ZDNet | security RSS

Chrome 84 released with support for blocking notification popups on spammy sites

Other new features that shipped with Chrome 84 include a new animations engine and a one-tap system for importing SMS passcodes into Chrome web forms.

ZDNet | security RSS

Microsoft July 2020 Patch Tuesday fixes 123 vulnerabilities

This month's patches fix a major wormable bug in the Windows Server DNS component.

ZDNet | security RSS

SigRed: A 17-year-old 'wormable' vulnerability for hijacking Microsoft Windows Server

The vulnerability, fixed in Microsoft's Patch Tuesday, has been awarded a severity rating of 10.0.

ZDNet | security RSS

EFF’s new database reveals what tech local police are using to spy on you

Updated: An interactive map shows you everything from Ring partnerships to predictive policing.

ZDNet | security RSS

RECON bug lets hackers create admin accounts on SAP servers

SAP patches bug impacting most of its apps and customer base.

ZDNet | security RSS

A hacker is selling details of 142 million MGM hotel guests on the dark web

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

ZDNet | security RSS

Google Meet adds zoombombing protection for education customers

Google will block anonymous users from joining Google Meet video conferences organized by G Suite for Education customers.

ZDNet | security RSS

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

ZDNet | security RSS

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

Sentencing scheduled for September 2020.

ZDNet | security RSS

Researchers create magstripe versions from EMV and contactless cards

Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.

ZDNet | security RSS

Amazon tells employees to remove TikTok from their phones due to security risk

Accessing the TikTok website from work laptops is still allowed, according to an internal email Amazon sent to employees today.

ZDNet | security RSS

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.

ZDNet | security RSS

Smartwatch tracker for the vulnerable can be hacked to send medication alerts

API issues could be exploited to make calls, spy on users, send fake messages, and more.

ZDNet | security RSS

KingComposer patches XSS flaw impacting 100,000 WordPress websites

The vulnerability could be exploited to execute malicious payloads in visitor browsers.

ZDNet | security RSS

Google bans stalkerware ads

New Google Ads policy that bans stalkerware enters into effect on August 11.

ZDNet | security RSS

Zoom working on patching zero-day disclosed in Windows client

UPDATE: The zero-day has now been patched. Updates are available to Zoom Windows users.

ZDNet | security RSS

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

The APT is also a loyal customer of Golden Chickens, a Malware-as-a-Service outfit.

ZDNet | security RSS

Google abandons Isolated Region cloud services project in China

Google says the Isolated Region project was scrapped due to other services offering “better outcomes.”

ZDNet | security RSS

More pre-installed malware has been found in budget US smartphones

Cheap phones often have tradeoffs but researchers say this should never compromise user safety.

ZDNet | security RSS

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption

The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data (for encryption).

ZDNet | security RSS

Nvidia fixes code execution vulnerability in GeForce Experience

Security updates have also been released for the JetPack software development kit.

ZDNet | security RSS

Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only

New KDP security feature is currently being tested with Windows 10 Insider builds.

ZDNet | security RSS

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.

ZDNet | security RSS

Civil rights auditors slam Facebook stance on Trump, voter suppression

Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling.

ZDNet | security RSS

Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies

Backdoors into government networks and corporations were allegedly sold to other criminal enterprises.

ZDNet | security RSS

Mozilla suspends Firefox Send service while it addresses malware abuse

Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism.

ZDNet | security RSS

Free decryptor available for ThiefQuest ransomware victims

ThiefQuest (EvilQuest) ransomware victims can now recover their encrypted files for free, without needing to pay the ransom demand.

ZDNet | security RSS

German authorities seize 'BlueLeaks' server that hosted data on US cops

BlueLeaks portal is now down. The website hosted 269 GB of files stolen from more than 200 US police departments and fusion training centers.

ZDNet | security RSS

Microsoft seizes six domains used in COVID-19 phishing operations

Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks.

ZDNet | security RSS

'Keeper' hacking group behind hacks at 570 online stores

Hackers also accidentally leaked more than 184,000 stolen cards through an improperly secured backend server.

ZDNet | security RSS

Researchers learn how to pinpoint malicious drone operators

With high accuracy, it is now possible to trace drone operators that could be ill-wishers near protected airspace.

