PLA spyware keeps Tibetans under surveillance. Cyber conflict between Ukraine and Russia, some conventionally criminal, other state-directed. US ExecuFriarFox is a bad browser extension, and it's interested in Tibet. Ukraine accuses Russia of a software supply chain compromise.The CyberWire Shared .
Cyberattacks Launch Against Vietnamese Human-Rights ActivistsVietnam joins the ranks of governments using spyware to crack down on human-rights defenders.Threatpost Shared .
Format String Exploit Troubleshooting Over TwitterHelping somebody with a simple format string exploit via twitter. Getting stuck with problems is one of the most frustrating but best ways to learn.LiveOverflow Shared .
Cryptopia cryptocurrency exchange in liquidation due to hack, hacked againCryptopia cryptocurrency exchange was hacked in 2019 and put into liquidation after suffering a loss of USD 30 million in crypto-assets.HackRead Shared .
Health Website Leaks 8 Million COVID-19 Test ResultsA teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.Threatpost Shared .
Malicious Mozilla Firefox Extension Allows Gmail TakeoverThe malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.Threatpost Shared .
Cisco Warns of Critical Auth-Bypass Security FlawCisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.Threatpost Shared .
Chinese Hackers Using Firefox Extension to Spy On Tibetan OrganizationsA new Chinese hacking attack aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.The Hacker News Shared .
UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itselfThe company needs NCSC's help: although we previously reported that users' passwords were hashed in storage, emails from the company shown to The Register by horrified parents confirmed that they were, in fact, being stored without any encryption at all.The Register Shared .
Ever felt that a few big tech companies are following you around the internet? That's because… they areExperimental blocking of sites that load resources from four big companies makes the web unusable.The Register Shared .
The Top Free Tools for Sysadmins in 2021The Top Free Tools for Sysadmins in 2021 - Permissions Management, Password Auditor, Network Visibility and Protocol Analysis.The Hacker News Shared .
S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub adsThe graphics card that wants you to stick to playing games, the man that didn't weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys.Naked Security Shared .
How to Watch Tom and Jerry: The Movie online from anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Can Clubhouse Move Fast Without Breaking Things?The 11-month-old audio social network is compelling. It also has some very grown-up problems.New York Times Privacy Shared .
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware AttackThe Hacker News Shared .
Ghostery Dawn Product UpdateThings continue to progress quite nicely here with Ghostery Dawn, in large part to your great feedback, recommendations, and have a handful of improvements in this includes the following changes: We have added private stats to the new tab page, which includes metrics for ads blocked, trackers blocked, data points anonymized, and time saved.Ghostery Blog Shared .
Alexa, swap out this code that Amazon approved for malware… Installed Skills can double-cross their usersBoffins find those developing apps for the chatty AI assistant can bypass security measures.The Register Shared .
5G Promises to Increase Adoption of Cryptocurrency InvestingBlockchain has been efficient in supporting cryptocurrency alone, but its combination with 5G will greatly enhance cryptocurrency mining.HackRead Shared .
Hacking and Hip HopThis week, we welcome John Threat, Hacker at Mediathreat, followed by Chris Cochran and Ronald Eddings from Hacker Valley Media!Paul's Security Weekly Shared .
Tax Season Ushers in Quickbooks Data-Theft SpikeQuickbooks malware targets tax data for attackers to sell and use in phishing scams.Threatpost Shared .
Botnet Abusing Bitcoin Blockchain To Evade DetectionAkamai has published new research explaining techniques used by the operators of a cryptocurrency mining botnet campaign to evade detection in which cybercriminals are abusing Bitcoin transactions to carry out illegal crypto mining operations while staying under the radar.HackRead Shared .
Accellion FTA compromise spreads. Ocean Lotus is back. LazyScripter seems to represent a new threat group. Notes from the SolarWinds hearings. New ICSAs more organizations are affected by the Accellion FTA compromise, authorities issue some recommendations for risk mitigation.The CyberWire Shared .
Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie TrackingMozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.Threatpost Shared .
Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gangThe Register can reveal Clop got its hands on at least one drawing of a Leonardo Seaspray 7500E radar antenna, and divulged on its Tor-hidden website a rendering of the hardware in some detail - without its external covers usually seen in promotional material.The Register Shared .
VMWare Patches Critical RCE Flaw in vCenter ServerThe vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.Threatpost Shared .
Cl0p ransomware gang hits Aviation giant Bombardier, leaks sensitive dataThe Cl0p ransomware gang has leaked sensitive data belonging to Bombardier on its official website on the dark web accessible through Tor.HackRead Shared .
'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux securityPlus: Why the Chocolate Factory only uses code it builds from source.The Register Shared .
Nvidia's Anti-Cryptomining GPU Chip May Not Discourage AttacksThe hotly anticipated GeForce RTX 3060, a, advanced gaming graphics chip, will also throttle Ethereum mining.Threatpost Shared .
