Showing only posts in Ars Technica. Show all posts.

Hacker gains admin control of Sourcegraph and gives free access to the masses

Source

Enlarge (credit: Getty Images) An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment. In the process, the hacker(s) may have accessed …

Russia targets Ukraine with new Android backdoor, intel agencies say

Source

Enlarge / Ukrainian soldiers. (credit: Getty Images) Russia’s military intelligence unit has been targeting Ukrainian Android devices with “Infamous Chisel,” the tracking name for new malware that’s designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. “Infamous Chisel is a collection of components …

Google removes fake Signal and Telegram apps hosted on Play

Source

Enlarge (credit: Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images) Researchers on Wednesday said they found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took …

Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong.

Source

Enlarge (credit: Steve McDowell / Agefotostock ) In late May, researchers drove out a team of China state hackers who over the previous seven months had exploited a critical vulnerability that gave them backdoors into the networks of a who’s who of sensitive organizations. Barracuda, the security vendor whose Email …

Google’s $30-per-month “Duet” AI will craft awkward emails, images for you

Source

Enlarge (credit: Getty Images / Benj Edwards ) On Tuesday, Google announced the launch of its Duet AI assistant across its Workspace apps, including Docs, Gmail, Drive, Slides, and more. First announced in May at Google I/O, Duet has been in testing for some time, but it is now available …

Cybersecurity experts say the west has failed to learn lessons from Ukraine

Source

Enlarge / Viktor Zhora from Ukraine’s information protection service, says cyber has become a major component of hybrid warfare. (credit: Dragonflypd.com/Black Hat) Viktor Zhora, the public face of Ukraine’s success against Russian cyberattacks, received a hero’s welcome earlier this month on stage at Black Hat …

Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors

Source

Enlarge (credit: Getty Images) In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself. On Tuesday, a different set of researchers made a similarly solemn announcement …

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

Source

Enlarge (credit: Getty Images) A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR …

Crypto botnet on X is powered by ChatGPT

Source

Enlarge (credit: sakchai vongsasiripat/Getty Image) ChatGPT may well revolutionize web search, streamline office chores, and remake education, but the smooth-talking chatbot has also found work as a social media crypto huckster. Researchers at Indiana University Bloomington discovered a botnet powered by ChatGPT operating on X—the social network …

Google announces new algorithm that makes FIDO encryption safe from quantum computers

Source

Enlarge (credit: Getty Images) The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because it doesn’t rely on passwords and has the most secure form of built-in two-factor authentication. Like many existing security schemes today, though, FIDO faces …

Our health care system may soon receive a much-needed cybersecurity boost

Source

Enlarge (credit: Lorenzo Capunata/Getty ) The Advanced Research Projects Agency for Health (Arpa-H), a research support agency within the United States Department of Health and Human Services, said today that it is launching an initiative to find and help fund the development of cybersecurity technologies that can specifically improve …

Windows feature that resets system clocks based on random data is wreaking havoc

Source

Enlarge A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone …

Ongoing scam tricks kids playing Roblox and Fortnite

Source

Enlarge (credit: Savusia Konstantin | Getty Images ) Thousands of websites belonging to US government agencies, leading universities, and professional organizations have been hijacked over the last half decade and used to push scammy offers and promotions, new research has found. Many of these scams are aimed at children and attempt …

Real estate markets scramble following cyberattack on listings provider

Source

Enlarge / MLS (Multiple Listing Service). (credit: Getty Images) Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings. The attack, which commenced last …

An Apple malware-flagging tool is “trivially” easy to bypass

Source

Enlarge (credit: Getty Images ) One of your Mac's built-in malware detection tools may not be working quite as well as you think. At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings on Saturday about vulnerabilities in Apple's macOS Background Task Management mechanism …

Microsoft finds vulnerabilities it says could be used to shut down power plants

Source

Enlarge (credit: Rockwell Automation) On Friday, Microsoft disclosed 15 high-severity vulnerabilities in a widely used collection of tools used to program operational devices inside industrial facilities such as plants for power generation, factory automation, energy automation, and process automation. The company warned that while exploiting the code-execution and denial-of-service …

How fame-seeking teenagers hacked some of the world’s biggest targets

Source

Enlarge (credit: Getty Images) A ragtag bunch of amateur hackers, many of them teenagers with little technical training, have been so adept at breaching large targets, including Microsoft, Okta, Nvidia, and Globant, that the federal government is studying their methods to get a better grounding in cybersecurity. The group …

How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever

Source

Enlarge / Building with Microsoft logo. (credit: Getty Images) It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s …

“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more

Source

Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton) It's a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the …

Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

Source

Enlarge (credit: Getty Images) Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations. The …

AI researchers claim 93% accuracy in detecting keystrokes over Zoom audio

Source

Enlarge / Some people hate to hear other people's keyboards on video calls, but AI-backed side channel attackers? They say crank that gain. (credit: Getty Images) By recording keystrokes and training a deep learning model, three researchers claim to have achieved upwards of 90 percent accuracy in interpreting remote keystrokes …

What are “drainer smart contracts” and why is the FBI warning of them?

Source

Enlarge (credit: Getty Images) The FBI is advising potential NFT buyers to be on the lookout for malicious websites that use “drainer smart contracts” to surreptitiously loot cryptocurrency wallets. The websites present themselves as outlets for legitimate NFT projects that provide new offerings. They’re promoted by compromised social …

Unlimited miles and nights: Vulnerability found in rewards programs

Source

Enlarge (credit: Jose A. Bernat Bacete ) Travel rewards programs like those offered by airlines and hotels tout the specific perks of joining their club over others. Under the hood, though, the digital infrastructure for many of these programs—including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy—is …

Microsoft comes under blistering criticism for “grossly irresponsible” security

Source

Enlarge (credit: Drew Angerer | Getty Images ) Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is “grossly irresponsible” and mired in a “culture of toxic obfuscation.” The comments from Amit …

Canon warns printer users to manually wipe Wi-Fi settings before discarding

Source

Enlarge (credit: Getty Images) Printer manufacturer Canon is warning that sensitive Wi-Fi settings don’t automatically get wiped during resets, so customers should manually delete them before selling, discarding, or getting them repaired to prevent the settings from falling into the wrong hands. “Sensitive information on the Wi-Fi connection …

« newer articles | page 12 | older articles »