News

Great, more company for Stadia, Duo and pals in the graveyard

Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.…

Oh, sure, let's play a game of legal and technical whack-a-mole

Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.…

How to build cyber resiliency in the face of complexity

Sponsored Feature  Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.…

1.5TB of databases, source code, BIOS tools said to be stolen

Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device's firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack.…

Plus: Substack shanked by bitter Twitter?

The chunk of internal source code Twitter released the other week contains a "shadow ban" vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone's account of sight "without recourse."…

Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs

A handful of bugs in Nexx's smart home devices can be exploited by crooks to, among other things, open doors, power off appliances, and disable alarms. More than 40,000 of these gadgets in residential and commercial properties are said to be vulnerable after the manufacturer failed to act.…

WPA stands for will-provide-access, if you can successfully exploit a target's setup

A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims' data as it's sent over a wireless network.…

Wrecking foreign infrastructure? But that's Team America's job!

Register Kettle  Lately, we've learned of Russia's stockpile of cyber-weapons, and we're genuinely wondering if anyone's surprised by these revelations.…

It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor

Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring.…

ACRO says payment data safe, other info may have been snaffled

ACRO, the UK's criminal records office, is combing over a "cyber security incident" that forced it to pull its customer portal offline.…

Luxury cars and designer duds don't seem very prince of thieves

Spanish cops have arrested a 19-year-old suspected of stealing records belonging to half a million taxpayers and developing a database to sell stolen information to other cyber criminals.…

Feds managed to image entire backend server with full details

The FBI today released additional information about its takedown of the Genesis Market, a major online shop for stolen account access credentials, revealing that they'd pwned the marketplace for at least two years.…

And you wouldn't want that ... would you?

Microsoft is updating a service introduced last year that shifts the responsibility of patching Windows devices from IT admins to the vendor itself.…

Operation Cookie Monster crumbles stolen data-as-a-service vendor

A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI.…

Thieves go nose-to-tail stripping cash from victims

The US Department of Justice has seized cryptocurrency worth about $112 million from accounts linked to so-called pig butchering investment scams.…

Some stitching required but it fools VirusTotal, after a few attempts

A Forcepoint security researcher says he used ChatGPT to develop a zero-day exploit that bypassed detections when uploaded to VirusTotal. …

Some 1.4 million under-13s used the app in 2020 by the ICO's estimates

Fresh off the back of an embarrassing "grilling" by US Congress on national security grounds, TikTok has received a more concrete reprimand from the UK's Information Commissioner's Office (ICO) – a fine of £12.7 million ($15.8 million) for "misusing children's data."…

Blokes happily bluffed; women played it by the book, leaving the bank struggling to hire

Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates.…

Even a politician who visited China last week has binned the app

Australia has joined the growing list of nations that have decided TikTok represents an unacceptable risk when running on government-owned devices, so has decided not to allow it onto those machines.…

We speak to the boffins behind latest trick to fool Google Assistant, Cortana, Alexa

Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices.…