ZDNet | security RSS

Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed

The energy firm denies the loss of customer data. Attackers claim to have stolen 10TB in business records.

ZDNet | security RSS

Cerberus banking Trojan infiltrates Google Play

The malware was found buried within a seemingly-innocent currency converter.

ZDNet | security RSS

US Secret Service reports an increase in hacked managed service providers (MSPs)

US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.

ZDNet | security RSS

VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million

Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds.

ZDNet | security RSS

Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn

Hacker sentenced to five years probation, with home confinement condition.

ZDNet | security RSS

North Korean hackers linked to web skimming (Magecart) attacks, report says

After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.

ZDNet | security RSS

Hackers are trying to steal admin passwords from F5 BIG-IP devices

Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.

ZDNet | security RSS

Infosec community disagrees with changing 'black hat' term due to racial stereotyping

A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term.

ZDNet | security RSS

F5 patches vulnerability that received a CVSS 10 severity score

Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions.

ZDNet | security RSS

New Apple macOS Big Sur feature to hamper adware operations

Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs.

ZDNet | security RSS

LinkedIn says iOS clipboard snooping after every key press is a bug, will fix

The new clipboard access detection and warning feature in iOS 14 exposes another app.

ZDNet | security RSS

Roblox accounts hacked with pro-Trump messages

Hackers are taking Roblox credentials leaked on Pastebin, accessing accounts, and leaving the same "Ask your parents to vote for Trump this year" message on thousands of Roblox profiles.

ZDNet | security RSS

Sixteen Facebook apps caught secretly sharing data with third-parties

Academic study used unique "honeytoken" emails to install Facebook apps and see which inboxes received emails from unrecognized senders.

ZDNet | security RSS

V Shred data leak exposes PII, sensitive photos of fitness customers and trainers

V Shred defended the public status of its open bucket and only partially solved the problem.

ZDNet | security RSS

This is how EKANS ransomware is targeting industrial control systems

New samples of the ransomware reveal the techniques used to attack critical ICS systems.

ZDNet | security RSS

Facebook says 5,000 app developers got user data after cutoff date

A Facebook privacy mechanism blocks apps from receiving user data if users didn't use an app for 90 days. Facebook said 5,000 apps continued to receive user data regardless.

ZDNet | security RSS

Connection discovered between Chinese hacker group APT15 and defense contractor

Lookout said it linked APT15 malware to Xi'an Tianhe Defense Technology, a Chinese defense contractor.

ZDNet | security RSS

Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online.

ZDNet | security RSS

One out of every 142 passwords is '123456'

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.

ZDNet | security RSS

AT&T dragged to court, again, over SIM hijacking and cryptocurrency theft

A customer allegedly lost $1.9 million due to AT&T’s handling of a number transfer request.

ZDNet | security RSS

UK court shuts down scam cryptocurrency platform GPay Ltd, £1.5 million in client funds lost

GPay used fake celebrity endorsements and ads to lure traders to invest.

ZDNet | security RSS

Microsoft releases emergency security update to fix two bugs in Windows codecs

Security updates have been silently deployed to customers on Tuesday through the Windows Store app.

ZDNet | security RSS

Apple tells app devs to use IPv6 as it's 1.4 times faster than IPv4

Company also urges app devs to start using newer web tech like HTTP/2 and TLS 1.3, citing similar performance and speed improvements.

ZDNet | security RSS

New ThiefQuest ransomware discovered targeting macOS users

ThiefQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts.

ZDNet | security RSS

Promethium APT attacks surge, new Trojanized installers uncovered

The hacking group behind StrongPity is ignoring constant exposure by researchers in its quest for global intelligence and surveillance.

ZDNet | security RSS

University of California SF pays ransomware hackers $1.14 million to salvage research

The malware infected crucial research stored in the UCSF medical school’s network.

ZDNet | security RSS

The more cybersecurity tools an enterprise deploys, the less effective their defense is

New research highlights how throwing money indiscriminately at security doesn’t guarantee results.

ZDNet | security RSS

Google removes 25 Android apps caught stealing Facebook credentials

The malicious apps were downloaded more than 2.34 million times.

ZDNet | security RSS

US Cyber Command says foreign hackers will attempt to exploit new PAN-OS security bug

Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products.