Experts Warns of Notable Increase in QuickBooks Data Files Theft AttacksNew research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit.The Hacker News Shared .
Where does President Biden stand on internet censorship?We review the major web censorship issues that President Biden will face during his next four years in office including Section 230, open access to research, and policing misinformation on social media.Comparitech Shared .
Microsoft Lures Populate Half of Credential-Swiping Phishing EmailsAs more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.Threatpost Shared .
Everything You Need to Know About Evolving Threat of RansomwareRansomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.The Hacker News Shared .
5 Best Switch Monitoring Software for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Ultimate Guide: What is DevOps? it's Goals, Lean Thinking and MoreWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How To Fix the SQL Server Recovery Pending ErrorWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Intent-based Networking Guide for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
an offer you can't refuseThis spring, Apple will implement a new policy that will require App Store developers to ask for users' permission in order to track them online.Open Rights Group Shared .
How to Watch Punky Brewster online from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Trust FactorThis week, we welcome Dutch Schwartz, Cloud Security Strategist at AWS, to discuss cloud's influence on the evolving culture of security.Paul's Security Weekly Shared .
Think you know all about security pen-testing in the cloud? Here's how to prove itNew GIAC qual shows you can put the Sec into DevSecOps and quantify the risk in SRE.The Register Shared .
Critical RCE Flaws Affect VMware ESXi and vSphere ClientVMware patches multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platforms.The Hacker News Shared .
Mozilla Firefox keeps cookies kosher with quarantine scheme, 86s third-party cookies in new browser buildHey man, are your cookies trackin' me? Take 'em out. You gotta keep 'em separated.The Register Shared .
Experts Find a Way to Learn What You're Typing During Video CallsThe Hacker News Shared .
What's CNAME of your game? This DNS-based tracking defies your browser privacy defensesWhile online publishers have been happy to allow advertisers to run third-party tracking code on their websites to collect data and follow people as they visit different websites, internet users and privacy-focused web browsers have ramped up privacy defenses over the past few years to limit the application of web-based tracking.The Register Shared .
Indian Railways suffers unspecified security ‘breaches in various IT applications'13m passengers a day, a million tickets bought on digital platforms, and yet few details offered on what went wrong.The Register Shared .
Microsoft president asks Congress to force private-sector orgs to publicly admit when they've been hackedHe noted it was "not a typical step" for a company to ask the United States Congress to "place a new law on ourselves and on our customers, but I think it's the only way we're going to protect our country and I think it's the only way we're going to protect the world."The Register Shared .
VMware warns of critical remote code execution flaw in vSphere HTML5 clientIf you don't patch, the hosts driving all your virty servers are at risk. So maybe your to-do list needs a tickle?The Register Shared .
They break into your network but do nothing themselves: 'Initial access brokers' resell stolen creds for $7k a popSo says Digital Shadows as it puts a price on illicit access methods.The Register Shared .
Mozilla releases Firefox 86 equipped with ‘Total Cookie Protection'However, Mozilla just released Firefox 86 that has various new features including Total Cookie Protection which is a huge privacy advancement that has been built into Enhanced Tracking Protection so websites cannot track you across the web.HackRead Shared .
TDoS, Crippled Video Drivers, APT31, Typing Inference, and "Shadow Attacks"This week Dr. Doug talks Bad typing, Crippled Video Drivers from NVDIA, TDOS, APT31, Malformed URLs, and more!Paul's Security Weekly Shared .
Clop ransomware gang leaks online what looks like stolen Bombardier blueprints of GlobalEye radar snoop jetAnd what may be CAD drawing of a military radar antenna.The Register Shared .
DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate's SolarWinds hearing. US DHS cyber strateUkrainian security services complain of DDoS from Russia. The Accellion compromise is attributed to an extortion gang.The CyberWire Shared .
Daycare Webcam Service Exposes 12,000 User Accounts ANurseryCam suspends service across 40 daycare centers until a security fix is in place.Threatpost Shared .
IBM Squashes Critical Remote Code-Execution FlawA critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.Threatpost Shared .
Goose EggThis week, we welcome Brandon Edwards, Co-Founder and Chief Scientist at Capsule8, to discuss Targeting, Exploiting, and Defending Linux!Paul's Security Weekly Shared .
The Best Law You've Never Heard OfTaking back control of our personal data can feel like a lost cause. But there's hope!New York Times Privacy Shared .
Best MBA degrees in cyber security for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Deleted Keybase chat images retrievable on Windows, macOS, LinuxKeybase is owned by Zoom and currently has almost half a million privacy-focused users. Here's how it kept chat images that were retrievable.HackRead Shared .
Apple M1 Malware Found, Brave Browser Leaked DNS QueriesClubhouse uses Agora, and audio data was leaked by a user, Apple's new M1 Chip already has malware designed for it, and the Brave Browser Leaked Tor Addresses!Hak5 Shared .
