Subscribe

Security

  1. Message-scraping, user-tracking service Spy Pet shut down by Discord

    Bot-driven service was also connected to targeted harassment site Kiwi Farms.

  2. Millions of IPs remain infected by USB worm years after its creators left it for dead

    Ability of PlugX worm to live on presents a vexing dilemma: Delete it or leave it be.

  3. Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks

    Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks?

  4. Hackers are using developing countries for ransomware practice

    Businesses in Africa, Asia, and South America hit before moving on to Western targets.

  5. Hackers infect users of antivirus service that delivered updates over HTTP

    eScan AV updates were delivered over HTTP for five years.

  6. Windows vulnerability reported by the NSA exploited to install Russian malware

    Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.

  7. Roku forcing 2-factor authentication after 2 breaches of 600K accounts

    Accounts with stored payment information went for as little as $0.50 each.

  8. LastPass users targeted in phishing attacks good enough to trick even the savvy

    Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

  9. All the pieces are in place for the first crew flight of Boeing’s Starliner

    “This is a test flight, and a complicated one at that."

  10. Kremlin-backed actors spread disinformation ahead of US elections

    To a lesser extent, China and Iran also peddle disinfo in hopes of influencing voters.

  11. Billions of public Discord messages may be sold through a scraping service

    Cross-server tracking suggests a new understanding of "public" chat servers.

  12. Attackers are pummeling networks around the world with millions of login attempts

    Attacks coming from nearly 4,000 IP addresses take aim at VPNs, SSH and web apps.

  1. Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M

    Indictment says man tricked cloud providers into giving him services he never paid for.

  2. Change Healthcare faces another ransomware threat—and it looks credible

    Hackers already received a $22 million payment. Now a second group demands money.

  3. “Highly capable” hackers root corporate networks by exploiting firewall 0-day

    No patch yet for unauthenticated code-execution bug in Palo Alto Networks firewall.

  4. Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed

    Multiple links in the supply chain failed for years to identify an unfixed vulnerability.

  5. AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.

    When the data was published in 2021, the company said it didn't belong to its customers.

  6. Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one

    LG patches four vulnerabilities that allow malicious hackers to commandeer TVs.

  7. Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

    D-Link won't be patching vulnerable NAS devices because they're no longer supported.

  8. Ivanti CEO pledges to “fundamentally transform” its hard-hit security model

    Part of the reset involves AI-powered documentation search and call routing.

  9. How will astronauts cruise around the Moon? NASA narrows choice to three options

    "I know we’re asking a lot of these companies."

  10. How to hack the Jacksonville Jaguars’ jumbotron (and end up in jail for 220 years)

    The story that just keeps getting worse.

  11. Microsoft blamed for “a cascade of security failures” in Exchange breach report

    Summer 2023 intrusion pinned to corporate culture, "avoidable errors."

  12. Missouri county declares state of emergency amid suspected ransomware attack

    Outage occurs on same day as special election, but election offices remain open.

  1. AT&T acknowledges data leak that hit 73 million current and former users

    Data leak hit 7.6 million current AT&T users, 65.4 million former subscribers.

  2. What we know about the xz Utils backdoor that almost infected the world

    Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

  3. Backdoor found in widely used Linux utility targets encrypted SSH connections

    Malicious code planted in xz Utils has been circulating for more than a month.

  4. PyPI halted new users and projects while it fended off supply-chain attack

    Automation is making attacks on open source code repositories harder to fight.

  5. Thousands of servers hacked in ongoing attack targeting Ray AI framework

    Researchers say it's the first known in-the-wild attack targeting AI workloads.

  6. “MFA Fatigue” attack targets iPhone owners with endless password reset prompts

    Rapid-fire prompts sometimes followed with spoofed calls from "Apple support."

  7. Thousands of phones and routers swept into proxy service, unbeknownst to users

    Two new reports show criminals may be using your device to cover their online tracks.

  8. Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov

    Hacks allegedly targeted US officials and politicians, their spouses and dozens of companies.

  9. Hackers can unlock over 3 million hotel doors in seconds

    Saflok has a fix for the vulnerability, but patching may take a long time.

  10. Never-before-seen data wiper may have been used by Russia against Ukraine

    AcidRain, discovered in 2022, is tied to AcidPour. Both are attributed to Russia.

  11. Unpatchable vulnerability in Apple chip leaks secret encryption keys

    Fixing newly discovered side channel will likely take a major toll on performance.

  12. “Disabling cyberattacks” are hitting critical US water systems, White House warns

    Biden administration rallies nation's governors to secure their facilities.

Load more stories...