Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit Patches01 Jun 2023 | 6
1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack 3. It's asked for 90% of the digital dosh back, or else it'll beg the cops for help Cyber-crime30 May 2023 | 44
Google settles location tracking lawsuit for only $39.9M in brief Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns Security22 May 2023 | 7
Cisco squashes critical bugs in small biz switches You'll want to patch these as proof-of-concept exploit code is out there already Patches18 May 2023 |
Why Microsoft just patched a patch that squashed an under-attack Outlook bug Let's take a quick dive into Windows API Patches12 May 2023 | 45
EU's Cyber Resilience Act contains a poison pill for open source developers Opinion The road to hell is paved with good intentions OSes12 May 2023 | 80
Dump these insecure phone adapters because we're not fixing them, says Cisco Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability CSO05 May 2023 | 90
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs Patches02 May 2023 | 1
Russian snoops just love invading unpatched Cisco gear, America and UK warn Spying on foreign targets? That's our job! CSO18 Apr 2023 | 7
Apple squashes iOS, macOS zero-day bugs already exploited by snoops Keep calm and install patches before abuse becomes widespread Patches10 Apr 2023 | 1
Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug Plus: Substack shanked by bitter Twitter? Research07 Apr 2023 | 14
It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs Security07 Apr 2023 | 41
Azure blunder left Bing results editable, MS 365 accounts potentially exposed 'BingBang' boo-boo affected other internal Microsoft apps, too Security30 Mar 2023 | 12
Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash Terminal maker General Bytes shutters its cloud business after second breach in seven months Security23 Mar 2023 | 30
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
Police pounce on 'pompompurin' – alleged mastermind of BreachForums In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals Security20 Mar 2023 | 3
Microsoft pushes out PowerShell scripts to fix BitLocker bypass Attackers exploiting the vulnerability could access encrypted data Software19 Mar 2023 | 28
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Patches17 Mar 2023 | 40
CISA joins forces with Women in CyberSecurity to break up the boy's club in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items Security13 Mar 2023 | 17
Russian charged with smuggling US counterintel tech to Motherland In brief Also, don't download that 'ChatGPT Windows client,' and this week's critical vulnerabilities to keep an eye on Cyber-crime27 Feb 2023 | 8
LockBit's Royal Mail ransom deadline flies by. No data released in brief Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns Cyber-crime13 Feb 2023 | 9
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 14
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched You know when we all said quit using MD5? We really meant it CSO26 Jan 2023 | 3
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole Also: Yay for Data Privacy Day! Security24 Jan 2023 | 14
Miscreants sure do love ransacking cloud networks, more so than before Thanks for putting all your data in one basket CSO20 Jan 2023 | 9
Thousands of Sophos firewalls still vulnerable out there to hijacking Updated As hundreds of staff axed this week Security18 Jan 2023 | 3
Swiss Army's Threema messaging app was full of holes – at least seven At least the penknives are still secure Security11 Jan 2023 | 17
Here's how to remotely take over a Ferrari...account, that is Connected cars. What could possibly go wrong? Security07 Jan 2023 | 86
Parental control apps prove easy to beat by kids and crims 20m downloads can't be wrong? Or can they? Security21 Dec 2022 | 19
Pwn2Own contest concludes with nearly $1m paid out to ethical hackers Which is pocket change compared to what criminals will pay for zero-days, but thankfully community spirit remains strong Security13 Dec 2022 | 5
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Take a break from the gaming and fix these now Patches01 Dec 2022 | 5
Sirius XM flaw unlocks so-called smart cars thanks to code flaw Telematics program doesn't just give you music, but a big security flaw Security30 Nov 2022 | 25
Still using a discontinued Boa web server? Microsoft warns of supply chain attacks Flaws in the open-source tool exploited – and India's power grid was a target Research23 Nov 2022 | 10
AWS fixes 'confused deputy' vulnerability in AppSync Datadog security researchers found the flaw before miscreants did Security22 Nov 2022 |
Eggheads show how network flaw could lead to NASA crew pod loss. Key word: Could Houston, we have a PCspooF problem Security15 Nov 2022 | 23
GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming' No need for ignominy when a flaw is found Security14 Nov 2022 | 5
China is likely stockpiling and deploying vulnerabilities, says Microsoft Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing Security07 Nov 2022 | 36
OpenSSL downgrades horror bug after week of panic, hype Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited Patches01 Nov 2022 | 3
Cisco AnyConnect Windows client under active attack Make sure you're patched – and update VMware Cloud Foundation, too, by the way Patches26 Oct 2022 | 7
CISA warns of security holes in industrial Advantech, Hitachi kit When we concede that everything has bugs, we wish it wasn't quite everything Patches20 Oct 2022 | 2
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges Orca Security disclosed the bug, and older versions remain vulnerable Research19 Oct 2022 |
Fortinet warns of critical flaw in its security appliance OSes, admin panels Naturally, they're already under attack – so you know what to do next Patches11 Oct 2022 | 15
Make your neighbor think their house is haunted by blinking their Ikea smart bulbs Radio comms vulnerabilities detailed Patches08 Oct 2022 | 54
AI co-programmers perhaps won't spawn as many bugs as feared They can't be any worse than some human developers AI + ML07 Oct 2022 | 17
Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree Some days, security just feels like a total illusion. OK, most days... Patches04 Oct 2022 | 7
Sophos fixes critical firewall hole exploited by miscreants Code-injection bug in your network security... mmm, yum yum Patches28 Sep 2022 | 9
China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they? Report finds increase in anonymous vuln reports Research27 Sep 2022 | 4
One month after Black Hat disclosure, HP's enterprise kit still unpatched What could go wrong with leaving firmware open after world's biggest hacker convention talk? Security13 Sep 2022 | 12
Apple patches iPhone and macOS flaws under active attack High-value targets tend to get hit Security12 Sep 2022 | 13
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN Nothing like an authentication bypass for your private IPSec network CSO08 Sep 2022 | 56
How Arm popped CHERI architecture into Morello Program hardware Hot Chips Chip giant aims to adapt existing processor architectures to close off vulnerabilities in memory access Systems26 Aug 2022 | 6
If you haven't patched Zimbra holes by now, assume you're toast Here's how to detect an intrusion via vulnerable email systems Patches23 Aug 2022 |
Microsoft trumps Google for 2021-22 bug bounty payouts Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces Security12 Aug 2022 | 5
FAANGs failing on keeping user data safe from bug hunters Black Hat Time to call in the legal team Security12 Aug 2022 | 3
Google's bug bounty boss: Finding and patching vulns? 'Totally useless' Exclusive Disclosing exploits, however, will earn you $100k Security10 Aug 2022 | 14
Slack leaked hashed passwords from its servers for years Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Security08 Aug 2022 | 11
Warning! Critical flaws found in US Emergency Alert System DEF CON may be about to blow lid off security hole Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws Meanwhile, a security update for rsync Patches03 Aug 2022 | 1
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable Security27 Jul 2022 | 5
Time from vulnerability disclosures to exploits is shrinking Palo Alto Networks Unit 42 incident response team warns of patch speedups Security27 Jul 2022 |