Congress asks Juniper for the results of its 2015 NSA backdoor investigation

Thirteen US government officials ask Juniper to publish the findings of its 2015 investigation.

Slovak police seize wiretapping devices connected to government network

Slovak police also arrest four people, including the head of the government agency responsible for managing the government network.

Jenkins team avoids security disaster after partial user database loss

Loophole caused by deleted user database could have allowed threat actors to hijack the user accounts of Jenkins plugin authors.

Arm CPUs impacted by rare side-channel attack

Arm issues guidance to developers to mitigate new "straight-line speculation" attack.

New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs

Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores.

Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities

This month's updates have started rolling out earlier today.

KingMiner botnet brute-forces MSSQL databases to install cryptocurrency miner

The KingMiner gang is brute-forcing the "sa" user, the highest-privileged account on a MSSQL database.

Malicious Android apps deactivated fraud code to bypass Google's security scans

Trick didn't work. Google banned them anyway.

CallStranger vulnerability lets attacks bypass security systems and scan LANs

The CallStranger vulnerability can also be used to launch major DDoS attacks.

Vulnerabilities in popular open source projects doubled in 2019

Jenkins and MySQL vulnerabilities have had the most weaponized vulnerabilities in the past five years.

Apple publishes free resources to improve password security

The new tools are meant to help the developers of password managers and Apple hopes the tools will reduce the instances where users chose their own password rather than rely on the password manager.

QNAP NAS devices targeted in another wave of ransomware attacks

eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices.

China, Iran, and Russia worked together to call out US hypocrisy on BLM protests

Report from social media research group shows foreign diplomats and state-controlled media pounced on the US' abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals.

Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers

Google's TAG team said phishing attacks against Biden and Trump campaign staffers were unsuccessful.

Incognito mode detection still works in Chrome despite promise to fix

Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came.

Hackers hijack one of Coincheck's domains for spear-phishing attacks

Hackers hijacked Coincheck's domain registrar account and then changed DNS settings.

Google apps and websites get support for more security keys on iOS devices

You can now use hardware security keys to access Google apps and services running on iOS devices.

Large-scale attack tries to steal configuration files from WordPress sites

Attackers tried to download configuration files from WordPress sites so they could steal database credentials.

Facebook software engineer resigns with scathing criticism of the network’s refusal to act on ‘weaponized hatred’

The former Facebook employee accuses the social network of allowing “politicians to radicalize individuals and glorify violence.”

Tor’s latest release makes it easier to find secure onion services

Tor Browser 9.5 is also working towards making Dark Web addresses easier to remember.

Google opens up Advanced Protection Program to Nest devices

The move follows integration with services including Android and Chrome.

Ransomware gang says it breached one of NASA's IT contractors

DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors.

New cold boot attack affects seven years of LG Android smartphones

LG has released a firmware fix in May 2020. Attack requires physical access.

REvil ransomware gang launches auction site to sell stolen data

Ransomware gang takes extortion to a whole new level. Threatens to auction Madonna's legal documents in a future auction.

G Suite Marketplace primed for a privacy scandal, researchers warn

G Suite apps that have access to Drive and Gmail data found communicating with undisclosed external services.

Amtrak discloses data breach, potential leak of customer account data

The rail service says that customer PII may have been compromised.

VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure

The security flaw handed over the keys to enterprise infrastructure.

White House says security incidents at US federal agencies went down in 2019

US federal agencies reported 28,581 cyber-security incidents in 2019, down by 8% from 31,107 in 2018.

After a breach, users rarely change their passwords, study finds

Only a third of users changed their password following a data breach.

Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug

User accounts could be hijacked through missing validation processes on Apple servers.

Joomla team discloses data breach

Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.

Hacker leaks database of dark web hosting provider

Leaked data contains email addresses, site admin passwords, and .onion domain private keys.

NCA launches UK ad campaign to divert kids searching for cybercrime tools

DDoS-for-hire and Trojan-related searches are on the agency’s radar.

Judge demands Capital One release Mandiant cyberforensic report on data breach

Attorneys suing the company will now have access to the report in preparation for a potential trial.

GitHub warns Java developers of new malware poisoning NetBeans projects

The malware's end goal was to install a remote access trojan and grant hackers access to highly sensitive workstations were sensitive projects were being developed.

Google to enable the Chrome anti-notification spam system in July 2020

Chrome will block sites from showing notification spam by default. Has been an opt-in feature since February.

Fortune 500 company NTT discloses security breach

Japanese telecommunications giant NTT says hackers breached its internal network and stole data on 621 customers.

Cisco discloses security breach that impacted VIRL-PE infrastructure

Hackers used vulnerabilities in the SaltStack data center software to breach six Cisco servers.

NSA warns of new Sandworm attacks on email servers

NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019.

All the security features added in the Windows 10 May 2020 update

Windows 10 v2004 comes with Windows Sandbox improvements, WiFi 6, WPA3, and Windows Hello in Safe Mode.

Valak targets Microsoft Exchange servers to steal enterprise data

The malware has been “dramatically changed” in the past six months.

Michigan State University hit by ransomware gang

The operators of the NetWalker ransomware gang have given MSU officials seven days to pay the ransom or they will leak stolen university files.

Google highlights Indian 'hack-for-hire' companies in new TAG report

Google also discloses seven coordinated political influence campaigns that took place on its platforms during Q1 2020.

Microsoft warns about attacks with the PonyFinal ransomware

PonyFinal infections have been reported in India, Iran, and the US.

OpenSSH to deprecate SHA-1 logins due to security risk

Breaking a SHA-1-generated SSH authentication key now costs roughly $50,000, putting high-profile remote servers at risk of attacks.

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

Eighteen of the 26 bugs impact Linux. Eleven have been patched already.

26 million LiveJournal credentials leaked online, sold on the dark web

LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month.

Qihoo & Baidu disrupt malware botnet with hundreds of thousands of victims

There's malware in China, too. Meet DoubleGuns, one of China's largest malware botnets.

Europol, Capgemini team up in cybercrime prevention, awareness campaigns

Capgemini is now also supporting the No More Ransom Project.

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.

EasyJet faces £18 billion class-action lawsuit over data breach

The lawsuit aims to secure up to £2,000 per impacted customer.

Turla hacker group steals antivirus logs to see if its malware was detected

Turla, one of Russia's most advanced hacker groups, has created malware that gets its orders from email attachments sent to an arbitrary Gmail inbox.

RangeAmp attacks can take down websites and CDN servers

Twelve of thirteen CDN providers said they fixed or planned to fix the problem.

Thousands of enterprise systems infected by new Blue Mockingbird malware gang

Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.

New Unc0ver jailbreak released, works on all recent iOS versions

New "Unc0ver" jailbreak unlocks devices, even those running the current iOS 13.5 release.

Chrome: 70% of all security bugs are memory safety issues

Google software engineers are looking into ways of eliminating memory management-related bugs from Chrome.

25 million user records leak online from popular math app Mathway

The Mathway user data has been previously on sale on the dark web, hacker forums, and Telegram channels for the past two weeks.

Windows malware opens RDP ports on PCs for future remote access

Security experts believe the malware's operators are very likely to sell access to infected hosts to other hacker groups.

Privilege escalation vulnerability patched in Docker Desktop for Windows

The security flaw could be used to trick the service into connecting to malicious processes.

Silent Night Zeus financial botnet sold in underground forums

The botnet is being spread through the RIG exploit kit and COVID-19 spam campaigns.