Some fraudsters may use low-tech tactics to steal your sensitive information – peering over your shoulder as you enter that data is one of them

The post Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone appeared first on WeLiveSecurity

Think your smartphone has been compromised by malware? Here’s how to spot the signs of a hacked phone and how to remove the hacker from your phone.

The post How to tell if your phone has been hacked appeared first on WeLiveSecurity

ESET Research uncovers DazzleSpy malware attacks targeting macOS users – Trading personal data for free online services – PayPal hacking made easy

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The trade-off between using a free service and giving up our personal data becomes much less palatable when we think about the wider ramifications of the collection and use of our personal data

The post Beyond the tick box: What to consider before agreeing to a privacy policy appeared first on WeLiveSecurity

Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker.

The post Every breath you take, every move you make: Do fitness trackers pose privacy risks? appeared first on WeLiveSecurity

Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs

The post Watering hole deploys new macOS malware, DazzleSpy, in Asia appeared first on WeLiveSecurity

Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here’s how to stay safe from a simple but effective attack

The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity

ESET research into Donot Team attacks – Common signs that your email has been hacked – Social media dos and don’ts in the workplace

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again

The post How to know if your email has been hacked appeared first on WeLiveSecurity

Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the V4 release of Scorecards, with larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation.

The Scorecards Action is released in partnership with GitHub and is available from GitHub’s Marketplace. The Action makes using Scorecards easier than ever: it runs automatically on repository changes to alert developers about risky supply-chain practices. Maintainers can view the alerts on GitHub’s code scanning dashboard, which is available for free to public repositories on GitHub.com and via GitHub Advanced Security for private repositories.

Additionally, we have scaled our weekly Scorecards scans to over one million GitHub repositories, and have partnered with the Open Source Insights website for easy user access to the data.

For more details about the release, including the new Dangerous-Workflow security check, visit the OpenSSF’s official blog post here.