是把多個不相關的數據庫混合計算,誇大整體規模,所謂的 160 億筆網絡帳戶密碼之中,可能有大量重複、過時或重新包裝的資料。 AP News 聯合通訊社用詞比較中性,但也有提到 Cybernews 自己有承認數據內容「絕對有重覆,所以未能確認受影響用戶數量。」 不過既然有如此大量的資安外洩數據能被 Cybernews 研究員發現到的,就代表其他黑客、有心人士也有機會獲得並進行攻擊。所以這邊也是一個大好機會來提醒大家要加強網絡安全意識,包括啟用雙重認證、使用密碼管理器來生成和儲存複雜密碼,定期檢查帳戶活動記錄。 NordPass Personal Premium (49% 優惠)首 24 個月總計只需 HK$249,平均每月 HK$11.63|原價 HK$558 資料存取及處理表現佳:具防禦暴力攻擊設計以保護主密碼、密碼設計安全性不俗。 立即訂閱 1Password 個人版 按年支付,平均每月 US$3 (約 HK$23.5) 功能齊全,與 NordPass 不相伯仲,且有多家大型企業選用。 立即訂閱 更多內容: The 16-billion-record data breach that no one's ever heard of Billions of login credentials have been leaked online, Cybernews researchers say Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself No, the 16 billion credentials leak is not a new data breach 調查指港人密碼多重複使用,Google 聯乘小薯茄教育大眾保護個資 iOS 18 新功能:Apple 超強密碼 app,直逼付費版服務(QR 碼分享 Wi-Fi 密碼、一鍵生成高強度密碼、共享密碼) 緊貼最新科技資訊、網購優惠,追隨 Yahoo Tech 各大社交平台! 🎉📱 Tech Facebook: 🎉📱 Tech Instagram: 🎉📱 Tech WhatsApp 社群: 🎉📱 Tech WhatsApp 頻道: 🎉📱 Tech Telegram 頻道:
Forbes
09-06-2025
- Forbes
Samsung Warns All Galaxy Users—Restart Your Phone
Restart your phone today. Android is under attack. Google warning that new vulnerabilities 'may be under limited, targeted exploitation' have become alarmingly frequent, as the Android-maker and its OEMs issue critical updates. Meanwhile, smartphone users are advised to watch for signs that their own phones may have been compromised. Separately, restarting phones made headlines over the last 12-months, as first iPhone and then Android introduced an auto-restart after three days of inactivity, making it more difficult for law enforcement or others to plug in cables to extract user data. While some years ago, America's NSA told users to 'turn devices off and on weekly,' that's not a habit that has caught on. Most users leave them on until forced to reboot. But Samsung actually warns its Galaxy users to do the same — and even more frequently. 'Make restarting your Galaxy phone a daily habit,' it says. Automating restarts 'Periodic restarting can prevent problems with your Galaxy phone,' Samsung says, including 'your phone suddenly freezing or [becoming] too slow,' two signs that could — maybe — be the sign of a security issue, albeit will more likely be performance related. 'The issue can sometimes be resolved just by restarting the phone.' Maybe this advice will now catch on, given the raft of new attacks driven primarily by the forensic industry finding more ways to compromise device security. 'Rebooting your phone daily is your best defense against zero-click attacks,' ZDNet now reports. That advice came courtesy of iVerify's Ricky Cole, whose company warned last week that iPhones had likely been attacked through an iMessage vulnerability that has since been patched. Apple says attacks did not take place, but the high-profile victims suggested by iVerify ensured a flurry of headlines followed. There are several ways to restart your Galaxy phone, but the easiest is to automate it. You can set your phone to 'auto-optimize daily' or to restart on a schedule. As long as the phone is not being used and has plenty of battery, it will reboot.
Tom's Guide
27-05-2025
- Tom's Guide
More than 184 million passwords exposed in massive data breach — Apple, Google, Microsoft and more
Cybersecurity researcher Jeremiah Fowler has just published a report about his discovery of a massive, unprotected online database of millions of sensitive pieces of data that were stored in a plain text file absent of any password requirement or encryption. According to ZDNet, the 184 million unique account credentials that Fowler found include usernames, passwords, emails and URLs for apps and websites like Google, Microsoft, Apple, Facebook, Instagram and Snapchat, among others. Perhaps more concerning were the even more sensitive information in the database – specifically credentials for bank and financial account, health platforms and government portals. Fowler's analysis determined that this data has been captured by some type of infostealer, meaning the individuals exposed and the accounts involved will be vulnerable to a host of further scams and malicious behavior from threat actors such as phishing attacks. Fowler has said he doesn't know if this database was legitimately or maliciously created in the first place, because the hosting provider would not disclose the name of the owner, though they have removed it from public access. Fowler directly contacted people listed in the file, told them he was researching a data breach and confirmed that the information contained in the database was correct, valid account information. Additionally, he has said that while whomever owns the database is to blame for the incident, users who treat their email accounts like free cloud storage leave themselves open to security and privacy risks by having years worth of sensitive documents such as tax forms, medical records, contracts or passwords readily available to cybercriminals who are able to gain access to their email accounts. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. People who are involved in a security breach of this nature are subject to a variety of further threats, especially if they've reused the same password, used weak passwords, or have accounts in a position of government or other importance. Like Fowler, we recommend that you always use strong, unique passwords that include multiple upper and lower case characters as well as numbers and special characters, that you frequently change and update passwords and that you never reuse passwords. It's often easiest to use a password manager to keep all of your passwords private and safe, or if possible, use a biometric passkey. Whenever possible, enable two-factor or multi-factor authentication on your accounts. Keep a close eye on all your accounts, and if you feel like you've may have been or know you have been victim to a data breach, check your accounts on sites like HaveIBeenPwned or a password leak checker. You should also make sure that your antivirus software is set to regularly scan your computer; these scans can be set to run automatically when you're asleep or when you're otherwise not using your machine so that you won't be interrupted. Lastly, know the signs of phishing scams and social engineering attacks so you can watch out for them – you are always the last line of defense when it comes to malware, and threat actors will take all the information they have in order to try and trick you into clicking on a link or downloading an app or software that appears legitimate but is secretly malicious code. Never click on unexpected links, QR codes or attachments or links or attachments from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Don't share personal information with people you don't know online, and clear out your accounts of old emails and photos that contain documents that may contain personal details and information.
