Federal executive branch departments and agencies have until October 16 to adopt on their domains a policy-based email validation system configured with the strongest setting. Most already comply with the mandatory requirement but whitehouse.gov is not among them, yet. | Continue reading
Credential stuffing attacks are a growing problem, particularly in the financial sector, where botnets can initiate so many fraudulent login attempts that the wave has the effect of a distributed denial-of-service (DDoS) attack. | Continue reading
Today Microsoft released Windows 10 Insider Preview Build 18242 (19H1) to the Insiders on the Skip Ahead ring. This build is predominantly a bug fix release that resolves known issues in the 19H1 branch. 19H1 is the next feature update to be released after the October 2018 Update … | Continue reading
A report released today about the activity of Pegasus spyware presents evidence of the tool's use outside the ethical boundaries publicized by its maker. | Continue reading
What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions. | Continue reading
A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models. | Continue reading
CloudFlare has introduced a new gateway that allows you to easily access content stored on IPFS, or the InterPlanetary File System, through a web browser and without having to install a client. | Continue reading
Reports are coming in that Piriform is forcing CCleaner to update to the latest 5.46 version even when users had configured the program to not perform automatic updates. To make matters worse, once the users were upgraded to the latest version, their privacy settings are reset to … | Continue reading
A new botnet captured the attention of security researchers through its harmless behavior and the use of an original communication channel with its command and control center. | Continue reading
A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal. | Continue reading
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug. | Continue reading
Microsoft released a security advisory on a denial-of-service vulnerability that renders multiple versions of Windows completely unresponsive and has no mitigation factors. | Continue reading
Microsoft extends support for its Antimalware Scan Interface (AMSI) to Office 365 client applications, offering protection against script-based threats at runtime. | Continue reading
Access to India's Aadhaar unique identity enrollment software is unrestricted to anyone for as much as $35 - the price of a debilitating patch for important security features. | Continue reading
A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service. | Continue reading
Relying on computer memory's remanence behavior, security researchers figured out a way to extract sensitive data from RAM, such as encryption keys, even after the loss of power. | Continue reading
A Nigerian man has been sentenced to five years of prison time and pay $2.54 million in restitution for running business email compromise scams that attempted to steal $25 million. | Continue reading
A script used by the customer engagement service Feedify has been hacked to include the malicious MageCart script. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a form. | Continue reading
A script used by the customer engagement service Feedify has been hacked to include the malicious MageCart script. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a form. | Continue reading
Mirai and Gafgyt, two of the best known IoT botnets, have forked once again, but the new variants peek at the corporate sector for creating or replenishing their denial-of-service resources for distributed attacks. | Continue reading
A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were us … | Continue reading
Malware developers have started to use the zero-day exploit for Windows Task Scheduler component, two days after proof-of-concept code for the vulnerability appeared online. | Continue reading
The US continues to be the top country hosting domains that serve web-based threats and, and the main source for exploit kits on a global level, according to new research. | Continue reading
Although there is nothing special about code executing on a machine, when this code is executed is a significant detail from a security standpoint. | Continue reading
Microsoft has started testing a new feature for the Microsoft To-Do that simply makes sense on a touch-enabled device like Surface Go. Currently available for the Insiders, the updated Microsoft To-Do app allows users to create notes using a pen like the Surface Pen. | Continue reading
Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control. | Continue reading
Scammers can collect highly sensitive information about a company's activity, employees, and clients, even if after it shuts down, a cybersecurity expert warns. | Continue reading
According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against … | Continue reading
Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea. | Continue reading
Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure. | Continue reading
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, w … | Continue reading
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. | Continue reading
On August 21st, Microsoft released an update to the May KB4100347 Intel microcodes for Windows 10 & Windows Server 2016. After installing this latest version, Windows users are reporting that they are unable to boot Windows 10 or are having performance issues. To complicate the i … | Continue reading
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account. | Continue reading
Google security researchers have revealed this week that the immensely popular Fortnite Android app is vulnerable to so-called man-in-the-disk (MitD) attacks. | Continue reading
If you are having trouble keep tracking of site's that are considered reputable news sources verses ones that are not, a new browser extension from NewsGuard may be of help. | Continue reading
Using regular microphones, academic researchers managed to pick up acoustic signals from computer displays and determine in real time the type of content on the screen. | Continue reading
T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers' data on Monday, August 20. | Continue reading
Felix Rieseberg, a software engineer at Slack has released Windows 95 as an app for Windows, Mac or Linux. It's a 100MB Electron app that you can install and run on Windows, Mac or even Linux computers. | Continue reading
Restaurants in 23 states are on the list of Cheddar Scratch Kitchen locations affected by a cyberattack that exposed payment card information. | Continue reading
Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab. | Continue reading
Full contact information of everyone attending the BlackHat security conference this year has been exposed in clear text, a researcher has found. The data trove includes name, email, company, and phone number. | Continue reading
A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. | Continue reading
Security researchers have uncovered a new supply chain attack that targets organizations in South Korea. The threat actor chooses the victims selectively, based on an IP range for groups of interest. | Continue reading
A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. | Continue reading
A severe issue was addressed on Monday, an issue that under certain conditions could be used to expose the private keys for TLS certificates used by companies running their infrastructure on cloud servers. | Continue reading