Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.β¦
India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distribution (QKD) technology that can operate across distances of 150km.β¦
Black Hat As last week's hacker summer camps wound down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering.β¦
Asia in Brief Elon Musk has written an article for the Cyberspace Administration of China's flagship magazine.β¦
Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.β¦
Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.β¦
A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.β¦
Black Hat A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip.β¦
The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.β¦
Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.β¦
Black Hat Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age.β¦
Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.β¦
Black Hat Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it.Β β¦
Black Hat Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.β¦
Black Hat video The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.β¦
Black Hat The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms β and infrastructure security, according to journalist and author Kim Zetter.β¦
Black Hat AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.β¦
Black Hat video It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.β¦
Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.β¦
Webinar Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.β¦
Black Hat Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.β¦
Sponsored Post Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.β¦
Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised β an act a ransomware gang named "Yanluowang" has now claimed as its work.β¦
Black Hat Video Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.β¦
The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.β¦
Black Hat It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.β¦
Black Hat Video With the world's largest collection of security folk gathering in Las Vegas for the Black Hat conference there are encouraging signs that the US government might actually be getting smarter about hiring.β¦
The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.β¦
Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.β¦
Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.β¦
Opinion I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.β¦
August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too.Β β¦
A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.β¦
Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.β¦
Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.β¦
Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games β for a mere $560, according to the nation's cyberspace administration. Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year.β¦
Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.β¦
The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang Lazarus to launder stolen digital assets.β¦
Twilio confirmed a breach of the communication giant's network and accessed "a limited number" of customer accounts after tricking some employees into falling for a phishing attack.β¦
Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings.β¦
Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users.β¦
A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier this year, and will likely expand its client list in the coming months.β¦
In brief DuckDuckGo has finally mostly cracked down on the third-party Microsoft tracking scripts that got the alternative search engine into hot water earlier this year.β¦
Interview The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator β at least not to LockBit or another cybercrime gang.Β β¦
Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for discovering the security flaw, and Nomad will consider this a "white-hat" hack, as opposed to plain old theft, and not take legal action.β¦
The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could enable intruders to send fake alerts out over television, radio, and cable networks.β¦
Cisco has revealed four of its small business router ranges have critical flaws β for the second time in 2022 alone.β¦
Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.β¦
Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors.β¦
The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will β eventually β unveil a superior bill.β¦
A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email.β¦
The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing.β¦
Millions of dollars worth of Solana cryptocurrency and other tokens were stolen from seemingly thousands of netizens this week by thieves exploiting some kind of security weakness or blunder.β¦
Microsoft says it will give enterprise security operation centers (SOCs) broader access to the massive amount of threat intelligence it collects every day.β¦
A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million.β¦
Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download.β¦
Sponsored Feature What sort of disaster would you rather prepare for? Hurricanes are destructive, but you know when one's coming, giving you time to take defensive action. Earthquakes vary in their destructive power, but you never know when they're going to hit, meaning your ability to recover after the impact is critical.β¦
The UK's Competition and Markets Authority has given a provisional nod to the proposed merger of British cybersecurity company Avast and US rival NortonLifeLock.β¦
One of the four encryption algorithms America's National Institute of Standards and Technology (NIST) considered as likely to resist decryption by quantum computers has had holes kicked in it by researchers using a single core of a regular Intel Xeon CPU, released in 2013.β¦
Speaker of the US House of Representatives Nancy Pelosi has tied her controversial visit to Taiwan to an alleged barrage of China-directed cyber-attacks against the territory.β¦