ZDNet | security RSS

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old LenovoEMC NAS devices.

ZDNet | security RSS

India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat

Indian government ban comes after the Indian military has clashed with Chinese forces on the country's northern border.

ZDNet | security RSS

HackerOne's 2020 Top 10 public bug bounty programs

The HackerOne bug bounty platform reveals its most successful bug bounty programs.

ZDNet | security RSS

Michigan tackles compulsory microchip implants for employees with new bill

RFID implants for workers are not an issue now, but the state wants to get ahead on what could become a huge privacy problem in the future.

ZDNet | security RSS

SEC warns off investment in iBSmartify Nigeria cryptocurrencies

iBledger and InksNation are unregistered, and therefore a financial risk outside of the local commission’s regulatory protections.

ZDNet | security RSS

Russian leader of Infraud stolen ID, credit card ring pleads guilty

The Infraud Organization was once known as a major player in the carding world.

ZDNet | security RSS

Apple strong-arms entire CA industry into one-year certificate lifespans

Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

ZDNet | security RSS

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

ZDNet | security RSS

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

Almost 110,000 online stores are still running the soon-to-be-outdated Magento 1.x CMS.

ZDNet | security RSS

Docker servers infected with DDoS malware in extremely rare attacks

Most Docker servers are usually infected with cryptocurrency-mining malware.

ZDNet | security RSS

Credit card skimmers are now being buried in image file metadata on e-commerce websites

Magecart attackers are suspected of using an interesting technique to steal your financial data.

ZDNet | security RSS

More than 75% of all vulnerabilities reside in indirect dependencies

JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.

ZDNet | security RSS

Nvidia squashes display driver code execution, information leak bugs

The vulnerabilities impact both Windows and Linux machines.

ZDNet | security RSS

DDoS botnet coder gets 13 months in prison

Kenneth Schuchman, known as Nexus Zeta, created multiple DDoS botnets, including Satori, Okiru, Masuta, and Fbot/Tsunami.

ZDNet | security RSS

Apple adds support for encrypted DNS (DoH and DoT)

Apple said this week that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols.

ZDNet | security RSS

Chinese bank forced western companies to install malware-laced tax software

GoldenSpy backdoor trojan found in a Chinese bank's official tax software, which the bank has been forcing western companies to install.

ZDNet | security RSS

Lucifer: Devilish malware that abuses critical vulnerabilities on Windows machines

Researchers say the powerful malware has been “wreaking havoc” on Windows hosts.

ZDNet | security RSS

FBI warns K12 schools of ransomware attacks via RDP

The FBI has issued a security alert warning K12 schools of the "ransomware threat" during the COVID-19 pandemic.

ZDNet | security RSS

WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers

US Department of Justice claims Assange tried to recruit hackers to commit crimes on his behalf. One of the hackers was an FBI informant, said the FBI.

ZDNet | security RSS

Zoom hires Jason Lee from Salesforce to serve as new CISO

Lee to become Zoom's new CISO starting June 29, next week.

ZDNet | security RSS

Sony launches PlayStation bug bounty program with rewards of $50K+

Sony will pay security researchers for bugs in the PlayStation 4 gaming console, its operating system, official PS4 accessories, but also the PlayStation Network and related websites.

ZDNet | security RSS

CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges

The hacker group is believed to operate out of Eastern Europe, based on current evidence.

ZDNet | security RSS

New Zealand freezes $90 million in BTC-e money laundering case

The ongoing case claims the owner of BTC-e permitted the platform to be used for money laundering.

ZDNet | security RSS

New ransomware masquerades as COVID-19 contact-tracing app on your Android device

The malware surfaced just days after health officials in Canada announced the launch of a tracing app in the fight against COVID-19.

ZDNet | security RSS

Twitter bans DDoSecrets account over 'BlueLeaks' police data dump

Twitter said DDoSecrets account leaked and promoted BlueLeaks, a huge collection of files stolen from more than 200 US police departments and fusion training centers.

ZDNet | security RSS

Microsoft releases first public preview of its Defender antivirus on Android

UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

ZDNet | security RSS

New WastedLocker ransomware demands payments of millions of USD

Evil Corp, one of the biggest malware operations on the planet, has returned to life after the December 2019 DOJ charges with a new ransomware strain.

ZDNet | security RSS

80,000 printers are exposing their IPP port online

Printers are leaking device names, locations, models, firmware versions, organization names, and even WiFi SSIDs.

ZDNet | security RSS

Microsoft's 'Safe Documents' feature reaches general availability in Office 365

New Safe Documents feature available for all Office 365 E5 license holders.

ZDNet | security RSS

New privacy and security features announced at Apple's WWDC 2020

Proxy location sharing, new app privacy disclosure prompts, new webcam and microphone indicator in the iOS status bar.

