Chrome 84 released with support for blocking notification popups on spammy sites

Other new features that shipped with Chrome 84 include a new animations engine and a one-tap system for importing SMS passcodes into Chrome web forms.

Microsoft July 2020 Patch Tuesday fixes 123 vulnerabilities

This month's patches fix a major wormable bug in the Windows Server DNS component.

SigRed: A 17-year-old 'wormable' vulnerability for hijacking Microsoft Windows Server

The vulnerability, fixed in Microsoft's Patch Tuesday, has been awarded a severity rating of 10.0.

EFF’s new database reveals what tech local police are using to spy on you

Updated: An interactive map shows you everything from Ring partnerships to predictive policing.

RECON bug lets hackers create admin accounts on SAP servers

SAP patches bug impacting most of its apps and customer base.

A hacker is selling details of 142 million MGM hotel guests on the dark web

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Google Meet adds zoombombing protection for education customers

Google will block anonymous users from joining Google Meet video conferences organized by G Suite for Education customers.

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

Sentencing scheduled for September 2020.

Researchers create magstripe versions from EMV and contactless cards

Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.

Amazon tells employees to remove TikTok from their phones due to security risk

Accessing the TikTok website from work laptops is still allowed, according to an internal email Amazon sent to employees today.

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.

Smartwatch tracker for the vulnerable can be hacked to send medication alerts

API issues could be exploited to make calls, spy on users, send fake messages, and more.

KingComposer patches XSS flaw impacting 100,000 WordPress websites

The vulnerability could be exploited to execute malicious payloads in visitor browsers.

Google bans stalkerware ads

New Google Ads policy that bans stalkerware enters into effect on August 11.

Zoom working on patching zero-day disclosed in Windows client

UPDATE: The zero-day has now been patched. Updates are available to Zoom Windows users.

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

The APT is also a loyal customer of Golden Chickens, a Malware-as-a-Service outfit.

Google abandons Isolated Region cloud services project in China

Google says the Isolated Region project was scrapped due to other services offering “better outcomes.”

More pre-installed malware has been found in budget US smartphones

Cheap phones often have tradeoffs but researchers say this should never compromise user safety.

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption

The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data (for encryption).

Nvidia fixes code execution vulnerability in GeForce Experience

Security updates have also been released for the JetPack software development kit.

Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only

New KDP security feature is currently being tested with Windows 10 Insider builds.

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.

Civil rights auditors slam Facebook stance on Trump, voter suppression

Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling.

Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies

Backdoors into government networks and corporations were allegedly sold to other criminal enterprises.

Mozilla suspends Firefox Send service while it addresses malware abuse

Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism.

Free decryptor available for ThiefQuest ransomware victims

ThiefQuest (EvilQuest) ransomware victims can now recover their encrypted files for free, without needing to pay the ransom demand.

German authorities seize 'BlueLeaks' server that hosted data on US cops

BlueLeaks portal is now down. The website hosted 269 GB of files stolen from more than 200 US police departments and fusion training centers.

Microsoft seizes six domains used in COVID-19 phishing operations

Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks.

'Keeper' hacking group behind hacks at 570 online stores

Hackers also accidentally leaked more than 184,000 stolen cards through an improperly secured backend server.

Researchers learn how to pinpoint malicious drone operators

With high accuracy, it is now possible to trace drone operators that could be ill-wishers near protected airspace.

Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed

The energy firm denies the loss of customer data. Attackers claim to have stolen 10TB in business records.

Cerberus banking Trojan infiltrates Google Play

The malware was found buried within a seemingly-innocent currency converter.

US Secret Service reports an increase in hacked managed service providers (MSPs)

US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.

VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million

Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds.

Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn

Hacker sentenced to five years probation, with home confinement condition.

North Korean hackers linked to web skimming (Magecart) attacks, report says

After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.

Hackers are trying to steal admin passwords from F5 BIG-IP devices

Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.

Infosec community disagrees with changing 'black hat' term due to racial stereotyping

A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term.

F5 patches vulnerability that received a CVSS 10 severity score

Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions.

New Apple macOS Big Sur feature to hamper adware operations

Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs.

LinkedIn says iOS clipboard snooping after every key press is a bug, will fix

The new clipboard access detection and warning feature in iOS 14 exposes another app.

Roblox accounts hacked with pro-Trump messages

Hackers are taking Roblox credentials leaked on Pastebin, accessing accounts, and leaving the same "Ask your parents to vote for Trump this year" message on thousands of Roblox profiles.

Sixteen Facebook apps caught secretly sharing data with third-parties

Academic study used unique "honeytoken" emails to install Facebook apps and see which inboxes received emails from unrecognized senders.

V Shred data leak exposes PII, sensitive photos of fitness customers and trainers

V Shred defended the public status of its open bucket and only partially solved the problem.

This is how EKANS ransomware is targeting industrial control systems

New samples of the ransomware reveal the techniques used to attack critical ICS systems.

Facebook says 5,000 app developers got user data after cutoff date

A Facebook privacy mechanism blocks apps from receiving user data if users didn't use an app for 90 days. Facebook said 5,000 apps continued to receive user data regardless.

Connection discovered between Chinese hacker group APT15 and defense contractor

Lookout said it linked APT15 malware to Xi'an Tianhe Defense Technology, a Chinese defense contractor.

Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online.

One out of every 142 passwords is '123456'

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.

AT&T dragged to court, again, over SIM hijacking and cryptocurrency theft

A customer allegedly lost $1.9 million due to AT&T’s handling of a number transfer request.

UK court shuts down scam cryptocurrency platform GPay Ltd, £1.5 million in client funds lost

GPay used fake celebrity endorsements and ads to lure traders to invest.

Microsoft releases emergency security update to fix two bugs in Windows codecs

Security updates have been silently deployed to customers on Tuesday through the Windows Store app.

Apple tells app devs to use IPv6 as it's 1.4 times faster than IPv4

Company also urges app devs to start using newer web tech like HTTP/2 and TLS 1.3, citing similar performance and speed improvements.

New ThiefQuest ransomware discovered targeting macOS users

ThiefQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts.

Promethium APT attacks surge, new Trojanized installers uncovered

The hacking group behind StrongPity is ignoring constant exposure by researchers in its quest for global intelligence and surveillance.

University of California SF pays ransomware hackers $1.14 million to salvage research

The malware infected crucial research stored in the UCSF medical school’s network.

The more cybersecurity tools an enterprise deploys, the less effective their defense is

New research highlights how throwing money indiscriminately at security doesn’t guarantee results.

Google removes 25 Android apps caught stealing Facebook credentials

The malicious apps were downloaded more than 2.34 million times.

US Cyber Command says foreign hackers will attempt to exploit new PAN-OS security bug

Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products.