News

Anyone with sizable audience in this surveillance economy is invited to stuff their apps with tracking and ads

Interview  In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations to monetize his Chrome browser extension, Hover Zoom+.…

ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert

The hacking of the UK’s Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.…

Really? You didn't bother to patch a 9.8 severity critical flaw?

Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.…

Paul Nakasone rates the Middle Kingdom a 'pacing challenge'

The boss of US Cyber Command has opined that China's cyber and surveillance abilities are not ahead of, or comparable to, to that of the United States.…

Especially on Apple gear, uni team says

A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week.…

Plus: British government's push to reform data protection is working against the cause

Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking.…

It's like a nesting doll of security flaws

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.…

Operating expenses almost as high as actual turnover in latest quarterly numbers

Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter.…

At least it was a blunder and not a hostile attack, unlike what happened to another UK public body this week

A spreadsheet containing details of serving Northern Ireland police officers was mistakenly posted online yesterday, potentially endangering the safety of officers, given the volatile politics of the region.…

Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60

INTERPOL has revealed a successful investigation into a phishing-as-a-service operation named "16shop" with arrests of alleged operators made in Indonesia and Japan and the platform shut down.…

Downfall processor leaks, Teams holes, VPN clients at risk, and more

Patch Tuesday  Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately.…

Hey, breacher, leave those kids alone

Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems.…

'It doesn't help if the organization responsible for the integrity of elections' gets pwned

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems.…

Regulator says with a straight face that it should not be allowed to analyze ethnicity

China has released draft regulations to govern the country's facial recognition technology that include prohibitions on its use to analyze race or ethnicity.…

Kim Jong Un's cyber-goons aren't above attacking the regime's few friends

Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.…

If you can't trust a spyware developer with your info, who can you trust?

Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June.…

'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed

Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.…

PLUS: FBI admits buying NSO spyware; "IT" company busted for drugs 'n guns biz; this week's critical vulns

Infosec in brief  If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 – a list many will recognize. …

'Quite obviously f**king espionage,' one suspect allegedly blabbed

Two US Navy service members appeared in federal court Thursday accused of espionage and stealing sensitive military information for China in separate cases.…

SUSE security engineer goes public on unfixed problem after disclosure drama

A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails.…