Finnish IT Giant Hit with Ransomware CyberattackTietoEVRY was forced to shut down services and infrastructure to 25 customers as the company continues to investigate the incident with relevant authorities.Threatpost Shared .
Keybase secure messaging fixes photo-leaking bug patch now!It not only means that your data isn't decrypted while it's at any "rest stops" along the way, such as when an email message is held at your ISP for delivery later on, but also means that your data cannot be decrypted along the way, no matter whether you trust the person operating that "rest stop" or not.Naked Security Shared .
Checkout Skimmers Powered by Chip CardsEasily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal's chip reader slot.Krebs on Security Shared .
Education Technology: Pros and ConsThe evolution of technology has drastically changed the way our world works, and the education system is no exception.Ghostery Blog Shared .
10K Microsoft Email Users Hit in FedEx Phishing AttackMicrosoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.Threatpost Shared .
Linux Mint users in hot water for being slow with security updates, running old versionsAutomatic updates? 'We have ideas on how to improve this,' says founder.The Register Shared .
Security consultant career guide: Becoming a security consultantWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Security Manager Career Guide: Getting a Security Manager JobWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
5 Security Lessons for Small Security Teams for the Post COVID19 EraNew eBook details the following five security lessons derived from current business, IT, and threat landscape trends.The Hacker News Shared .
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFsResearchers demonstrated Shadow attacks that could allow hackers to break the integrity protection of digitally signed PDF documents.The Hacker News Shared .
A.I. Is Everywhere and EvolvingMany of us already live with artificial intelligence now, but researchers say interactions with the technology will become increasingly personalized.New York Times Privacy Shared .
Should I Get a Covid-19 Vaccine When Others Need It More?The magazine's Ethicist columnist on what should determine eligibility for the Covid-19 vaccine and more.New York Times Privacy Shared .
How to Watch Snowfall Season 4 Online AbroadWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion AttacksThe Hacker News Shared .
The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made publicCheck Point says Beijing 'reconstructed' Equation Group's hacking tool long before leak.The Register Shared .
TDoS Attacks Take Aim at Emergency First-Responder ServicesThe FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.Threatpost Shared .
Facebook takes down Myanmar military page. Chinese cyberespionage and cloned Equation Group tools. Supply chain compromises. Threat trends.Silver Sparrow's up to... something or other. Bogus Flash Player update serves fake news and malware.The CyberWire Shared .
Silver Sparrow malware on 30,000 Macs leaves security pros confusedAccording to researchers, as of mid-February, Silver Sparrow malware has affected almost 30,000 macOS across 153 countries.HackRead Shared .
Assume ClubHouse Conversations Are Being Recorded, Researchers WarnAt nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded.Threatpost Shared .
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme, though no ransomware was deployed.Threatpost Shared .
NurseryCam hacked, company shuts down IoT camera serviceReal names, usernames, and what appears to be SHA-1 hashed passwords exposed.The Register Shared .
Car-sharing firm CityBee data breachAccording to the hacker behind the breach, they found the backup database of CityBee exposed on the internet for public access.HackRead Shared .
Naked Security Live How to calculate important things using a computerHere's the latest Naked Security Live talk - watch now!Naked Security Shared .
Switch Port Monitoring Guide: Gather Insights on your Network SwitchesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Planespotters' weekends turn traumatic as engine pieces fall from the sky in the Netherlands and the USIt's a bird, it's a plane... holy crap there's a nacelle in my kitchen.The Register Shared .
How to Fight Business Email Compromise with Email Authentication?The Hacker News Shared .
Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked OnlineNew evidence suggests Chinese hackers had access to some NSA hacking tools and zero-day exploits years before the Shadow Brokers group disclosed them.The Hacker News Shared .
New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple MacsThe Hacker News Shared .
Brave browser leaks visited Tor.onion addresses in DNS traffic, fix released after bug hunter raises alarmPlus: IBM's lawyers hacked, Kia denies ransomware hit, France declares war on hackers, and more.The Register Shared .
Nvidia announces official "anti-cryptomining" software driversRay-tracing is an algorithm used in generating synthetic images that are almost unbelievably realistic, correctly modelling complex optical interactions such as reflection, transparency and refraction, but this sort of realism comes at huge computational cost.Naked Security Shared .
Malware monsters target Apple's M1 silicon with ‘Silver Sparrow'Behaves like a legit software installer and phones home for instructions, but lacks a payload.The Register Shared .
Billy Wilson: Translating language skills to technical skills.High Performance Computing Systems Administrator at Brigham Young University Billy Wilson tells his cybersecurity career story translating language skills to technical skills.The CyberWire Shared .
Brave browser Tor feature leaked.Onion queries to ISPsAccording to a researcher, the Chromium-based, privacy-focused Brave browser has a vulnerability that's leaking DNS requests.HackRead Shared .
