As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims Wave of Okta attacks mark what researchers are calling the biggest security trend of the year Research15 Mar 2024 | 15
Poking holes in Google tech bagged bug hunters $10M A $2M drop from previous year. So … things are more secure? Security13 Mar 2024 | 4
Apple promises to protect iMessage chats from quantum computers Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like Research21 Feb 2024 | 30
How to weaponize LLMs to auto-hijack websites We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets Research17 Feb 2024 | 24
Cutting kids off from the dark web – the solution can only ever be social Expert weighs in after Brianna Ghey murder amid worrying rates of child cybercrime Cyber-crime16 Feb 2024 | 93
Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts Deepfake-enabled attacks against Android and iPhone users are netting criminals serious cash Research15 Feb 2024 | 30
Miscreants turn to ad tech to measure malware metrics Now that's what you call dual-use tech Research15 Feb 2024 | 4
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
Raspberry Pi Pico cracks BitLocker in under a minute Windows encryption feature defeated by $10 and a YouTube tutorial Research07 Feb 2024 | 142
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies How good are your takedowns when fresh gangs are linked to previous ops, though? Research06 Feb 2024 | 1
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks Evidence mounts of an exploit gatekept within Russia's borders Research31 Jan 2024 |
COVID-19 test lab accused of exposing 1.3 million patient records to open internet Now that's a Dutch crunch Research24 Jan 2024 | 2
IT consultant fined for daring to expose shoddy security Spotting a plaintext password and using it in research without authorization deemed a crime Research19 Jan 2024 | 94
Google TAG: Kremlin cyber spies move into malware with a custom backdoor The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Research18 Jan 2024 | 5
Vast botnet hijacks smart TVs for prime-time cybercrime Updated 8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material Research18 Jan 2024 | 7
Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats So much for isolation Research17 Jan 2024 | 1
What's worse than paying an extortion bot that auto-pwned your database? Paying one that lied to you and only saved the first 20 rows of each table Research17 Jan 2024 | 17
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
So, are we going to talk about how GitHub is an absolute boon for malware, or nah? Microsoft says it's doing its best to crack down on crims Research12 Jan 2024 | 23
How to run an LLM on your PC, not in the cloud, in less than 10 minutes Hands On Cut through the hype, keep your data private, find out what all the fuss is about
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested
TrueNAS CORE 13 is the end of the FreeBSD version Debian-based TrueNAS SCALE is the future primary focus
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more
Yes, I did just crash that critical app. And you should thank me for having done so Who, Me? Quick thinking turned poor judgement into genius proactivity
Qualcomm unveils Snapdragon 8s Gen 3 with Eye-of-Sauron camera Wherever you go, whatever you do, your phone is watching
India quickly unwinds requirement for government approval of AIs Asia in brief Also: US woos Thailand, Philippines, for tech trade; China's Fukushima rage glows; Alibaba targets South Korea
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale'
Microsoft promises Copilot will be a 'moneymaker' in the long term Exec tells investors to 'temper' expectations as mission to convince customers of price tag continues
Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks CES Now that's a smart move Research12 Jan 2024 | 193
And that's a wrap for Babuk Tortilla ransomware as free decryptor released Experts' job made 'straightforward' by crooks failing to update encryption schema after three years Research09 Jan 2024 | 3
Google password resets not enough to stop these info-stealing malware strains Updated Now every miscreant is jumping on Big G's OAuth account security hole Research02 Jan 2024 | 12
NKabuse backdoor harnesses blockchain brawn to hit several architectures Novel malware adapts delivers DDoS attacks and provides RAT functionality Research15 Dec 2023 | 3
Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware Latest offensive cyber group to switch to atypical programming for payloads Research11 Dec 2023 | 10
Two years on, 1 in 4 apps still vulnerable to Log4Shell Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Research11 Dec 2023 | 11
Exposed Hugging Face API tokens offered full access to Meta's Llama 2 Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML Research04 Dec 2023 | 6
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images Exploits bypass most secure boot solutions from the biggest chip vendors Research01 Dec 2023 | 31
Weak session keys let snoops take a byte out of your Bluetooth traffic BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets Research30 Nov 2023 | 12
