News
Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats
A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.…
What's worse than paying an extortion bot that auto-pwned your database?
Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back.…
Windows Server 2022 patch is breaking apps for some users
The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users.…
Home improvement marketers dial up trouble from regulator
Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "bombarding" unsuspecting households with marketing messages about home improvements.…
Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams
Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to cybercrime disruption outfit Netcraft.…
Nokia walks the walk about its RAN to play on Uncle Sam’s China fears
Comment A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant Nokia’s decision to do so in the USA this week tells a bigger story about Washington’s paranoia regarding the security of critical communications infrastructure security.…
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…
Locking down the edge
Commissioned Edge security is a growing headache. The attack surface is expanding as more operational functions migrate out of centralized locations and into distributed sites and devices.…
Double trouble for VMware and Atlassian admins – critical flaws to fix
VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.…
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs
More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims.…
Ivanti zero-day exploits explode as bevy of attackers get in on the act
There's a "reasonable chance" that Ivanti Connect Secure (ICS) VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.…
China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia
Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that, in concert with crypto exchanges, have led to an explosion of money laundering, cyberfraud, and cybercrime across the region and beyond.…
Thousands of Juniper Networks devices vulnerable to critical RCE bug
More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…
FTC secures first databroker settlement banning sale of sensitive location data
Infosec in brief The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…
Ransomware protection deconstructed
Sponsored Post Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on demand whenever you feel like it.…
China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol
In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities.…
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew
Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.…