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its UsersThe Hacker News Shared .
SolarWinds hackers accessed source code of Azure, Exchange, IntuneThe US has blamed Russia for attacks carried out by SolarWinds hackers. Here's what Microsoft has revealed about the recent development.HackRead Shared .
The social app Clubhouse is an invitation to troubleThe startup's invitation-only model gives it a sheen of exclusivity, but privacy horrors lurk behind the buzz.Guardian Privacy Shared .
OpinionReaders discuss the privacy issues raised. One argues, "Americans' obsession with privacy has gone off the rails."New York Times Privacy Shared .
Happy birthday, Python, you're 30 years old this week: Easy to learn, and the right tool at the right timePopular programming language, at the top of its game, still struggles to please everyone.The Register Shared .
How to Watch Australian Open Men's Final 2021 Online FreeWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to watch When Calls the Heart season 8 onlineWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Attackers using Google Chrome.Guest Bojan Zdrnja of Infigo IS and a certified instructor at SANS Institute shares an incident he discovered where attackers were using a pretty novel way of exfiltrating data and using that channel for C&C communication.The CyberWire Shared .
Automate Remote SSH Control of Computers with Expect ScriptsBash scripts are the normal way to get into automation. However, they have their limitations.Null Byte Shared .
Malformed URL Prefix Phishing Attacks Spike 6,000%Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.Threatpost Shared .
Mopping up Solorigate. Tehran's Lightning and Thunder in Amsterdam. The view from Talinn. Malware designed for Apple's new chips. Lessons from the iceMicrosoft wraps up its internal investigation of Solorigate, which the US Government continues to grapple with, and which has had some effect in Norway.The CyberWire Shared .
Mysterious Silver Sparrow Malware Found Nesting on 30K MacsA second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide - but it's unclear why.Threatpost Shared .
Credential-Stuffing Attack Targets Regional Internet RegistryRIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.Threatpost Shared .
New variant of MassLogger Trojan stealing Chrome, Outlook dataMassLogger was originally discovered in April 2020 but now it has been updated to target Windows devices to steal Chrome and MS Outlook data.HackRead Shared .
The massive coronavirus pandemic IT blunder with a funny sideHe was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.Naked Security Shared .
Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer GangThe leader of Mexico's Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico's top tourist destinations over the past five years.Krebs on Security Shared .
Balancing Privacy With Data Sharing for the Public GoodSocially valuable data can be combined with standards that safeguard individual privacy, an economist says.New York Times Privacy Shared .
207-VPN Routers RevisitedDirect support for this podcast comes from sales of my books. More details can be found on the Books tab at IntelTechniques.com.The Complete Privacy & Security Podcast Shared .
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa CardA new hack lets criminals bypass PIN for a Mastercard contactless card by tricking terminals into believing it to be a Visa card.The Hacker News Shared .
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange CodeHowever, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.Threatpost Shared .
The rising tide of child abuse content on social media?In 2020 alone, Facebook removed 35.9 million pieces of content flagged under "child nudity and sexual exploitation," according to the social network's latest transparency report.Comparitech Shared .
How to Watch Australian Open Women's Final 2021 Online FreeWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome CredentialsMasslogger Virus Now Steals Outlook, Messaging App, Chrome Credentials.The Hacker News Shared .
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, IntuneThe Hacker News Shared .
Atheists warn followers of unholy data leak, hint dark deeds may have tried to make it go awayThe Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has warned members their personal information appears to have been leaked.The Register Shared .
Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzleWe'll be fine, says Redmond security crew. No word on whether you will be too once crims analyse their haul.The Register Shared .
S3 Ep20: Corporate megahacking, true love gone bad, and tax grabsClick-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.Naked Security Shared .
The Most Commonly Hacked Smart Home TechThere are over 7 billion IoT devices and a big number is vulnerable to cyber-attacks.HackRead Shared .
Cybercriminal Enterprise 'Ringleaders' Stole $55M Via COVID-19 Fraud, Romance ScamsThe Department of Justice cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.Threatpost Shared .
Apple Outlines 2021 Security, Privacy RoadmapLatest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.Threatpost Shared .
The WatchDog Monero cryptojacking operation. "A criminal syndicate with a flag." US Senator asks FBI, EPA for a report on water system cybersecurity. Egregor takes a hit from French and Ukrainian police. Dinah Davis has advice on getting buy-in from the board.The CyberWire Shared .
Kia Motors Hit With $20M Ransomware AttackSo far, Kia Motors America has publicly acknowledged an "extended system outage," but ransomware gang DoppelPaymer claimed it has locked down the company's files in a cyberattack that includes a $20 million ransom demand.Threatpost Shared .
US charges 3 North Korean hackers for extorting $1.3+ billionOne of the hackers was also charged in 2018 for playing a role in the Sony Pictures hacking and WannaCry ransomware attacks.HackRead Shared .
