Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

By Lily Hay Newman — January 25^th 2024 at 21:30

Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group.

WIRED

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

By Lily Hay Newman, Matt Burgess — January 16^th 2024 at 17:00

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.

The Hacker News

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

By Newsroom — December 21^st 2023 at 07:22

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By Paul Ducklin — May 31^st 2023 at 19:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin — February 8^th 2023 at 02:58

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

WIRED

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

By Lily Hay Newman — November 2^nd 2022 at 18:27

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

WIRED

Spyware Hunters Are Expanding Their Tool Set

By Lily Hay Newman — August 18^th 2022 at 21:42

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat.

The Hacker News

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

By Ravie Lakshmanan — June 28^th 2022 at 08:59

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.  Security