How to give Windows Hello the finger and login as someone on their stolen laptop Not that we're encouraging anyone to defeat this fingerprint authentication Research22 Nov 2023 | 90
BlackCat plays with malvertising traps to lure corporate victims Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware Research16 Nov 2023 | 1
Google Workspace weaknesses allow plaintext password theft Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Research15 Nov 2023 | 2
Ransomware more efficient than ever, and baddies are still after your logs Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean Research15 Nov 2023 | 3
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling Let's do the CacheWarp again Research14 Nov 2023 | 7
Passive SSH server private key compromise is real ... for some vulnerable gear OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out Research14 Nov 2023 | 12
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain Research09 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware Months of work reveals how this tricky malware family targets... the financial services sector Research07 Nov 2023 | 4
Cybercrooks amp up attacks via macro-enabled XLL files Neither Excel nor PowerPoint safe as baddies continue to find ways around protections Research01 Nov 2023 | 6
Cryptojackers steal AWS credentials from GitHub in 5 minutes Researchers just scratching surface of their understanding of campaign dating back to 2020 Research30 Oct 2023 | 3
F5 hurriedly squashes BIG-IP remote code execution bug Fixes came earlier than scheduled as vulnerability became known to outsiders Research27 Oct 2023 | 3
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence Research27 Oct 2023 | 1
Side channel attacks take bite out of Apple silicon with iLeakage exploit Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts Research26 Oct 2023 | 10
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015 Researcher who publicized issue brands company’s communication 'appalling' Research26 Oct 2023 | 3
British boffins say aircraft could fly on trash, cutting pollution debt by 80% Domestic jets can use 'municipal solid waste' to fly the friendly skies Research17 Oct 2023 | 115
BLOODALCHEMY provides backdoor to southeast Asian nations' secrets Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers Research16 Oct 2023 | 1
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit Two years on and Microsoft refuses to address the issue Research13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public We'd like to say don't panic … but maybe? Research13 Oct 2023 | 10
Everest cybercriminals offer corporate insiders cold, hard cash for remote access The ransomware gang changes identities more than Jason Bourne Research12 Oct 2023 | 9
Mirai reloads exploit arsenal as botnet embarks on another expansion drive With 13 new payloads it's the biggest update to the botnet in months Research10 Oct 2023 |
Researcher bags two-for-one deal on Linux bugs while probing GNOME component One-click exploit could potentially affect most major distros Research10 Oct 2023 | 12
Ransomware attacks register record speeds thanks to success of infosec industry Dwell times drop to hours rather than days for the first time Research10 Oct 2023 | 3
ROBOT crypto attack on RSA is back as Marvin arrives More precise timing tests find many implementations vulnerable Research26 Sep 2023 | 9
Marvell disputes claim Cavium backdoored chips for Uncle Sam Allegations date back a decade to leaked Snowden docs Research19 Sep 2023 | 8
Cryptojackers spread their nets to capture more than just EC2 AMBERSQUID operation takes AWS's paths less travelled in search of compute Research18 Sep 2023 | 3
Probe reveals previously secret Israeli spyware that infects targets via ads Oh s#!t, Sherlock Research16 Sep 2023 | 73
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop Cut and shut is so last century, now it's copy and clone Research13 Sep 2023 | 9
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals) Fun technique – but how practical is it? Research13 Sep 2023 | 20
China caught – again – with its malware in another nation's power grid 'Obtaining a disruptive capability could be one possible motivation behind this surge in attacks' Research12 Sep 2023 | 20
Microsoft: China stole secret key that unlocked US govt email from crash debug dump Mistakes were made, lessons learned, stuff now fixed, says Windows maker Research06 Sep 2023 | 54
Meatbag mishaps more menacing than malware? CISOs think so Company boards, on the other hand, aren't letting cybersecurity disturb their sleep as much Research06 Sep 2023 | 6
Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel Five Eyes nations warn of hit against Ukrainian military systems Research31 Aug 2023 | 4
Apple's defense against apps vandalizing other apps still broken, developer claims Updated Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed Research22 Aug 2023 | 17
Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants' What are these gadgets running, Windows? Ka-boom-tsch Research11 Aug 2023 | 10
There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack Especially on Apple gear, uni team says Research10 Aug 2023 | 25
