The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. | Continue reading
Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. | Continue reading
Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. | Continue reading
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. | Continue reading
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. | Continue reading
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. | Continue reading
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in. | Continue reading
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. | Continue reading
Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights. | Continue reading
The new exploit was deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing to install spyware on iPhones. | Continue reading
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network. | Continue reading
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. | Continue reading
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. | Continue reading
Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets. | Continue reading
Microsoft's August 2021 Patch Tuesday addressed a smaller set of bugs than usual, including more Print Spooler problems, a zero-day and seven critical vulnerabilities. | Continue reading
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead. | Continue reading
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. | Continue reading
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. | Continue reading
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. | Continue reading
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid. | Continue reading
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode. | Continue reading
Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. | Continue reading
HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. | Continue reading
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. | Continue reading
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe. | Continue reading
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system. | Continue reading
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. | Continue reading
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. | Continue reading
A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification | Continue reading
Vulnerability in NVIDIA’s GeForce Experience software opens door to remote data access, manipulation and deletion. | Continue reading
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers. | Continue reading
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter. | Continue reading
Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny. | Continue reading
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials. | Continue reading
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls. | Continue reading
An hour-long outage impacting airlines, banks and Hong Kong Stock exchange is believed to be caused by a service designed to protect against outages tied to distributed denial of service attacks. | Continue reading
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. | Continue reading
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles. | Continue reading
"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote. | Continue reading
The FBI and Australian law enforcement set up the encrypted chat service and ran it for over 3 years, seizing weapons, drugs and over $48m in cash. | Continue reading
Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch. | Continue reading
NY's AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old's fake identities. | Continue reading
New deepfake products and services are cropping up across the Dark Web. | Continue reading
Researchers fear wider exposure, amidst a tepid response from Experian. | Continue reading
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. | Continue reading
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. | Continue reading
The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. | Continue reading
The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks. | Continue reading