Don't open that 'copyright infringement' email attachment – it's an infostealer
Curiosity gives crims access to wallets and passwords
Research07 Nov 2024 | 21
Research
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos
Research06 Nov 2024 | 15
Criminals open DocuSign's Envelope API to make BEC special delivery
Why? Because that's where the money is
Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials
Research05 Nov 2024 | 10
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win
AI + ML05 Nov 2024 | 18
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs
Emeraldwhale looked sharp – until it made a common S3 bucket mistake
Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover
Remember Bucket Monopoly? Yeah, it gets worse
Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
Attacks on unprotected servers reach 'critical level'
Cybersecurity Month24 Oct 2024 | 1
Millions of Android and iOS users at risk from hardcoded creds in popular apps
Azure Blob Storage, AWS, and Twilio keys all up for grabs
Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers
No attacks possible, but enough issues to cause concern
Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device
Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption
With an off-the-shelf D-Wave machine, but only against very short keys
Cybersecurity Month14 Oct 2024 | 22
INC ransomware rebrands to Lynx – same code, new name, still up to no good
Researchers point to evidence that scumbags visited the strategy boutique
Cybersecurity Month11 Oct 2024 | 9
Smart TVs are spying on everyone
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change
Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
'You can build this in a few days – even as a very naïve developer'
Cybersecurity Month04 Oct 2024 | 114
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Exclusive Crooks 'like a sysadmin, with a malicious slant'
Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline
Cybersecurity Month02 Oct 2024 | 7
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works
Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared
Ransomware? More like 'we don't care' for everyone but CISOs
Research30 Sep 2024 | 3
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'
Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey
Cybersecurity Month29 Sep 2024 | 68
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud
Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda
Research27 Sep 2024 | 6
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge
Severe incidents may be down, but Putin had to throw one in for good measure
Cyber-crime24 Sep 2024 | 9
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet
Research23 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom
Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals
Personal Tech19 Sep 2024 | 26
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
Updated Better check your widgets, people
Research19 Sep 2024 | 7
Tor insists its network is safe after German cops convict CSAM dark-web admin
Outdated software blamed for cracks in the armor
Cyber-crime19 Sep 2024 | 25
Putin really wants Trump back in the White House
US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again
Research18 Sep 2024 | 268
Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Exclusive Getting sloppy, Xi
CSO18 Sep 2024 | 32
Feeld dating app's security too open-minded as private data swings into public view
No love for months-long wait to fix this, either
Research13 Sep 2024 | 8
Mind your header! There's nothing refreshing about phishers' latest tactic
It could lead to a costly BEC situation
Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM
Academically interesting technique for poking holes in paywalled tech specs
Research12 Sep 2024 | 37
How $20 and a lapsed domain allowed security pros to undermine internet integrity
What happens at Black Hat…
Research11 Sep 2024 | 19
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade
Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials
Research04 Sep 2024 |
Novel attack on Windows spotted in phishing campaign run from and targeting China
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign
Research02 Sep 2024 | 3
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Updated Infosec hounds say they spotted vulnerability during routine travel in the US
Research30 Aug 2024 | 28
31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Exclusive Unprotected database with 12 years of biz records yanked offline
CSO26 Aug 2024 | 28
110K domains targeted in 'sophisticated' AWS cloud extortion campaign
Updated If you needed yet another reminder of what happens when security basics go awry
Research21 Aug 2024 | 4
Digital wallets can allow purchases with stolen credit cards
Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies
Research20 Aug 2024 | 36
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Windows giant tells Cisco Talos it isn't fixing them
Research19 Aug 2024 | 21
Google raps Iran's APT42 for raining down spear-phishing attacks
US politicians and Israeli officials among the top targets for the IRGC’s cyber unit
Research15 Aug 2024 | 1
China-linked cyber-spies infect Russian govt, IT sector
No, no, go ahead, don't let us stop you, Xi
Research15 Aug 2024 | 17
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
Because apps talking like pirates and creating ASCII art never gets old
AI + ML13 Aug 2024 | 17
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction
Is that a lot? Depends on the context. GHz, no. Voltage, yes
Personal Tech09 Aug 2024 | 28
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0
Can't reach someone's private server on localhost from outside? No problem
Research09 Aug 2024 | 39
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware
Black Hat Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?
Black Hat and DEF CON08 Aug 2024 | 2
Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security
Black Hat Let's get physical, physical ... I don't wanna hear your MMU talk
Black Hat and DEF CON07 Aug 2024 | 48
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net
A simple HTML change and the warning is gone!
Research07 Aug 2024 | 13
SharpRhino malware targets IT admins – Hunters International gang suspected
Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business
Security07 Aug 2024 |
Georgia's voter portal gets a crash course in client versus backend input validation
Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say
Research07 Aug 2024 | 36
Bad apps bypass Windows security alerts for six years using newly unveiled trick
Windows SmartScreen and Smart App Control both have weaknesses of which to be wary
Research06 Aug 2024 | 16
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
Malware logs users' keystrokes, pilfers credentials, exfiltrates data
Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course
Who wants to make a TRACTOR pull request?
Research03 Aug 2024 | 146
Russia takes aim at Sitting Ducks domains, bags 30,000+
Eight-year-old domain hijacking technique still claiming victims
Research31 Jul 2024 |
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
They DKIM here, they DKIM there
Research30 Jul 2024 | 33
Meta's AI safety system defeated by the space bar
'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32
AI + ML29 Jul 2024 | 57
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
May even have targeted other malware gangs, and infosec researchers
Cyber-crime26 Jul 2024 | 9
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware
PSA: Only accept updates via official channels ... ironically enough
Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted
And the forking Microsoft-owned code warehouse doesn't see this as much of a problem
CSO25 Jul 2024 | 49
Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech
Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared
Personal Tech24 Jul 2024 | 8
Forget security – Google's reCAPTCHA v2 is exploiting users for profit
Updated Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them
Security24 Jul 2024 | 72
Biting the hand that feeds IT
