News

This isn't the moving-fast-and-breaking-things future we wanted

Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.…

What could be safer than sending money to yourself through your own bank?

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. …

The latest patch is aimed at a type confusion vulnerability that is actively being exploited

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.…

Crypto-coin theft isn't enough to keep these miscreants busy

North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.…

Study finds turning sound off in a range of applications doesn't always cut the mic

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.…

That should keep the criminals offline for, well, weeks probably

Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using as command-and-control servers.…

US security agencies say the tools can give hackers control of ICS and SCADA devices

Hackers have created custom tools to control a range of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies.…

All so that it can maintain backdoor access across reboots

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots.…

Miscreants Googled for post-intrusion tools before downloading them onto servers, PCs

Lockbit ransomware operators spent nearly six months in a government agency's network, deleting logs and using Chrome to download hacking tools, before eventually deploying extortionware, according to Sophos threat researchers.…

But this time the patch should do the trick

Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.…

Tightening of IP laws to prevent poaching seen by Beijing as 'provocative smear'

Trouble is brewing over moves by Taiwan to prevent China from gaining access to its chip technology, as the island nation proposes tougher laws to deter the leaking of trade secrets outside the country.…

Keksec malware used for DDoS attacks, may spread to cryptomining, Fortinet says

A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.…

Running a multi-user Windows environment and Git? Time to patch

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows.…

Plans to take a bigger bite of the SME security market by swimming towards SASE

Investment firm KKR has acquired Barracuda Networks from private equity firm Thoma Bravo.…

Chinese giant still hiring in Moscow – for some very interesting gigs

Chinese telecom giant Huawei has issued a mandatory month-long furlough to some of its Russia-based staff and suspended new orders, according to Russian media.…

April bundle addresses 100-plus vulnerabilities including 10 critical RCEs

Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.…

Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.…

Lightspin threat researchers discovered the bug, which AWS fixed

A local file read vulnerability in Amazon's Relational Database Service (RDS) could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed.…

Only 36% use it now, but an additional 47% plan to adopt HAS in the next year

An Intel study finds that businesses are eager for cybersecurity and are keen to see how security can be baked into devices.…

This online session shows you what constant vigilance should look like

Webinar  Last December’s Log4j crisis brought the danger of zero day vulnerabilities to the front pages. But while one key flaw has been put under the microscope, does that mean the problem is over?…