ZDNet | security RSS

BlueLeaks: Data from 200 US police departments & fusion centers published online

Activist group DDoSecrets published 296 GB of police data on Friday, June 19.

ZDNet | security RSS

Adobe wants users to uninstall Flash Player by the end of the year

Adobe Flash Player will reach End-Of-Life on December 31, 2020.

ZDNet | security RSS

AMD says it will fix new CPU bugs by the end of June 2020

AMD Accelerated Processing Unit (APU) processors released between 2016 and 2019 impacted by new "SMM Callout" bugs.

ZDNet | security RSS

Academics studied DDoS takedowns and said they're ineffective, recommend patching vulnerable servers

The volume of DDoS traffic to victims remained the same. The number of DDoS-for-hire domains went up.

ZDNet | security RSS

Elon Musk Bitcoin vanity addresses used to scam users out of $2 million

While Bitcoin giveaway scams have been around for more than two years, new trick helps scammers net massive profits.

ZDNet | security RSS

Mozilla to launch VPN product 'in the next few weeks'

Mozilla VPN to exit beta this summer. Future plans include launching a Mac client. Currently only available on Windows, Android, iOS, and Firefox extension.

ZDNet | security RSS

Facebook sues websites that sold Instagram likes and scraped Facebook user data

Facebook files lawsuits against MGP25 Cyberint Services in Spain and against Massroot8 in the US.

ZDNet | security RSS

Russia unbans Telegram

Russia's media watchdog Roskomnadzor said Telegram has agreed to help Russian law enforcement fight against extremist and terrorist content shared on its platform.

ZDNet | security RSS

Google removes 106 Chrome extensions for collecting sensitive user data

Security firm identifies 111 malicious Chrome extensions collecting user keystrokes, clipboard content, cookies, more.

ZDNet | security RSS

Unpatched vulnerability identified in 79 Netgear router models

Bug lets attackers run code as "root" on vulnerable routers. Impacted routers go back to 2007.

ZDNet | security RSS

Microsoft: COVID-19 malware attacks were barely a blip in total malware volume

COVID-19-themed malware attacks began in February, peaked in March, and are slowly dying out.

ZDNet | security RSS

Zoom backtracks and plans to offer end-to-end encryption to all users

E2EE calls were initially planned for Zoom paying customers only, but the company has reconsidered following the public's outcry.

ZDNet | security RSS

AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever

The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.

ZDNet | security RSS

North Korea's state hackers caught engaging in BEC scams

ESET researchers said they spotted North Korean state-sponsored hackers attempting to steal money from targets they initially breached for cyber-espionage purposes.

ZDNet | security RSS

Super secretive Russian disinfo operation discovered dating back to 2014

Researchers uncover six-years-worth of Russian attempts to mold international politics using fake news and forged documents.

ZDNet | security RSS

Avon recovering after mysterious cyber-security incident

Parts of the Avon It network has been down since last week, according to SEC documents.

ZDNet | security RSS

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products.

ZDNet | security RSS

Old GTP protocol vulnerabilities will also impact future 5G networks

Bugs allow denial-of-service, user impersonation, user tracking, and fraud attacks, two separate reports warn.

ZDNet | security RSS

South African bank to replace 12m cards after employees stole master key

Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.

ZDNet | security RSS

Intel brings novel CET technology to Tiger Lake mobile CPUs

Intel says CET can protect against ROP/JOP/COP malware.

ZDNet | security RSS

Web skimmers found on the websites of Intersport, Claire's, and Icing

The malicious code has now been removed from all stores, but users are advised to review card statements for suspicious transactions.

ZDNet | security RSS

Lamphone attack lets threat actors recover conversations from your light bulb

Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away.

ZDNet | security RSS

Russia says Germany has not provided any evidence of Bundestag hack

Germany may seek to impose sanctions on Russia, rather than actually trial the hacker.

ZDNet | security RSS

Stalkerware detection rates are improving across antivirus products

Between November 2019 and May 2020, Android and Windows antivirus software got better at detecting stalkerware.

ZDNet | security RSS

Italian company exposed as a front for malware operations

Italian company CloudEyE is believed to have made more than $500,000 from selling its binary crypter to malware gangs.

ZDNet | security RSS

Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda

All three networks targeted local users for the benefit of the ruling political party.

ZDNet | security RSS

Knoxville shuts down IT network following ransomware attack

Knoxville joins a list that also includes Atlanta, Baltimore, Denver, and New Orleans.

ZDNet | security RSS

Congress wants to know what commercial spyware other countries are using

Intelligence funding bill for 2021 to mandate DNI to submit report to Congress about surveillance vendors and the countries that use spyware.

ZDNet | security RSS

Hackers breached A1 Telekom, Austria's largest ISP

A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.

ZDNet | security RSS

Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters

Attacks targeted Kubeflow servers that left their administration panel exposed on the internet.