Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.... [...]
WOW ! DID ! SOMEONE ! REALLY ! STEAL ! DATA ! ON ! 400K ! USERS? ! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW ! )... [...]
As if living in Croydon wasn't bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.... [...]
So F-18 launch times, weapons, drone support aren't classified now... who knew? The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has now publicly released the messages.... [...]
There's only one rule – don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.... [...]
Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers' gateways going offline.... [...]
Massive OPSEC fail from the side who brought you 'lock her up' Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans to attack Houthi rebels in Yemen - and accidentally invited a journalist to join the group in which they chatted.... [...]
Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in Yemen – and accidentally added a journalist to the group in which they chatted.... [...]
It's been a very busy week for Digicash Donald's administration Analysis Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike …
Plus AI in the infosec world, why CISA should know its place, and more Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.... [...]
Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to …
Feds want book thrown at Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars – after an appeals court ruled her sentence of time served plus five years of probation was too lenient.... [...]
DOGE efficiency in action The upheaval at the US government's Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks - specifically those still in their probationary period - though they've been benched on paid …
'Only' a local access bug but important part of N Korea, Russia, and China attack picture An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority …
One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.... [...]
It'll take a few days, give or take your situation Google has told The Register it's beginning to roll out a fix for Chromecast devices that were crippled by an expired security certificate authority. We're assured this deployment will take place over the next few days.... [...]
It'll take a few days, give or take your situation Google has told The Register it's beginning to roll out a fix for Chromecast devices that were crippled by an expired security certificate authority. We're assured this deployment will take place over the next few days.... [...]
Root cert expiry may bring breakage or worse for add-ons, media playback, and more If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.... [...]
Election infosec advisory center also shuttered Updated A penetration tester who worked at the US govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more folks have also been put out of work by the cybersecurity agency.... [...]
Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.... [...]
Expired SSL cert kerfuffle leaves second-gen, Audio gadgets useless Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate. The web giant is aware of the breakdown and says a fix is in the works …
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer's systems – and he's now facing a potential ten years behind bars.... [...]
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as many as a million infected Android …
President ordered officials to ramp up vetting 'to the maximum degree' The US government's Citizenship and Immigration Service (USCIS) is considering monitoring not just the social media posts of non-citizens coming into the country, but also all those already in America going through an immigration or citizenship process.... [...]
Complaint alleges 13 funding proposals foundered amid battle for control Eric Gan is no longer CEO of AI security biz Cybereason after what appears to have been a protracted and unpleasant fight with investors, including the SoftBank Vision Fund and Liberty Strategic Capital.... [...]