Under New Management is an early-warning system for potential poisoning of add-ons with malware Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don't mind installing yet another browser extension.... [...]
Play Store commissions are a nice little earner, wherever they come from Google has been accused of profiting from gift card scams.... [...]
/ Hope no one ever reads these functions lmao / NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for "all relevant spyware" with Meta's WhatsApp.... [...]
Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories …
Those little popups may reveal location, device details, IP address, and more More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding that underscores the lack of privacy protection available to users of mobile devices …
Talk about gone in 60 seconds Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).... [...]
State government says it's thinking of the children A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application.... [...]
We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on …
Now that's what you call dual-use tech Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security.... [...]
Surprising third-act twist as Russian case means more freedom for all The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control …
'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.... [...]
Leaves it to carriers, promoting a complaint to Irish data cops from Big Tech's bête noire Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a …
Security is a process, not a product. Nor a language Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.... [...]
Firefox maker promises to lean on personal info brokers to scrub records Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.... [...]
Chocolate Factory matches Microsoft money for memory safety Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++.... [...]
Atlassian systen compromised via October Okta intrusion Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.... [...]
Spotting a plaintext password and using it in research without authorization deemed a crime A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.... [...]
Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.... [...]
Microsoft says it's doing its best to crack down on crims The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.... [...]
Unpleasant Christmas package lets malware down the chimney Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware.... [...]
DOM-XSS attacks have become scarce on Google websites since TT debuted Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.... [...]
NPM repo hijacked after former worker phished Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims.... [...]
Expanded service provider definition could force cafes and hotels to spy for the feds Many US businesses may be required to assist in government-directed surveillance – depending upon which of two reform bills before Congress is approved.... [...]
Says it was probably hacked, which isn't good news either A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors.... [...]
Limited options will be available into 2028, for an undisclosed price Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence.... [...]