A hacker gang is wiping Lenovo NAS devices and asking for ransoms

Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old LenovoEMC NAS devices.

India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat

Indian government ban comes after the Indian military has clashed with Chinese forces on the country's northern border.

HackerOne's 2020 Top 10 public bug bounty programs

The HackerOne bug bounty platform reveals its most successful bug bounty programs.

Michigan tackles compulsory microchip implants for employees with new bill

RFID implants for workers are not an issue now, but the state wants to get ahead on what could become a huge privacy problem in the future.

SEC warns off investment in iBSmartify Nigeria cryptocurrencies

iBledger and InksNation are unregistered, and therefore a financial risk outside of the local commission’s regulatory protections.

Russian leader of Infraud stolen ID, credit card ring pleads guilty

The Infraud Organization was once known as a major player in the carding world.

Apple strong-arms entire CA industry into one-year certificate lifespans

Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

Almost 110,000 online stores are still running the soon-to-be-outdated Magento 1.x CMS.

Docker servers infected with DDoS malware in extremely rare attacks

Most Docker servers are usually infected with cryptocurrency-mining malware.

Credit card skimmers are now being buried in image file metadata on e-commerce websites

Magecart attackers are suspected of using an interesting technique to steal your financial data.

More than 75% of all vulnerabilities reside in indirect dependencies

JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.

Nvidia squashes display driver code execution, information leak bugs

The vulnerabilities impact both Windows and Linux machines.

DDoS botnet coder gets 13 months in prison

Kenneth Schuchman, known as Nexus Zeta, created multiple DDoS botnets, including Satori, Okiru, Masuta, and Fbot/Tsunami.

Apple adds support for encrypted DNS (DoH and DoT)

Apple said this week that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols.

Chinese bank forced western companies to install malware-laced tax software

GoldenSpy backdoor trojan found in a Chinese bank's official tax software, which the bank has been forcing western companies to install.

Lucifer: Devilish malware that abuses critical vulnerabilities on Windows machines

Researchers say the powerful malware has been “wreaking havoc” on Windows hosts.

FBI warns K12 schools of ransomware attacks via RDP

The FBI has issued a security alert warning K12 schools of the "ransomware threat" during the COVID-19 pandemic.

WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers

US Department of Justice claims Assange tried to recruit hackers to commit crimes on his behalf. One of the hackers was an FBI informant, said the FBI.

Zoom hires Jason Lee from Salesforce to serve as new CISO

Lee to become Zoom's new CISO starting June 29, next week.

Sony launches PlayStation bug bounty program with rewards of $50K+

Sony will pay security researchers for bugs in the PlayStation 4 gaming console, its operating system, official PS4 accessories, but also the PlayStation Network and related websites.

CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges

The hacker group is believed to operate out of Eastern Europe, based on current evidence.

New Zealand freezes $90 million in BTC-e money laundering case

The ongoing case claims the owner of BTC-e permitted the platform to be used for money laundering.

New ransomware masquerades as COVID-19 contact-tracing app on your Android device

The malware surfaced just days after health officials in Canada announced the launch of a tracing app in the fight against COVID-19.

Twitter bans DDoSecrets account over 'BlueLeaks' police data dump

Twitter said DDoSecrets account leaked and promoted BlueLeaks, a huge collection of files stolen from more than 200 US police departments and fusion training centers.

Microsoft releases first public preview of its Defender antivirus on Android

UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

New WastedLocker ransomware demands payments of millions of USD

Evil Corp, one of the biggest malware operations on the planet, has returned to life after the December 2019 DOJ charges with a new ransomware strain.

80,000 printers are exposing their IPP port online

Printers are leaking device names, locations, models, firmware versions, organization names, and even WiFi SSIDs.

Microsoft's 'Safe Documents' feature reaches general availability in Office 365

New Safe Documents feature available for all Office 365 E5 license holders.

New privacy and security features announced at Apple's WWDC 2020

Proxy location sharing, new app privacy disclosure prompts, new webcam and microphone indicator in the iOS status bar.

