Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control ove … | Continue reading
An Iowa man will go to prison for the next 20 years after he attempted to hijack an Internet domain at gunpoint, tased and shot the victim, and got shot back himself. | Continue reading
Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware. | Continue reading
New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line. | Continue reading
A weird Edge bug that was fixed earlier this month, allows a malicious website to retrieve content from other sites by playing audio files in a malformed manner that produces unintended consequences. | Continue reading
Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. | Continue reading
Security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations. | Continue reading
An expert in Android security is warning users that some developers of crappy Android apps have come up with a new trick for fooling users into installing their apps. | Continue reading
Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today. | Continue reading
The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year. | Continue reading
Gal Vallerius, a 36-year-old French national pleaded guilty this week in the US of selling narcotics on the Dark Web under the nickname of OxyMonster. | Continue reading
Over 43 million email addresses have leaked from the command and control server of a spam botnet, a security researcher has told Bleeping Computer today. | Continue reading
In a plenary session of the European Parliament that will be held today in Strasbourg, France, members of the European Parliament (MEPs) will vote on a motion for resolution which includes a clause to ban the use of software programs "that have been confirmed as malicious, such a … | Continue reading
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. | Continue reading
The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought. | Continue reading
Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-qu … | Continue reading
Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. | Continue reading
Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading
As if Ben and Jerry's, beautiful landscape, and legalized marijuana wasn't enough of an incentive, Vermont has passed legislation called the "New Remote Worker Grant Program" that will pay a remote worker's expenses if they move to Vermont. | Continue reading
Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading
The developers behind Git and various companies providing Git repository hosting services have pushed out a fix to patch a dangerous vulnerability in the Git source code versioning software. | Continue reading
A 23-year-old Canadian man who hacked into Yahoo and Gmail accounts on behalf of Russian Secret Service (FSB) agents was sentenced to five years in prison and a fine of $250,000. | Continue reading
Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism design … | Continue reading
A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. | Continue reading
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. | Continue reading
As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. | Continue reading
Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach. | Continue reading
A new experimental, and may I dare say, creepy Chrome Extension called FacePause pauses a YouTube video when you look away from the screen. It does this by utilizing an API called FaceDetector that has been available in Chrome since version 56. | Continue reading
Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature. | Continue reading
BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series. | Continue reading
The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. | Continue reading
Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. | Continue reading
With the release of the April 2018 Update, the OpenSSH Client is now officially out of beta and is also installed by default in Windows 10. The OpenSSH Server for Windows is also out of beta, but still needs to be manually installed. | Continue reading
Dutch police have seized ten servers belonging to a bulletproof hosting provider known for harboring child pornography sites and command and control servers for DDoS botnets, cyber-espionage, malvertising, spam, and malware operations. | Continue reading
A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones. | Continue reading
Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications. | Continue reading
With today's release of Windows 10 Insider Preview Build 17666, Microsoft added an updated Dark Theme for File Explorer that is for the most part usable. We first reported on the File Explorer Dark Theme back in April, but at that time it was an ugly mess. | Continue reading
Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. | Continue reading
Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. | Continue reading
Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. | Continue reading
At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. | Continue reading
The European Commission announced on Wednesday plans to cancel new registration and domain renewals for .eu domains owned by British citizens. EU citizens residing in the UK are also barred from registering or renewing domains. | Continue reading
Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what ope … | Continue reading
A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with … | Continue reading
Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks. | Continue reading
The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package. | Continue reading
Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. | Continue reading
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. | Continue reading