Login
The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service.β¦
DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.β¦
Updated Criminals behind the cyberattack attempts on Twilio and Cloudflare earlier this month had cast a much wider net in their phishing expedition, targeting as many as 135 organizations β primarily IT, software development and cloud services providers based in the US.β¦
Internal source code and documents have been stolen from LastPass by a cyber-thief.β¦
A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to defeat multi-factor authentication.β¦
Well known for an abundance of anti-western troll accounts and propaganda, Twitter and Meta are reporting that they've taken down nearly 200 accounts that, for the past five years, have been amplifying pro-Western messages in the Middle East and Central Asia.β¦
Webinar It's no surprise that there has been an explosion in ransomware following the evolution of cryptocurrencies. The emergence of Bitcoin in 2010 suddenly provided an easy and untraceable way to force victims to pay.β¦
The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.β¦
Block β the digital payments giant formerly known as Square β faces allegations it failed to take adequate measures to protect customers' personal information.β¦
Tens of thousands of internet-facing IP cameras made by China-based Hikvision remain unpatched and exploitable despite a fix being issued for a critical security bug nearly a year ago.β¦
VMware has admitted an update on some versions of its Carbon Black endpoint solution is responsible for BSODs and boot loops on Windows machines after multiple organizations were affected by the problem.β¦
Users of popular streaming and media organizing service Plex are waking up to an unpleasant email this morning saying, in the words of a Reg reader, "Plex have been hacked and their main site is down as we all rush to change passwords."β¦
Updated Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.β¦
Twitter's former security chief Peiter "Mudge" Zatko accused the company and its board of directors of violating financial rules, of fraud, and of grossly neglecting its security obligations in a complaint to the US Securities & Exchange Commission, the Federal Trade Commission, and the US Justice Department last month.β¦
An Israeli security researcher known for foiling air gap security measures has published a reminder of just how vulnerable the approaches are to both visual and ultrasonic threats.Β β¦
Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April.β¦
Organizations that didn't immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam.β¦
Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.β¦
Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.β¦
Boffins at universities in France, Germany, Luxembourg, and Sweden took a deep dive into known Java deserialization vulnerabilities, and have now resurfaced with their findings. In short, they've drawn attention to the ways in which libraries can accidentally introduce serious security flaws.β¦
The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.β¦
In brief Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.β¦
Pegasus spyware slinger NSO Group announced on Sunday it will reorganize, replacing its CEO and letting go of around 100 workers.β¦
Now-former HP finance manager Shelbee Szeto has been sentenced to three years in prison and ordered to forfeit more than 250 luxury items after she blew $5m on herself using company credit cards.β¦
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix.β¦
An attempt by lawmakers to improve parts of the US government's cybersecurity defenses has raised questions β and hackles β among infosec professionals.β¦
Webinar Believe it or not the word 'password' is still being used as the most common password across all industries, including retail and ecommerce.β¦
Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.β¦
A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.β¦
Spam-tracking service Spamhaus reported Tuesday that some of the world's biggest brands are getting loose with their email practices, causing its spam blocklists (SBL) to swell significantly.β¦
The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.β¦
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.β¦
A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.β¦
A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.β¦
Webinar Barely a day goes by without news of a ransomware attack somewhere in the media. And these types of cyber security incident can seriously derail financial, social, health and industrial activity, inflicting massive damage and requiring a multiagency response in their aftermath.β¦
TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style.β¦
It's official: your period and/or pregnancy tracker will probably share your data with law enforcement.β¦
A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.β¦
Russia's military has praised civilian grade Chinese-made drones and robots for having performed well on the battlefield, leading their manufacturers to point out the equipment is not intended or sold for military purposes.β¦
RubyGems.org, the Ruby programming community's software package registry, now requires maintainers of popular "gems" to secure their accounts using multi-factor authentication (MFA).β¦
America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits.β¦
Sponsored Post You might be happy with your cloud infrastructure and totally on top of your internal network, but one thing for certain is that whatever your workforce is doing, they'll have endpoints. Are you sure you know exactly what's happening on all those devices?β¦
Microsoft Defender for Endpoint's Tamper Protection in macOS has entered general availability.β¦
Updated The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.β¦
Microsoft said it disabled accounts used by Russian-linked Seaborgium troupe to phish and steal credentials from its customers as part of the cybercrime gang's illicit spying and data-stealing activities.β¦
Junior cloud Digital Ocean has revealed that some of its clientsβ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.β¦
Thousands of machines on the public internet can be remotely controlled via VNC without any authentication, a cybersecurity vendor has reminded us this month.β¦
At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom.β¦
The CIA illegally spied on US citizens while they visited WikiLeaks publisher Julian Assange inside the Ecuadorian embassy in London, a lawsuit filed today has claimed.β¦
Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.β¦
India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distribution (QKD) technology that can operate across distances of 150km.β¦
Black Hat As last week's hacker summer camps wound down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering.β¦
Asia in Brief Elon Musk has written an article for the Cyberspace Administration of China's flagship magazine.β¦
Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.β¦
Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.β¦
A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.β¦
Black Hat A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip.β¦
The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.β¦
Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.β¦
Black Hat Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age.β¦
FreshRSS