BlueLeaks: Data from 200 US police departments & fusion centers published online

Activist group DDoSecrets published 296 GB of police data on Friday, June 19.

Adobe wants users to uninstall Flash Player by the end of the year

Adobe Flash Player will reach End-Of-Life on December 31, 2020.

AMD says it will fix new CPU bugs by the end of June 2020

AMD Accelerated Processing Unit (APU) processors released between 2016 and 2019 impacted by new "SMM Callout" bugs.

Academics studied DDoS takedowns and said they're ineffective, recommend patching vulnerable servers

The volume of DDoS traffic to victims remained the same. The number of DDoS-for-hire domains went up.

Elon Musk Bitcoin vanity addresses used to scam users out of $2 million

While Bitcoin giveaway scams have been around for more than two years, new trick helps scammers net massive profits.

Mozilla to launch VPN product 'in the next few weeks'

Mozilla VPN to exit beta this summer. Future plans include launching a Mac client. Currently only available on Windows, Android, iOS, and Firefox extension.

Facebook sues websites that sold Instagram likes and scraped Facebook user data

Facebook files lawsuits against MGP25 Cyberint Services in Spain and against Massroot8 in the US.

Russia unbans Telegram

Russia's media watchdog Roskomnadzor said Telegram has agreed to help Russian law enforcement fight against extremist and terrorist content shared on its platform.

Google removes 106 Chrome extensions for collecting sensitive user data

Security firm identifies 111 malicious Chrome extensions collecting user keystrokes, clipboard content, cookies, more.

Unpatched vulnerability identified in 79 Netgear router models

Bug lets attackers run code as "root" on vulnerable routers. Impacted routers go back to 2007.

Microsoft: COVID-19 malware attacks were barely a blip in total malware volume

COVID-19-themed malware attacks began in February, peaked in March, and are slowly dying out.

Zoom backtracks and plans to offer end-to-end encryption to all users

E2EE calls were initially planned for Zoom paying customers only, but the company has reconsidered following the public's outcry.

AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever

The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.

North Korea's state hackers caught engaging in BEC scams

ESET researchers said they spotted North Korean state-sponsored hackers attempting to steal money from targets they initially breached for cyber-espionage purposes.

Super secretive Russian disinfo operation discovered dating back to 2014

Researchers uncover six-years-worth of Russian attempts to mold international politics using fake news and forged documents.

Avon recovering after mysterious cyber-security incident

Parts of the Avon It network has been down since last week, according to SEC documents.

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products.

Old GTP protocol vulnerabilities will also impact future 5G networks

Bugs allow denial-of-service, user impersonation, user tracking, and fraud attacks, two separate reports warn.

South African bank to replace 12m cards after employees stole master key

Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.

Intel brings novel CET technology to Tiger Lake mobile CPUs

Intel says CET can protect against ROP/JOP/COP malware.

Web skimmers found on the websites of Intersport, Claire's, and Icing

The malicious code has now been removed from all stores, but users are advised to review card statements for suspicious transactions.

Lamphone attack lets threat actors recover conversations from your light bulb

Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away.

Russia says Germany has not provided any evidence of Bundestag hack

Germany may seek to impose sanctions on Russia, rather than actually trial the hacker.

Stalkerware detection rates are improving across antivirus products

Between November 2019 and May 2020, Android and Windows antivirus software got better at detecting stalkerware.

Italian company exposed as a front for malware operations

Italian company CloudEyE is believed to have made more than $500,000 from selling its binary crypter to malware gangs.

Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda

All three networks targeted local users for the benefit of the ruling political party.

Knoxville shuts down IT network following ransomware attack

Knoxville joins a list that also includes Atlanta, Baltimore, Denver, and New Orleans.

Congress wants to know what commercial spyware other countries are using

Intelligence funding bill for 2021 to mandate DNI to submit report to Congress about surveillance vendors and the countries that use spyware.

Hackers breached A1 Telekom, Austria's largest ISP

A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.

Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters

Attacks targeted Kubeflow servers that left their administration panel exposed on the internet.