Crook made millions by breaking into execs’ Office365 inboxes, feds say
Email accounts inside 5 US companies unlawfully breached through password resets.
Systems used by courts and governments across the US riddled with vulnerabilities
by Dan Goodin
With hundreds of courts and agencies affected, chances are one near you is, too.
Meta pays the price for storing hundreds of millions of passwords in plaintext
by Dan Goodin
Company failed to follow one of the most sacrosanct rules for password storage.
Tails OS joins forces with Tor Project in merger
by Dan Goodin
The organizations have worked closely together over the years.
NIST proposes barring some of the most nonsensical password rules
by Dan Goodin
Proposed guidelines aim to inject badly needed common sense into password hygiene.
Hacker plants false memories in ChatGPT to steal user data in perpetuity
by Dan Goodin
Emails, documents, and other untrusted content can plant malicious memories.
11 million devices infected with botnet malware hosted in Google Play
by Dan Goodin
Necro infiltrated Google Play in 2019. It recently returned.
Google calls for halting use of WHOIS for TLS domain verifications
by Dan Goodin
WHOIS data is unreliable. So why is it used in TLS certificate applications?
Ever wonder how crooks get the credentials to unlock stolen phones?
by Dan Goodin
iServer provided a simple service for phishing credentials to unlock phones.
Massive China-state IoT botnet went undetected for four years—until now
by Dan Goodin
75% of infected devices were located in homes and offices in North America and Europe.
Secure Boot-neutering PKfail debacle is more prevalent than anyone knew
by Dan Goodin
Keys were marked “DO NOT TRUST.” More devices than previously known used them anyway.
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
by Dan Goodin
Infection corrals devices running AOSP-based firmware into a botnet.
As quantum computing threats loom, Microsoft updates its core crypto library
by Dan Goodin
Two algorithms added so far, two more planned in the coming months.
Rogue WHOIS server gives researcher superpowers no one should ever have
by Dan Goodin
.mobi top-level-domain managers changed the location of its WHOIS server. No one got the memo.
Found: 280 Android apps that use OCR to steal cryptocurrency credentials
by Dan Goodin
Optical Character Recognition converts passwords shown in images to machine-readable text.
US charges Russian military officers for unleashing wiper malware on Ukraine
by Dan Goodin
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide.
Zyxel warns of vulnerabilities in a wide range of its products
by Dan Goodin
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10.
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
by Dan Goodin
Sophisticated attack breaks security assurances of the most popular FIDO key.
City of Columbus sues man after he discloses severity of ransomware attack
by Dan Goodin
Mayor said data was unusable to criminals; researcher proved otherwise.
Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says
by Dan Goodin
Findings undercut pledges of NSO Group and Intgellexa their wares won’t be abused.
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
by Dan Goodin
Vulnerability is easy to exploit and allows attackers to remotely execute commands.
Hackers infect ISPs with malware that steals customers’ credentials
by Dan Goodin
Zero-day that was exploited since June to infect ISPs finally gets fixed.
Android malware steals payment card data using previously unseen technique
by Dan Goodin
Attacker then emulates the card and makes withdrawals or payments from victim’s account.
Novel technique allows malicious apps to escape iOS and Android guardrails
by Dan Goodin
Web-based apps escape iOS “Walled Garden” and Android side-loading protections.
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
by Dan Goodin
Microsoft said its update wouldn’t install on Linux devices. It did anyway.
Recent Posts
- You can run Arch Linux in Windows now – here’s how
- I thought MacOS 15.4.1 was a minor update until it made my iMac better in 4 big ways
- Freepik releases an ‘open’ AI image generator trained on licensed data
- Google Play sees 47% decline in apps since start of last year
- I tested the LG C5 OLED TV, and it gives the flagship G5 model a run for its money
Recent Comments
No comments to show.