Apple offers $95 million in Siri privacy violation settlement
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. [...]
French govt contractor Atos denies Space Bears ransomware attack claims
French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. [...]
CAPTCHAs now run Doom – on nightmare mode
As if the bot defense measure wasn't obnoxious enough Though the same couldn't be said for most of us mere mortals, Vercel CEO Guillermo Rauch had a productive festive period, resulting in a CAPTCHA that requires the user to kill three monsters in Doom – on nightmare mode.... [...]
Boffins carve up C so code can be converted to Rust
Mini-C is a subset of C that can be automatically turned to Rust without much fuss Computer scientists affiliated with France's Inria and Microsoft have devised a way to automatically turn a subset of C code into safe Rust code, in an effort to meet the growing demand for …
Time to check if you ran any of these 33 malicious Chrome extensions
As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices …
Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach
The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. [...]
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop Chinese spies who compromised the US Treasury Department's workstations reportedly stole data belonging to a government office responsible for sanctions against organizations and individuals.... [...]
Apple offers to settle 'snooping Siri' lawsuit for an utterly incredible $95M
Even the sound of a zip could be enough to start the recordings, according to claims Apple has filed a proposed settlement in California suggesting it will pay $95 million to settle claims that Siri recorded owners' conversations without consent and allowed contractors to listen in.... [...]
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. [...]
Google Is Allowing Device Fingerprinting
Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback. [...]
Chinese hackers targeted sanctions office in Treasury attack
Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. [...]
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...]
The biggest cybersecurity and cyberattack stories of 2024
2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024. [...]
Eight things that should not have happened last year, but did
2024's Tech Fail Roll Of Dishonor Opinion Happy new year! Tradition says that this is when we boldly look forward to what may happen in the 12 months to come. Do you really want to know that? Didn’t think so.... [...]
US Army soldier who allegedly stole Trump's AT&T call logs arrested
Brings the arrest count related to the Snowflake hacks to 3 A US Army soldier has been arrested in Texas after being indicted on two counts of unlawful transfer of confidential phone records information.... [...]
We’re going teetotal: It’s goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down [...]
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker [...]
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII [...]
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more [...]
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed [...]
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review [...]
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies [...]
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp [...]
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field [...]
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers [...]
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country [...]
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect [...]
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials [...]
Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
OAuth ‘masterclass’ crowned top web hacking technique of 2022
Single sign-on and request smuggling to the fore in another stellar year for web security research [...]
Radio silence from DMS vendor quartet over XSS zero-days
No response or patch yet forthcoming from providers of vulnerable document management systems [...]
New XSS Hunter host Truffle Security faces privacy backlash
Anonymized numbers of bug discoveries swiftly deleted after pushback [...]
Second UK Computer Misuse Act consultation reflects ‘very little progress’
Campaigner bemoans glacial progress of review and urges government to set clear timetable [...]
DOM XSS vulnerability in Gartner Peer Insights widget patched
Web attack vector closed after failed fix [...]
Toyota sealed up a backdoor to its global supplier management network
Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage [...]
Google engineers plot to mitigate prototype pollution
Plan to create boundary between JavaScript objects and their blueprints gathers momentum [...]
Serious security hole plugged in infosec tool binwalk
Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’ [...]
Truffle Security relaunches XSS Hunter tool with new features
Popular hacking aid now available with CORS misconfig detection function following end-of-life announcement [...]
Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models [...]
Bug Bounty Radar // The latest bug bounty programs for February 2023
New web targets for the discerning hacker [...]
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag... [...]
Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news [...]
Facebook two-factor authentication bypass issue patched
Security vulnerability was one of Meta’s top bugs of 2022 [...]
Ruby on Rails apps vulnerable to data theft through Ransack search
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk [...]
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting [...]
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage [...]
Bitwarden responds to encryption design flaw criticism
Password vault vendor accused of making a hash of encryption [...]
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert [...]
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar [...]
« newer articles | page 75 | older articles »