FreshRSS

🔒
△ 🔃
☐ ☆ ✇ WIRED

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

By Dell Cameron — September 8th 2023 at 18:00
Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.
☐ ☆ ✇ WIRED

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

By Ese Olumhense — September 8th 2023 at 17:46
The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.
☐ ☆ ✇ The Hacker News

U.K. and U.S. Sanction 11 Russia-based TrickBot Cybercrime Gang Members

By THN — September 8th 2023 at 17:04
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including
☐ ☆ ✇ WeLiveSecurity

Will you give X your biometric data? – Week in security with Tony Anscombe

September 8th 2023 at 09:22
The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured
☐ ☆ ✇ The Register - Security

Apple races to patch the latest zero-day iPhone exploit

September 8th 2023 at 11:36

No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…

☐ ☆ ✇ The Hacker News

Protecting Your Microsoft IIS Servers Against Malware Attacks

By The Hacker News — September 8th 2023 at 11:27
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a
☐ ☆ ✇ The Hacker News

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

By THN — September 8th 2023 at 11:26
Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks
☐ ☆ ✇ The Hacker News

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

By THN — September 8th 2023 at 08:52
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge
☐ ☆ ✇ The Register - Security

Microsoft, recently busted by Beijing, thinks it's across China's ever-changing cyber-offensive

September 8th 2023 at 06:32

Sometimes using AI to make hilariously wrong images that still drive social media engagement

Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled "Digital threats from East Asia increase in breadth and effectiveness." In the report, Redmond's Threat Intelligence group expounds on its fresh insight into evolving online aggressions from both China and North Korea.…

☐ ☆ ✇ The Hacker News

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

By THN — September 8th 2023 at 05:36
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized
☐ ☆ ✇ The Hacker News

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

By THN — September 8th 2023 at 03:11
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
☐ ☆ ✇ The Register - Security

Russian infosec boss gets nine years for $100M insider-trading caper using stolen data

September 8th 2023 at 00:57

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading.…

☐ ☆ ✇ The Register - Security

US, UK sanction more Russians linked to Trickbot

September 7th 2023 at 22:44

Top admin, HR managers, devs go on transatlantic deny-list

The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

☐ ☆ ✇ Verisign Blog

Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023

By Verisign — September 7th 2023 at 20:36

Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the second quarter of 2023 closed with 356.6 million domain name registrations across all top-level domains (TLDs), an increase of 1.7 million domain name registrations, or 0.5%, compared to the first quarter of 2023. Domain name registrations also increased by 4.3 million, or 1.2%, year over year.


Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the second quarter of 2023, including:

  • Top 10 largest TLDs by number of reported domain names
  • Top 10 largest ccTLDs by number of reported domain names
  • ngTLDs as percentage of total TLDs
  • Geographical ngTLDs as percentage of total corresponding geographical TLDs

With the launch of the DNIB.com dashboards, 16 additional TLDs have been included in applicable calculations. The applicable current and historical data presented in this edition of the quarterly report have been adjusted accordingly, and applicable quarterly and year-over-year trends have been calculated using those adjusted figures. More information is available at DNIB.com.

DNIB.com and the Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.

The post Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023 appeared first on Verisign Blog.

☐ ☆ ✇ WIRED

US and UK Mount Aggressive Crackdown on Trickbot and Conti Ransomware Gangs

By Lily Hay Newman — September 7th 2023 at 18:38
Authorities have sanctioned 11 alleged members of the cybercriminal groups, while the US Justice Department unsealed three federal indictments against nine people accused of being members.
☐ ☆ ✇ The Register - Security

Lawsuit claims Tesla corp data security is far less advanced than its cars

September 7th 2023 at 16:30

Sueball alleges company at fault after employee info leaked, including Musk's

An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged leakers, two former employees.…

☐ ☆ ✇ WIRED

The International Criminal Court Will Now Prosecute Cyberwar Crimes

By Andy Greenberg — September 7th 2023 at 16:19
And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine.
☐ ☆ ✇ The Hacker News

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

By THN — September 7th 2023 at 15:08
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering
☐ ☆ ✇ The Register - Security

If you like to play along with the illusion of privacy, smart devices are a dumb idea

September 7th 2023 at 12:11

You're just giving manufacturers carte blanche to profit off personal data

Updated Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.…

☐ ☆ ✇ WIRED

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

By Reece Rogers — September 7th 2023 at 12:00
Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.
☐ ☆ ✇ The Hacker News

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

By The Hacker News — September 7th 2023 at 11:27
By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity expertise and the lucrative opportunities for MSPs and MSSPs in vCISO services. Figure 1: Timeline for offering vCISO services The State of the Virtual CISO Survey Report
☐ ☆ ✇ The Hacker News

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

By THN — September 7th 2023 at 11:02
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these
☐ ☆ ✇ The Register - Security

UK drops 'spy clause' for scanning encrypted chat, admits it's not 'feasible'

September 7th 2023 at 10:09

But don't celebrate yet ... it has simply kicked the online safety can down the road, Westminster style

Comment Sanity appears to have prevailed in the debate over the UK's Online Safety Bill after the government agreed to ditch proposals – at least for the time being – to legislate the scanning of end-to-end encrypted messages.…

☐ ☆ ✇ The Hacker News

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

By THN — September 7th 2023 at 09:47
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed. "It is likely that this
☐ ☆ ✇ The Hacker News

Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

By THN — September 7th 2023 at 07:14
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place
☐ ☆ ✇ The Register - Security

China reportedly bans iPhones from more government offices

September 7th 2023 at 05:28

So what? Smartphones are routinely restricted in, or excluded from, sensitive locations

Analysis Chinese authorities have reportedly banned Apple's iPhones from some government offices.…

☐ ☆ ✇ WIRED

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

By Lily Hay Newman — September 7th 2023 at 00:01
After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.
☐ ☆ ✇ The Register - Security

Microsoft: China stole secret key that unlocked US govt email from crash debug dump

September 6th 2023 at 22:59

Mistakes were made, lessons learned, stuff now fixed, says Windows maker

Remember that internal super-secret Microsoft security key that China stole and used to break into US government email accounts back in July? …

☐ ☆ ✇ The Register - Security

Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections

September 6th 2023 at 20:42

What? Yogurt Monster isn't really a legitimate customer's name?!

A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.…

☐ ☆ ✇ The Register - Security

Coffee Meets Bagel outage caused by cybercriminals deleting data and files

September 6th 2023 at 16:01

Did you potentially miss the love match of your life in week-long blackout? Nope, nobody could access it

If you got snubbed by the object of your affections on dating app Coffee Meets Bagel (CMB) in late August, don't feel bad, the company says its systems were down due to cyber baddies.…

❌