Stalkerware slinger LetMeSpy shuts down for good after database robbery If you can't trust a spyware developer with your info, who can you trust? Research07 Aug 2023 | 4
Old-school hacktivism is back because it never went away Mysterious Team Bangladesh has carried out 846 attacks since June 2022, mostly DDoS Research03 Aug 2023 | 7
Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret Research01 Aug 2023 | 4
TETRA radio comms used by emergency heroes easily cracked, say experts Updated If it looks like a backdoor, walks like a backdoor, maybe it's ... export control Research24 Jul 2023 | 60
Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw Redmond's not fixing the latter because it 'relies on social engineering' Research06 Jul 2023 | 28
RAM-ramming Rowhammer is back – to uniquely fingerprint devices Just use it sparingly, as it may crash equipment or burn out memory Black Hat and DEF CON05 Jul 2023 | 30
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list Research29 Jun 2023 | 71
Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse Failure to match metadata with packaged files is perfect for supply chain attacks Research27 Jun 2023 | 12
Microsoft: Russia sent its B team to wipe Ukrainian hard drives WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew Research16 Jun 2023 | 10
These Microsoft Office security signatures are 'practically worthless' Updated Turns out it's easy to forge documents relying on OOXML Research13 Jun 2023 | 14
Qbot malware adapts to live another day … and another … Operators stay ahead of defenders with new access methods and C2 infrastructure Research05 Jun 2023 | 3
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Research01 Jun 2023 | 3
Alien versus Predator? No, this Android spyware works together Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping Research27 May 2023 | 8
Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids Updated For simulation or for real, we don't like the vibes from this CosmicEnergy Research25 May 2023 | 8
Upstart encryption app walks back privacy claims, pulls from stores after probe Try not leaving a database full of user info, chats, keys exposed, eh? Research17 May 2023 | 40
Let white-hat hackers stick a probe in those voting machines, say senators HAVA go at breaking electronic ballot box security Research11 May 2023 | 47
DEF CON to set thousands of hackers loose on LLMs Can't wait to see how these AI models hold up against a weekend of red-teaming by infosec's village people Research06 May 2023 | 27
How fiends abuse an out-of-date Microsoft Windows driver to infect victims It's like those TV movies where a spy cuts a wire and the whole building's security goes out Research24 Apr 2023 | 16
Firmware is on shaky ground – let's see what it's made of Opinion Old architectures just don't stack up Research17 Apr 2023 | 69
Another zero-click Apple spyware maker just popped up on the radar again Pegasus, pssh, you so 2000-and-late Research12 Apr 2023 | 8
Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug Plus: Substack shanked by bitter Twitter? Research07 Apr 2023 | 14
CAN do attitude: How thieves steal cars using network bus It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor Research06 Apr 2023 | 198
April brings tulips, taxes ... and phisherfolk scammers Tactical#Octopus: Don't let users click on that zip file Research03 Apr 2023 | 6
Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV Defense Tech Week31 Mar 2023 | 28
Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity How someone can nab buffered info, by hook or by kr00k Spotlight on RSA30 Mar 2023 | 15
Gone in 120 seconds: Tesla Model 3 child's play for hackers In brief Plus OIG finds Uncle Sam fibbed over Login.gov Research27 Mar 2023 | 37
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
Refreshed from its holiday, Emotet has gone phishing Notorious botnet starts spamming again after a three-month pause Research09 Mar 2023 | 2
Frankenstein malware stitched together from code of others disguised as PyPI package Crime-as-a-service vendors mix and match components as needed by client Research03 Mar 2023 | 3
Fast-evolving Prilex POS malware can block contactless payments ... forcing users to insert their cards into less-secure PIN systems Research03 Feb 2023 | 16
Malvertising attacks are distributing .NET malware loaders The campaign illustrates another option for miscreants who had relied on Microsoft macros Research02 Feb 2023 | 7
Microsoft closes another door to attackers by blocking Excel XLL files from the internet More of them used by baddies since Redmond blocked VBA macros Research25 Jan 2023 | 6
Microsoft took its macros and went home, so miscreants turned to Windows LNK files Adapt or die Research23 Jan 2023 | 6
How to track equipped cars via exploitable e-ink platemaker Miscreants could have tracked, modified, deleted digital plates Research10 Jan 2023 | 90
Dridex malware pops back up and turns its attention to macOS Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files Research06 Jan 2023 | 6
Legit Android apps poisoned by sticky 'Zombinder' malware Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Research09 Dec 2022 | 25