Features to look for when choosing VoIP phone systemAs VoIP is quickly replacing PBX inside big businesses, it can be difficult to know which service provider to choose from.HackRead Shared .
Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wildSo says Kenna Security in a refreshing piece of counter-FUD analysis.The Register Shared .
Exploit Details Emerge for Unpatched Microsoft BugA malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.Threatpost Shared .
US names three North Koreans in laundry list of cybercrime chargesTrio alleged to have been at it for more than a decade, and to have made off with well over a billion dollars.Naked Security Shared .
Hackers Targeting Apple's M1 Chip with Mac MalwareEx-NSA researcher Patrick Wardle has discovered malware that is equipped with anti-analysis capabilities and designed to specifically target Apple's new chip.HackRead Shared .
Mac Malware Targets Apple's New M1 ProcessorA malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.Threatpost Shared .
20+ Online Hate Crime Statistics and Facts for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to convert YouTube to MP3 in just a few simple stepsWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
SDK Bug Lets Attackers Spy on User's Video Calls Across Dating, Healthcare AppsApps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.Threatpost Shared .
How to live stream Australian Open freeMedvedev will be facing off against Tsitsipas at 1:30 PM AET on February 19. This is the last hurdle; the winner will go head to head with either Karatsev or Djokovic at the 2021 Australian Open men's final.Comparitech Shared .
Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all usersUpdated A parental webcam targeted at nursery schools was so poorly designed that anyone who downloaded its mobile app gained access to admin credentials, bypassing intended authentication, according to security pros - with one dad saying its creators brushed off his complaints about insecurities six years ago.The Register Shared .
ZINGR a A secure app to connect nearby peopleZINGR is one of those apps that claim minimal data collection - Here's how the app works.HackRead Shared .
First Malware Designed for Apple M1 Chip Discovered in the WildOne of the first malware samples tailored to run natively on Apple's M1 chips has been discovered.The Hacker News Shared .
Has your cloud app suite left you feeling insecure? There's a reason for thatTune in next week and discover how to tighten that gap in your remote worker security.The Register Shared .
U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency HeistDoJ indicted three North Korean hackers for conspiring to steal and extort over $1.3 billion in cryptocurrencies.The Hacker News Shared .
Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco TalosMasslogger evolution rears its ugly head, $30 gets you three month license to cause carnage.The Register Shared .
Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgsThree suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday.The Register Shared .
Stolen Jones Day Law Firm Files Posted on Dark WebJones Day, which represented Trump, said the breach is part of the Accellion attack from December.Threatpost Shared .
Windows, Linux Devices Hijacked In Two-Year Cryptojacking CampaignThe WatchDog malware has flown under the radar for two years in what researchers call one of the 'largest' Monero cryptojacking attacks ever.Threatpost Shared .
U.S. Indicts North Korean Hackers in Theft of $200 MillionThe U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted&.Krebs on Security Shared .
Cybersecurity Risk: What It Is and How Can It Be Reduced?By definition, cybersecurity risk is your potential exposure to harm when your online information or communication system is left vulnerable.HackRead Shared .
US warns of DPRK threat to cryptocurrency holders, and indicts four on conspiracy charges. Centreon says Sandworm affected unsupported open-source tooHigh Bitcoin valuation draws the attention of cybercriminals, and a number of those criminals work for Mr.The CyberWire Shared .
Ninja Forms WordPress Plugin Opens Websites to HacksThe popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.Threatpost Shared .
A Ban on Ad Targeting: Why Did EU Regulators Call for It?Brands use ad targeting to attract potential customers but is it an ethical approach? Why is the EU asking for a ban on ad targeting?HackRead Shared .
U.S. Accuses North Korean Hackers of Stealing MillionsThe feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea.Threatpost Shared .
ScamClub gang outed for exploiting iPhone browser bug to spew adsStay away from popup surveys that want personal data. Tell your friends&.Naked Security Shared .
How to Live stream Australian Open FreeHow to live stream Karolina Muchova vs Jennifer Brady.Comparitech Shared .
Clop ransomware gang leaks Jones Day law firm data on dark webA group of cybercriminals known for Clop ransomware operations leaked data stolen from the US-based law firm Jones Day on the Dark Web.HackRead Shared .
Masslogger Swipes Microsoft Outlook, Google Chrome CredentialsA new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML file format to start the infection chain.Threatpost Shared .
You don't have clearance for that: Microsoft ups the paranoia with a preview of Azure Firewall PremiumMicrosoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments.The Register Shared .
Details Tied to Safari Browser-based 'ScamClub' Campaign RevealedPublic disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.Threatpost Shared .
How to Watch Osaka v Williams: Live Stream Online FreeWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Think your backups will protect you from ransomware? What do you think the malware attacked first?So, if you are unlucky enough to get a "pay up or else" notice, there's a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.The Register Shared .
