News
Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out
Interview In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations to monetize his Chrome browser extension, Hover Zoom+.…
Electoral Commission had internet-facing server with unpatched vuln
The hacking of the UK’s Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.…
Magento shopping cart attack targets critical vulnerability revealed in early 2022
Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.…
US Cyber Command boss says China's spooky cyber-skills trail America's
The boss of US Cyber Command has opined that China's cyber and surveillance abilities are not ahead of, or comparable to, to that of the United States.…
There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack
A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week.…
Get your staff's consent before you monitor them, tech inquiry warns
Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking.…
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.…
Rapid7 prepares to toss 18% of workforce to cut costs
Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter.…
Northern Ireland police may have endangered its own officers by posting details online in error
A spreadsheet containing details of serving Northern Ireland police officers was mistakenly posted online yesterday, potentially endangering the safety of officers, given the volatile politics of the region.…
INTERPOL shutters '16shop' phishing-as-a-service outfit
INTERPOL has revealed a successful investigation into a phishing-as-a-service operation named "16shop" with arrests of alleged operators made in Indonesia and Japan and the platform shut down.…
Microsoft, Intel lead this month's security fix emissions
Patch Tuesday Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately.…
Cyber-extortionists pillage Colorado education dept
Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems.…
UK voter data exposed for over a year in attack on Electoral Commission
The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems.…
China – which surveils everyone everywhere – floats facial recognition rules
China has released draft regulations to govern the country's facial recognition technology that include prohibitions on its use to analyze race or ethnicity.…
North Korean hackers had access to Russian missile maker for months, say researchers
Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.…
Stalkerware slinger LetMeSpy shuts down for good after database robbery
Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June.…
Microsoft hits back at Tenable criticism of its infosec practices
Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.…
Five Eyes nations detail dirty dozen most exploited vulnerabilities
Infosec in brief If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 – a list many will recognize. …
Two US Navy sailors charged with giving Chinese spies secret military info
Two US Navy service members appeared in federal court Thursday accused of espionage and stealing sensitive military information for China in separate cases.…
Alarm raised over Mozilla VPN: Wonky authorization check lets users cause havoc
A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails.…
Pages
