WIRED

Spyware Hunters Are Expanding Their Tool Set

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat.

Threatpost | The first stop for security news

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

The first stop for security news | Threatpost

APT Lazarus Targets Engineers with macOS Malware

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

Threatpost | The first stop for security news

APT Lazarus Targets Engineers with macOS Malware

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

The first stop for security news | Threatpost

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

Threatpost | The first stop for security news

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

WIRED

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

WIRED

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

WIRED

A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

WIRED

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

WIRED

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group.

WIRED

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

The first stop for security news | Threatpost

New Hacker Forum Takes Pro-Ukraine Stance

A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus

The first stop for security news | Threatpost

Cisco Confirms Network Breach Via Hacked Employee Google Account

Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.

Threatpost | The first stop for security news

New Hacker Forum Takes Pro-Ukraine Stance

A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus

Threatpost | The first stop for security news

Cisco Confirms Network Breach Via Hacked Employee Google Account

Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.

WIRED

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

WIRED

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

WIRED

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

The first stop for security news | Threatpost

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.

Threatpost | The first stop for security news

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.

WIRED

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

The first stop for security news | Threatpost

Phishers Swim Around 2FA in Coinbase Account Heists

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.

WIRED

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

WIRED

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

Threatpost | The first stop for security news

Phishers Swim Around 2FA in Coinbase Account Heists

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.

The first stop for security news | Threatpost

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

Threatpost | The first stop for security news

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

WIRED

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

WIRED

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

WIRED

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The first stop for security news | Threatpost

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

Threatpost | The first stop for security news

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

The first stop for security news | Threatpost

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Threatpost | The first stop for security news

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

The first stop for security news | Threatpost

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

Threatpost | The first stop for security news

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

WIRED

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

WIRED

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

The first stop for security news | Threatpost

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

Threatpost | The first stop for security news

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

The first stop for security news | Threatpost

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

Threatpost | The first stop for security news

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

WIRED

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

The first stop for security news | Threatpost

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.

Threatpost | The first stop for security news

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.

WIRED

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

The first stop for security news | Threatpost

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

Threatpost | The first stop for security news

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

WIRED

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

WIRED

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

The first stop for security news | Threatpost

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

Threatpost | The first stop for security news

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

The first stop for security news | Threatpost

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

The first stop for security news | Threatpost

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

Threatpost | The first stop for security news

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

Threatpost | The first stop for security news

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

WIRED

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

WIRED

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.

The first stop for security news | Threatpost

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.