How to live stream Australian Open onlineHow to watch Karatsev vs Djokovic live online free.Comparitech Shared .
Agora SDK Bug Left Several Video Calling Apps Vulnerable to SnoopingA vulnerability in a popular video calling software development kit could have allowed attackers to spy on video and audio calls.The Hacker News Shared .
Soviet 'Enigma' cipher machine sells for $22k at collapsed museum's exhibits auctionA Soviet equivalent of Nazi Germany's Enigma cipher machine has sold for more than double its auction asking price - while a secret camera disguised as a pack of cigarettes went for nearly $20,000.The Register Shared .
Researchers Unmask Hackers Behind APOMacroSploit Malware BuilderCybersecurity researchers disclose a new kind of Office malware builder APOMacroSploit and cybercriminals behind it.The Hacker News Shared .
Palo Alto Networks drops $156m to absorb DevSecOps firm BridgecrewPalo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "key bet" at a time when the world has never been more reliant on off-premises computing.The Register Shared .
Best VPNs for Portugal in 2021: Top for Privacy, Streaming and SpeedWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam SitesA malvertising exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites.The Hacker News Shared .
Misconfigured baby monitors exposing video stream onlineA recent investigation by the SafetyDetectives cybersecurity team revealed a vulnerability in baby monitors due to their misconfiguration which could potentially allow dangerous parties to have unauthorized access to the cameraâs video stream.HackRead Shared .
LastPass to limit fans of free password manager to one device type onlyCough up if you want to use it with your laptop and phone.The Register Shared .
Complaint Blasts TikTok's 'Misleading' Privacy PoliciesTikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase.Threatpost Shared .
Let's Encrypt Gears Up to Replace 200M Certificates a DayThe open CA prepares for ‘worst scenarios' with new fiber, servers, cryptographic signing and more.Threatpost Shared .
DDoS Attacks Wane in Q4 Amid Cryptomining ResurgenceThe volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed.Threatpost Shared .
Cybersecurity trends affecting cybersecurity stocks in 2021Cybercrime is a theme dominating headlines. Below are some of the major cybersecurity trends affecting cybersecurity stocks in 2021.HackRead Shared .
France's ANSII warns of a longrunning Sandworm campaign. DPRK tried to steal COVID-19 vaccine data. Supermicro is exasperated. Static Kitten phishes iUpdates on the Florida water utility cybersabotage. Ben Yelin examines to what degree the FBI can access Signal app messages.The CyberWire Shared .
SHAREit app for Android said to share way too much: Billion-download code with holes no one wants to fixTrend Micro claims software is full of security flaws that allow data out and malware in.The Register Shared .
1 billion SHAREit Android app users exposed to malware attacksA set of vulnerabilities in the Android file sharing app SHAREit has left more than one billion users exposed to spyware and malware attacks.HackRead Shared .
Misconfigured Baby Cams Allow Unauthorized ViewingHundreds of thousands of individuals are potentially affected by this vulnerability.Threatpost Shared .
Microsoft Pulls Bad Windows Update After Patch IssueMicrosoft released a new servicing stack update after an older one caused problems for Windows users installing Patch Tuesday security updates.Threatpost Shared .
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC.In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX.The CyberWire Shared .
One sticker could have exposed your Telegram secret chatsThe flaw originated in the way the Telegram app handled animated stickers and how the secret chat functionality operated.HackRead Shared .
Ghostery Dawn Update. more!Hey there, beta testers! We have a handful of improvements in this weekâs includes the following changes: We have privacy, security, and performance Ghostery Glow now includes image search We added a link on the new tab for users that want to send us feedback To put a little more meat on the bone, Better.Ghostery Blog Shared .
Romance scams at all-time high: here's what you need to knowIt's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in.Naked Security Shared .
Using Your Data to Determine EmployabilityWhat is Cybervetting? Cybervetting is âthe process of examining prospective employeesâ online information to help make hiring decisions.â This has become a common strategy among recruiters to determine if job candidates are a suitable fit.Ghostery Blog Shared .
Unpatched Android App with 1B Downloads Allows RCEAttackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed.Threatpost Shared .
How Your Boss Might Be Spying on YouIn some cases, remote work software or devices can also give your boss tools for surveillance.New York Times Privacy Shared .
Learn How to Manage and Secure Active Directory Service AccountsThere are many different types of accounts in a typical Active Directory environment.The Hacker News Shared .
Unpatched ShareIT Android App Flaw Could Let Hackers Inject MalwareMultiple vulnerabilities in SHAREit app could be abused to leak a user's sensitive data, execute arbitrary code, and remote code execution.The Hacker News Shared .
Managed Service Provider? Watch This Video to Learn about Autonomous XDRThe Hacker News Shared .
