Enlarge / Gabriel Weinberg, creator of DuckDuckGo. (credit: Washington Post | Getty Images) At the end of April, Apple’s introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized …

Enlarge (credit: Getty Images ) PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the latest reported such incidents threatening the software supply chain. JFrog, a security …

Enlarge (credit: ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images) In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall …

Enlarge / Artist's impression of how to keep your digital stuff safe from all kinds of threats. (credit: Aurich Lawson | Getty Images) I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better …

Enlarge (credit: Future Publishing | Getty Images) Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the …

Enlarge (credit: Joshua Sortino ) Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time—and an offered $1,159 (€1,000 …

Enlarge / Never put a GriftHorse on your phone. (credit: John Lamparsky | Getty Images) Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem …

Enlarge (credit: Carl Court / Getty Images ) Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web. An investigation by cyber intelligence group Cyberint, together with …

Enlarge (credit: Aurich Lawson | Getty Images) Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists …

Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. (credit: 1905HKN via Getty Images / Jim Salter ) The LA Times reported this week that Los Angeles man Hao Kuo "David" Chi pled guilty to four federal felonies …

Enlarge (credit: Jorg Greuel | Getty Images) More than a thousand web apps mistakenly exposed 38 million records on the open Internet, including data from a number of COVID-19 contact-tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s …

Enlarge (credit: Andriy Onufriyenko | Getty Images) Companies of all kinds use machine learning to analyze people’s desires, dislikes, or faces. Some researchers are now asking a different question: How can we make machines forget? A nascent area of computer science dubbed machine unlearning seeks ways to induce selective …

Enlarge / Pretty Good Phone Privacy wants to minimize how much your wireless provider knows about your location. (credit: Noam Galai | Getty Images) Location data sharing from wireless carriers has been a major privacy issue in recent years. Marketers, salespeople, and even bounty hunters were able to pay shadowy third-party …

Enlarge (credit: RobertAx | Getty Images ) A decentralized financial network has claimed hackers absconded with about $600 million worth of cryptocurrencies in one of the largest heists to target the growing digital asset industry. Poly Network, which links some of the world’s most widely used digital ledgers, said on …

Enlarge (credit: Getty Images ) Scammers have been caught using a clever sleight of hand to impersonate the website for the Brave browser and using it in Google ads to push malware that takes control of browsers and steals sensitive data. The attack worked by registering the domain xn--brav-yva[.]com …

Enlarge (credit: Getty Images) Venmo, the popular mobile payment service, has redesigned its app. That's normally news you could safely ignore, but this announcement is worth a closer look. In addition to making some navigational tweaks and adding new purchase protections, the PayPal-owned platform is finally shutting down its …

Enlarge The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful attacks …

Enlarge (credit: KiwiSDR ) A spectrum painted image made using KiwiSDR. (credit: xssfox) KiwiSDR is hardware that uses a software-defined radio to monitor transmissions in a local area and stream them over the Internet. A largely hobbyist base of users does all kinds of cool things with the playing-card-sized devices …

Enlarge (credit: Suebsiri Srithanyarat / EyeEm / Getty Images ) As many as 1,500 businesses around the world have been infected by highly destructive malware that first struck software maker Kaseya. In one of the worst ransom attacks ever, the malware, in turn, used that access to fell Kaseya’s customers …

Enlarge (credit: Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images) Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company's Play marketplace after researchers said these apps used a sneaky way to steal users' Facebook login credentials. In a bid …

Enlarge Microsoft gave its digital imprimatur to a rootkit that decrypted encrypted communications and sent them to attacker-controlled servers, the company and outside researchers said. The blunder allowed the malware to be installed on Windows machines without users receiving a security warning or needing to take additional steps. For …

Enlarge / Dell has released a patch for a set of vulnerabilities that left as many as 30 million devices exposed. (credit: Artur Widak | Getty Images) Researchers have known for years about security issues with the foundational computer code known as firmware. It's often riddled with vulnerabilities, it's difficult to …

Enlarge (credit: Chalongrat Chuvaree | Getty Images) For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has …

Enlarge (credit: Getty Images) Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked those …

Enlarge (credit: Getty Images ) A week after Ukrainian police arrested criminals affiliated with the notorious Cl0p ransomware gang, Cl0p has published a fresh batch of what’s purported to be confidential data stolen in a hack of a previously unknown victim. Ars won’t be identifying the possibly victimized …