News
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS threat ranking scale.…
US military grounds entire Osprey tiltrotor fleet over safety concerns
The US Navy, Air Force, and Marine Corps have grounded their fleet of Boeing-Bell-made Osprey V-22s on safety grounds.…
AMD secure VM tech undone by DRAM meddling
Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.…
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.…
Heart surgery device maker's security bypassed, data encrypted and stolen
A manufacturer of devices used in heart surgeries says it's dealing with "a cybersecurity incident" that bears all the hallmarks of a ransomware attack.…
Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced
A documentary examining the 2016 Bitfinex burglars hits Netflix, bringing the curious case to living rooms for the first time.…
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
WhatsApp has fixed a problem with its View Once feature, designed to protect people's privacy with automatically disappearing pictures and videos.…
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
Police in Pennsylvania have arrested a man suspected of shooting dead the CEO of insurer UnitedHealthcare in New York City, thanks to a McDonald's employee who recognized the suspect in a burger joint – and largely without help from technology.…
China's Salt Typhoon recorded top American officials' calls, says White House
Chinese cyberspies recorded "very senior" US political figures' calls, according to White House security boss Anne Neuberger.…
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites and stole source code, thousands of credentials, and other secrets remains "ongoing to this day," according to security researchers.…
OpenWrt orders router firmware updates after supply chain attack scare
OpenWrt users should upgrade their images to the same version to protect themselves from a possible supply chain attack reported to the open source Wi-Fi router project last week.…
Microsoft dangles $10K for hackers to hijack LLM email service
Microsoft and friends have challenged AI hackers to break a simulated LLM-integrated email client with a prompt injection attack – and the winning teams will share a $10,000 prize pool.…
Blue Yonder ransomware termites claim credit
Infosec in brief Still smarting over that grocery disruption caused by a ransomware attack on supply chain SaaS vendor Blue Yonder? Well, now you have someone to point a finger at: the Termite ransomware gang.…
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
Feature Chinese tech company employees and government workers are siphoning off user data and selling it online - and even high-ranking Chinese Communist Party officials and FBI-wanted hackers' sensitive information is being peddled by the Middle Kingdom's thriving illegal data ecosystem.…
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS account credentials.…
Facing sale or ban, TikTok tossed under national security bus by appeals court
A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.…
Salt Typhoon forces FCC's hand on making telcos secure their networks
The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken.…
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.…
Protect your clouds
Sponsored Post According to the 2024 IBM Cost of the Data Breach Report 40 percent of data breaches identified between March 2023 and February 2024 involved data stored across multiple environments, including the cloud.…
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …
Pages