How to Watch Good Trouble Season 3 Online From AnywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
France's cyber-agency says Centreon IT management software sabotaged by Russian SandwormWeb hosts infiltrated for up to three years in attack that somewhat resembles SolarWinds mess.The Register Shared .
Hackers Exploit IT Monitoring Tool Centreon to Target Several French EntitiesRussia-linked state-sponsored hackers Sandworm targeted IT monitoring software company Centreon in a three-year-long stealthy operation.The Hacker News Shared .
A Sticker Sent On Telegram Could Have Exposed Your Secret ChatsA flaw in Telegram messaging app could have exposed users' secret messages, photos, and videos.The Hacker News Shared .
How one man silently infiltrated dozens of high-tech networksEver counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!Naked Security Shared .
Bluetooth Overlay Skimmer That Blocks ChipAs a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States that recently found bluetooth-enabled skimming devices placed over top of payment card terminals at several stores.Krebs on Security Shared .
Cybercrooks Rake in $304M in Romance ScamsThe number of people being targeted by fake has spiked during the COVID-19 pandemic.Threatpost Shared .
Court docs show FBI can unlock iPhones, access Signal messagesCourt documents obtained by media have revealed the FBI has specific tools that allow the bureau to access private Signal messages even on locked iPhones.HackRead Shared .
Naked Security Live When is a bug bounty not a bug bounty?We discuss bug hunting - how to do it professionally, how NOT to do it, and how to react when bugs are reported to you.Naked Security Shared .
Members of the infamous Egregor ransomware arrested in UkraineUkrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Several arrests were made last week, and the main suspects' Blockchain records were analyzed to trace them.HackRead Shared .
UK watchdog fines two firms £270k for cold-calling 531,000 people who had opted outAnother month and two more British companies behind nuisance marketing calls are collectively facing a £270,000 penalty for breaking the law by calling people registered by the Telephone Preference Service.The Register Shared .
Egregor ransomware criminals allegedly busted in UkraineMore good news in the cybercrime law-and-order world, this time a bust of ransomware crooks.Naked Security Shared .
Let's Encrypt completes huge upgrade, can now rip and replace 200 million security certs in 'worst case scenario'Plus: SentinelOne picks up Scalyr, fatal flaws in TCP, and a view on Supermicro.The Register Shared .
Apple will proxy Safe Browsing requests to hide iOS users' IP from GoogleApple to make fraudulent website warning more private by proxying iOS 14.5 users IP address.The Hacker News Shared .
Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attackAs FireEye reveals how suspicious second phone signed up for 2FA gave the game away.The Register Shared .
How CPUs Access HardwareWhen I looked at another SerenityOS exploit, I learned something new! The hack is very creative and directly interacts with hardware.LiveOverflow Shared .
DWP uses excessive surveillance on suspected fraudsters, report findsClaimants are tailed, identified on CCTV and their social media monitored, Privacy International finds.Guardian Privacy Shared .
It will come as a surprise to some, but even Meghan has a right to her privacyThe high court has ruled in no uncertain terms that a public interest defence isnt about the public being interested.Guardian Privacy Shared .
Dr. Jessica Barker: Cybersecurity has a huge people element to it.Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity.The CyberWire Shared .
Hacked Finnish psychotherapy clinic files for bankruptcyFinnish-based psychotherapy practice, Vastaamo, earlier came into the worldâs attention back in October 2020 after it suffered a devastating attack by cybercriminals who threatened to leak the patients' data unless they agreed to pay a bitcoin ransom of â¬200.HackRead Shared .
Facebook v Apple: the looming showdown over data tracking and privacyFacebook says collecting user data across the internet makes for better experiences. Apple and privacy groups are pushing back.Guardian Privacy Shared .
Is It Illegal To Watch Netflix Using a VPN?It's reported that approximately 3 in every 10 VPN users stream Netflix each month to access a more extensive content library, but is it legal?HackRead Shared .
12-Year-Old vulnerability in Windows Defender risked 1 billion devicesA critical security vulnerability was identified in Windows Defender, an anti-malware component of Microsoft Windows that comes pre-installed with every copy of Windows.HackRead Shared .
Using the human body as a wire-like communication channel.Guest Dr. Shreyas Sen, a Perdue University associate professor of electrical and computer engineering, joins us to discuss the following scenario:.The CyberWire Shared .
Yandex Employee Caught Selling Access to Users' Email InboxesThe Hacker News Shared .
Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists BloombergServer maker says latest article is 'a mishmash of disparate allegations'The Register Shared .
Party Time!Next, We dive straight Into the Security News, discussing Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left millions of IoT devices, A Simple And Yet...Paul's Security Weekly Shared .
MHealth Apps Expose Millions to CyberattacksResearcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.Threatpost Shared .
