Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords Research07 Nov 2024 | 21
Cybercrooks are targeting Bengal cat lovers in Australia for some reason In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Research06 Nov 2024 | 15
Criminals open DocuSign's Envelope API to make BEC special delivery Why? Because that's where the money is Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials Research05 Nov 2024 | 10
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed You snooze, you lose, er, win AI + ML05 Nov 2024 | 18
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs Emeraldwhale looked sharp – until it made a common S3 bucket mistake Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover Remember Bucket Monopoly? Yeah, it gets worse Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Attacks on unprotected servers reach 'critical level' Cybersecurity Month24 Oct 2024 | 1
Millions of Android and iOS users at risk from hardcoded creds in popular apps Azure Blob Storage, AWS, and Twilio keys all up for grabs Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers No attacks possible, but enough issues to cause concern Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys Cybersecurity Month14 Oct 2024 | 22
INC ransomware rebrands to Lynx – same code, new name, still up to no good Researchers point to evidence that scumbags visited the strategy boutique Cybersecurity Month11 Oct 2024 | 9
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 114
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 7
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared Ransomware? More like 'we don't care' for everyone but CISOs Research30 Sep 2024 | 3
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 68
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Research27 Sep 2024 | 6
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge Severe incidents may be down, but Putin had to throw one in for good measure Cyber-crime24 Sep 2024 | 9
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 26
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Updated Better check your widgets, people Research19 Sep 2024 | 7
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 25
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again Research18 Sep 2024 | 268
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
Feeld dating app's security too open-minded as private data swings into public view No love for months-long wait to fix this, either Research13 Sep 2024 | 8
Mind your header! There's nothing refreshing about phishers' latest tactic It could lead to a costly BEC situation Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM Academically interesting technique for poking holes in paywalled tech specs Research12 Sep 2024 | 37
How $20 and a lapsed domain allowed security pros to undermine internet integrity What happens at Black Hat… Research11 Sep 2024 | 19
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials Research04 Sep 2024 |
Novel attack on Windows spotted in phishing campaign run from and targeting China Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Research02 Sep 2024 | 3
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Updated Infosec hounds say they spotted vulnerability during routine travel in the US Research30 Aug 2024 | 28
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
110K domains targeted in 'sophisticated' AWS cloud extortion campaign Updated If you needed yet another reminder of what happens when security basics go awry Research21 Aug 2024 | 4
Digital wallets can allow purchases with stolen credit cards Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies Research20 Aug 2024 | 36
Multiple flaws in Microsoft macOS apps unpatched despite potential risks Windows giant tells Cisco Talos it isn't fixing them Research19 Aug 2024 | 21
Google raps Iran's APT42 for raining down spear-phishing attacks US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Research15 Aug 2024 | 1
China-linked cyber-spies infect Russian govt, IT sector No, no, go ahead, don't let us stop you, Xi Research15 Aug 2024 | 17
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls Because apps talking like pirates and creating ASCII art never gets old AI + ML13 Aug 2024 | 17
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction Is that a lot? Depends on the context. GHz, no. Voltage, yes Personal Tech09 Aug 2024 | 28
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 Can't reach someone's private server on localhost from outside? No problem Research09 Aug 2024 | 39
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware Black Hat Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs? Black Hat and DEF CON08 Aug 2024 | 2
Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security Black Hat Let's get physical, physical ... I don't wanna hear your MMU talk Black Hat and DEF CON07 Aug 2024 | 48
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net A simple HTML change and the warning is gone! Research07 Aug 2024 | 13
SharpRhino malware targets IT admins – Hunters International gang suspected Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business Security07 Aug 2024 |
Georgia's voter portal gets a crash course in client versus backend input validation Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say Research07 Aug 2024 | 36
Bad apps bypass Windows security alerts for six years using newly unveiled trick Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Research06 Aug 2024 | 16
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Russia takes aim at Sitting Ducks domains, bags 30,000+ Eight-year-old domain hijacking technique still claiming victims Research31 Jul 2024 |
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Meta's AI safety system defeated by the space bar 'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32 AI + ML29 Jul 2024 | 57
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank May even have targeted other malware gangs, and infosec researchers Cyber-crime26 Jul 2024 | 9
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware PSA: Only accept updates via official channels ... ironically enough Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared Personal Tech24 Jul 2024 | 8
Forget security – Google's reCAPTCHA v2 is exploiting users for profit Updated Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Security24 Jul 2024 | 72