Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead. [...]

Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera. [...]

IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof. [...]

Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. [...]

A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities. [...]

We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity. [...]

Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered. [...]

Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020. [...]

Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456. [...]

The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. [...]

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware. [...]

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017. [...]

Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. [...]

Mass email distribution service compromise mirrors earlier Nobelium attacks. [...]

Agency warns attackers targeting teleworkers to steal corporate data. [...]

A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints. [...]

Employee email takeover exposed personal, medical data of students, employees and patients. [...]

There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do? [...]

Authorities opened an investigation into the secretive Israeli security firm. [...]

Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them. [...]

They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling. [...]

Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON. [...]

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam. [...]

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. [...]

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. [...]