Alleged hardware backdoors, again. Selling game source code. ICS security, especially with respect to water utility cybersabotage. Don't be the hackerBloomberg revives its reporting on hardware backdoors on chipsets. Has someone bought the source code for the Witcher and Cyberpunk?The CyberWire Shared .
Yandex Data Breach Exposes 4K+ Email AccountsIn a security notice, Yandex said an employee had been providing unauthorized access to users' email accounts "for personal gain."Threatpost Shared .
How cloud data distracts businesses from correct data security practicesCompanies are increasingly migrating to cloud-based servers to store their data. More than half of all businesses report that their data is stored in the cloud, and itâs easy to see why.Â.HackRead Shared .
Adobe Overflow, Microsoft Patches 3 and Skips 1, and Apple Sudo FixOn this week's news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS.Paul's Security Weekly Shared .
Annoyingly Believable Tax Refund Scam Targets MobileA well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.Threatpost Shared .
Singtel Suffers Zero-Day Cyberattack, Damage UnknownThe Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.Threatpost Shared .
Fallen victim to online fraud? Here's what to do&Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen.Naked Security Shared .
Security architect career guide: How to become a security architectWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Florida Water Plant Hack: Leaked Credentials Found in Breach DatabaseResearchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.Threatpost Shared .
206-Website Analytics Concerns and SolutionsDirect support for this podcast comes from sales of my books. More details can be found on the Books tab at IntelTechniques.com.The Complete Privacy & Security Podcast Shared .
Footfallcam kerfuffle: Firm apologises, promises to fix product after viral Twitter thread, infoseccer backlashAccusations of grey hat infosec consultancy extortion ring drop away after El Reg intervenes.The Register Shared .
Top on-campus Cyber Security Degrees in 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Best Online PhDs in Cyber Security for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Secret Chat in Telegram Left Self-Destructing Media Files On DevicesThe Hacker News Shared .
SMS tax scam unmasked: Bogus but believable dont fall for it!Everyone loves a tax refund - just don't get so excited that you forget to check for telltale signs of a scam.Naked Security Shared .
Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe BrowsingApple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites.The Register Shared .
Taking SelfiesThis week, in the Enterprise Security News, A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers...Paul's Security Weekly Shared .
Valentine's Day Malware Attack Mimics Flower StoreEmails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.Threatpost Shared .
Meghan Markle Wins Privacy Case Against Mail on SundayThe Duchess of Sussex sued after The Mail on Sunday published extracts of a letter she had written to her estranged father in 2018.New York Times Privacy Shared .
Phishing awareness gone wrong: Facebook tries to seize websites set up for staff security trainingProofpoint conducts cybersecurity training for organizations, part of which includes phishing awareness testing. This involves sending participating employees simulated phishing messages with deceptive domain names to entice them to click on links or visit web pages that in a real threat scenario would be trying to trick visitors into submitting...The Register Shared .
Spyware in the Subcontinent. Notes on cyber fraud, cyber theft, and ransomware. The US gets a chief to lead response to Solorigate. Updates on the FloSome crooks auction stolen game source code while others bilk food delivery services. Emotet survived its takedown.The CyberWire Shared .
Meghan wins her privacy case against the Mail on SundayThe Duchess of Sussex has won her high court privacy case against the Mail on Sunday after a judge granted summary judgment in her favour over the newspaper publishing extracts of a "personal and private" handwritten letter to her estranged father, Thomas Markle.Guardian Privacy Shared .
Researchers Uncover Android Spying Campaign Targeting Pakistan OfficialsTwo new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir.The Hacker News Shared .
Celeb SIM-Swap Crime Ring Stole $100M from U.S. VictimsThe attackers ported victims' cell phone lines and then defeated 2FA to access accounts and apps.Threatpost Shared .
How Email Attacks are Evolving in 2021The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.Threatpost Shared .
Various Malware Lurking in Discord App to Target GamersResearch from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.Threatpost Shared .
Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales repAn Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night.The Register Shared .
S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolenWe delve into Google's tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain.Naked Security Shared .
Military, Nuclear Entities Under Target By Novel Android MalwareThe two malware families, which researchers call "Hornbill" and "SunBird," have sophisticated capabilities to exfiltrate SMS messages, encrypted messaging app content and geolocation, as well as other types of sensitive information.Threatpost Shared .
The Weakest Link in Your Security Posture: Misconfigured SaaS SettingsA company is only as safe as the weakest SaaS security configuration or user role.The Hacker News Shared .
10 SIM Swappers Arrested for Stealing $100M in Crypto from CelebritiesThe Hacker News Shared .
Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at presentGoogle Cloud Platform account required, API key comes with Ts and Cs.The Register Shared .
Poor Password Security Lead to Recent Water Treatment Facility HackThe Hacker News Shared .
Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government AgenciesUAE and Kuwait government agencies are targets of a new cyberespionage campaign carried out by Iranian threat actors.The Hacker News Shared .
The Best SQL Recovery Tools for 2021We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .