Cyber Security

All the latest Cyber Security and Privacy News

spinner

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secretsAssimilation completed! HPE says it has finished the merger with Cray and unveils combo supercomputing lineup.

The Register Shared .

Vilfo VPN Router Review: Fast and Secure, Worth the Price?This Vilfo VPN router review is a summary of our test results and analysis.

Restore Privacy Shared .

Robocall Legal Advocate Leaks Customer DataA California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Krebs on Security Shared .

Days after Trump suggests pausing election over security, US House passes $500m for states to do just thatChances of it getting enacted in time for the election - slim to almost nil.

The Register Shared .

Automate Recon with Your Own Bash ScriptTo graduate to the big leagues and learn more about networking, you need to learn how to write your own hacking scripts.

Null Byte Shared .

Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns oMicrosoft is in talks to acquire TikTok as the US hints that it may be considering action against other Chinese software companies.

The CyberWire Shared .
Advertisement Google Ad Network

Google Updates Ad Policies to Counter Influence Campaigns, ExtortionStarting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content.

Threatpost Shared .

How hackers behind Twitter Bitcoin scam were caughtThe Twitter Bitcoin scam allowed hackers to rake in over £80,000/$100,000. Here's how they got arrested in the US and the UK.

HackRead Shared .

Netgear Won't Patch 45 Router Models Vulnerable to Serious FlawAlmost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models.

Threatpost Shared .

UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?Chinese-owned vid app reportedly moving HQ to London.

The Register Shared .

Transmission of Pakistani news channel interrupted to display Indian flagProminent Pakistani news channel Dawn had its transmission hacked amid commercial break on Sunday. Here's what happened.

HackRead Shared .

Garmin Pays Up to Evil Corp After Ransomware Attack — ReportsThe ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.

Threatpost Shared .

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulnsOpenSSF to take projects from CII and OSSC under its umbrella.

The Register Shared .

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec HolesWith Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers.

Threatpost Shared .

'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked.

The Register Shared .

Meetup Critical Flaws Allow 'Group' Takeover, Payment TheftResearchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."

Threatpost Shared .

WhatsApp spyware attack: senior clergymen in Togo among activists targetedBishop from Togo among 1,400 individuals alerted by WhatsApp to malware attack.

Guardian Privacy Shared .

Monday review a€“ our recent stories revisitedGet yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Naked Security Shared .

This Tool Could Protect Your Photos From Facial RecognitionResearchers at the University of Chicago want you to be able to post selfies without worrying that the next Clearview AI will use them to identify you.

New York Times Privacy Shared .

Oh cool, more Cisco patches to apply. Happy MondayMeanwhile, Linux KDE desktops can be pwned by evil archives.

The Register Shared .

Rely on your strengths in the areas of the unknown.Director of Security Engineering at Marketa and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability.

The CyberWire Shared .

Best VPN for China: Only These 4 Work WellMany VPNs that claim to work in China are actually getting blocked. After testing all the popular providers, I only recommend these 4 VPNs for China.

Restore Privacy Shared .
Advertisement Google Ad Network

Best VPN for Netflix: Only These 5 Work WellAs an overseas Netflix user, I've tested numerous VPN services to find the best VPN for Netflix that always works with excellent streaming quality.

Restore Privacy Shared .

ExpressVPN vs NordVPN: ONE Clear WinnerNordVPN and ExpressVPN are both large, popular VPN services. In this ExpressVPN vs NordVPN comparison there is a clear winner for 2020.

Restore Privacy Shared .

181-B-Four More Minutes Please…Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at to ALL episodes at.

The Complete Privacy & Security Podcast Shared .

Detecting Twitter bots in real time.NortonLifeLock Research Group released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time.

The CyberWire Shared .

Twitter hack  three suspects charged in the USThree people have been fingered for the recent Twitter hack in which 45 high-profle accounts were taken over.

Naked Security Shared .

Namecheap VPN ReviewNamecheap VPN is an affordable VPN service with apps for most devices. Unfortunately, we uncovered some problems in this Namecheap VPN review.

Restore Privacy Shared .

Intercept LAN Traffic with a Packet SquirrelA hacker and pentester has many tools in their arsenal. When a hack sometimes requires physical access to a device, one such tool that is particularly handy is the Hak5 Packet Squirrel.

Null Byte Shared .

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutorsAlleged 17-year-old mastermind among trio charged over account mass hijackings.

The Register Shared .

4 including a juvenile charged over July 15th Twitter hackThe Twitter hack allowed hackers to rake in over £80,000/$100,000. Here's who has been arrested and from where.

HackRead Shared .

Three Charged in July 15 Twitter CompromiseThree individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam.Â.

Krebs on Security Shared .

Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demandUS travel company CWT has reportedly coughed up $4.5m to ransomware crooks who stole data and scrambled files.

Naked Security Shared .

4 Unpatched Bugs Plague Grandstream ATAs for VoIP UsersThe flaws have been confirmed by Grandstream, but no firmware update has yet been issued.

Threatpost Shared .

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

The Hacker News Shared .

Authorities Arrest Alleged 17-Year-Old 'Mastermind' Behind Twitter HackThree have been charged in alleged connection with the recent high-profile Twitter hack - including a 17-year-old teen from Florida who is the reported "mastermind" behind the attack.

Threatpost Shared .

GRU Fancy Bear, Garmin Ransomware, and Doki Docker Backdoor AttacksThis week, 'Boothole' vulnerability basically affects everything, Garmin Pays Ransomware but the implications are scary, Doki, Fancy Bear, GRU, Fancy Bear is hitting lots of US targets in an escalating campaign ,and someone who does like Assange doesn't like Idaho very much!

Paul's Security Weekly Shared .

TikTok: Trump reportedly to order parent company to sell Chinese-owned appMicrosoft is reported to be looking into buying the TikTok's US operations as the app's data privacy practices have come under fire.

Guardian Privacy Shared .

Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. AnA quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns.

The CyberWire Shared .

Hackers used phone phishing on Twitter employee to access internal toolsOne of the Twitter employees was tricked into a phone phishing attack allowing hackers to access the company's internal support tool.

HackRead Shared .

CWT Travel Agency Faces $4.5M Ransom in Cyberattack, ReportIn a media statement to Threatpost, CWT confirmed the cyberattack, which it said took place this past weekend: "We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased."

Threatpost Shared .

Anti-NATO Disinformation Campaign Leveraged CMS CompromisesResearchers uncovered a disinformation campaign aiming to discredit NATO via fake news content on compromised news websites.

Threatpost Shared .

How to Live Stream Arsenal vs Chelsea OnlineWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

EU sanctions hackers from China, Russia, North Korea who're wanted by the FBIEuropean Union imposes sanctions on China, Russia, and North Korean hackers who are wanted by the FBI for various cyber-attacks.

The Hacker News Shared .

181-Four Updates in Ten MinutesSupport for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at to ALL episodes at.

The Complete Privacy & Security Podcast Shared .

Twitter: Epic Account Hack Caused by Mobile Spearphishing ScamHackers "mislead certain employees" to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.

Threatpost Shared .

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty.

The Register Shared .

Pwn20wn hackathon to be held online in November 2020Similar to their spring event, the Pwn2Own hackathon is happening virtually in November 2020. The Zero Day initiative with their expert team of researchers has decided to go live from their Toronto office, unlike previous years wherein, the event used to be held at the PacSec Applied Security Conference in Tokyo, Japan.

HackRead Shared .

7 Best VPNs for Finland in 2020 for Speed, Streaming and PrivacyWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to tell if your phone or computer has been hackedWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machinesInflammatory findings from deadly serious investigation.

The Register Shared .

In the market for a second-hand phone? Check it's still supported by the vendorThat means no security updates, which puts users at risk of compromise.

The Register Shared .

EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crewsRussian, Chinese, Nork groups named in bank asset freeze.

The Register Shared .

Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking holeStory behind a hasty teardown, fixing of a brute-force vulnerability.

The Register Shared .

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijackAttack came in waves that probed for staff with access to the creds crims craved.

The Register Shared .

ABC drawn into row over naming Brisbane women accused of Covid-19 quarantine deceptionAunty comes under fire from within own ranks for following Courier-Mail's lead. Plus, Ben English defends tabloid attacks on Dan Andrews.

Guardian Privacy Shared .

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is rightWarnings either not new or need more study, reckons open-source dev team.

The Register Shared .

Zoom Flaw Could Have Allowed Hackers To Crack Meeting PasscodesZoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.

Threatpost Shared .

Zoom web client flaw could've let hackers crack meetings passcodeThe vulnerability, if exploited, would have affected millions of Zoom users worldwide - There are more than 13 million Zoom users worldwide.

HackRead Shared .

OpinionCongress was once filled with "Atari Democrats." This week's hearings showed their transformation into trust busters.

New York Times Privacy Shared .

A quick look at Big Tech's antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage aYesterday's antitrust hearings in the US House of Representatives focus on Big Tech's big data as something open to use in restraint of trade.

The CyberWire Shared .

Flaws in OkCupid app could have exposed millions of user data to hackersOkCupid app known as a popular dating platform has over 50 million registered users. Here's the video demonstration.

HackRead Shared .

Doki Backdoor Infiltrates Docker Servers in the CloudThe malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.

Threatpost Shared .

Servers at risk from BootHole bug  what you need to knowWe explain the "BootHole" vulnerablity - as usual, in plain English and without hype. Find if you're affected, and what to do.

Naked Security Shared .

Is Your Chip Card Secure? Much Depends on Where You BankChip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe.

Krebs on Security Shared .

How to get a Finland IP Address from anywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Best VPNs for Serbia in 2020: Top for privacy, speed and streamingWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to watch Romanian TV online from anywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Critical, High-Severity Cisco Flaws Fixed in Data Center Network ManagerThe flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.

Threatpost Shared .

Vermont Taxpayers Warned of Data Leak Over the Past Three YearsA vulnerability in the state's system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online.

Threatpost Shared .

An Intern's Perspective: Why Do I Need Ghostery MidnightA refreshing perspective from a Ghostery Intern on why internet users need Ghostery Midnight as a privacy tool and how it works.

Ghostery Blog Shared .

NmapIn this video, I demonstrate how to optimize, speed up, and slow down your Nmap scans based on the type of network environment or target you are dealing with.

HackerSploit Shared .

If you own one of these 45 Netgear devices, replace it: Firm won't patch vulnerable gear despite live proof-of-concept codeThat's one way of speeding up the tech refresh cycle.

The Register Shared .

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in MinutesA new vulnerability in Zoom video conferencing software could have let attackers re-enable 'Zoom-Bombing' attacks by cracking Zoom meeting passwords in minutes.

The Hacker News Shared .

Argentina health officials expose personal data on 115,000 COVID-19 quarantine exemption applicantsHealth officials in Argentina exposed a database on the web containing personal information from people who applied for COVID-19 circulation permits, which exempt recipients from quarantine restrictions.

Comparitech Shared .

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratchNo data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer.

The Register Shared .

Rainbow HandsThis week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen...

Paul's Security Weekly Shared .

Critical Magento Flaws Allow Code ExecutionAdobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.

Threatpost Shared .

YOU… SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, appsBecause no one likes to install spoof system files.

The Register Shared .

9,517 unsecured databases identified with 10 billion records globallyA research conducted by NordVPN's NordPass password manager reveals more than nine thousand unsecured databases across 20 countries can be attacked effortlessly.

HackRead Shared .

Billions of Devices Impacted by Secure Boot BypassThe "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks.

Threatpost Shared .

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

The Hacker News Shared .

Here's Why Credit Card Fraud is Still a ThingMost of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud.

Krebs on Security Shared .

Alleged Russian disinformation campaigns. Beijing's cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech's day with CongAlleged Russian influence operations described by US intelligence services. "Ghostwriter" targets the Baltic region with anti-NATO false narratives.

The CyberWire Shared .

Critical Bugs in Utilities VPNs Could Cause Physical DamageGear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.

Threatpost Shared .

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a systemWe're gonna keeping punning this until someone pays us $5m.

The Register Shared .

Critical Security Flaw in WordPress Plugin Allows RCEWordPress plugin Comments - wpDiscuz, which is installed on over 70,000 sites, has issued a patch.

Threatpost Shared .

US tax service says, "2FA is a must! "We know it's an old drum, but we're not tired of beating it yet: 2FA is your friend.

Naked Security Shared .

Digital advertising market study: the good, the bad and the uglyThe Competition and Markets Authority recently released their market study on online platforms and digital advertising.

Open Rights Group Shared .

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

The Hacker News Shared .

Chinese ambassador to UK threatens to withdraw Huawei, £3bn investment if comms giant banned from building 5GSurprise pledge catches company on the hop: 'We have announced no change to our strategy'

The Register Shared .

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security SystemsAlgorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.

Threatpost Shared .

Crypto wallet Ledger data breach; hackers steal 1m emails and other dataLedger has acknowledged that hackers also gained access to 9500 Phone numbers among other data.

HackRead Shared .

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

The Hacker News Shared .

OkCupid Dating App Flaws Could've Let Hackers Read Your Private MessagesNew vulnerabilities in OkCupid, popular online dating platform, could have let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts.

The Hacker News Shared .

OkCupid Security Flaw Threatens Intimate Dater DetailsAttackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.

Threatpost Shared .

No wonder Brit universities report hacks so often: Half of staff have had zero infosec training, apparentlyPlus: Don't worry, students. The attackers told us they destroyed your data.

The Register Shared .

Japan starts work on global quantum crypto networkToshiba leads effort that aspires to run 100 quantum cryptographic devices for 10,000 users by 2024.

The Register Shared .

City Praises Contact-Tracing Program. Workers Call Rollout a ‘Disaster.'The contact tracers said the program was confusing and disorganized in its first six weeks, leaving them fearful that their work would not have an impact on the virus.

New York Times Privacy Shared .

Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC'Outfit Substack does the usual apologising.

The Register Shared .

Lazarus Group Brings APT Tactics to RansomwareA new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.

Threatpost Shared .

Get Off My Discord Server!This week, John Snyder will lead the discussion about the legal implications of Security and Compliance!

Paul's Security Weekly Shared .

How to get a Portugal IP address from anywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to get a Luxembourg IP address from abroadWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hCloudflare says that reported Ukrainian breaches aren't its issue. Trend Micro describes a new and unusually capable strain of malware.

The CyberWire Shared .

We're suing Google for harvesting our personal info even though we opted out of Chrome syncBrowser quitters say they'll return if web goliath lives up to privacy promises.

The Register Shared .

ShinyHunters, QSnatch Malware, and DEF CON Safe ModeThis week, QSnatch, dave.com, ShinyHunters, a quantum internet, government tyranny, and DEFCON! Jason Wood returns with Expert Commentary on A Cyberattack on Garmin Disrupted More Than Workouts!

Paul's Security Weekly Shared .

Cosmetic giant Natura leaks data again; this time 19 million Avon recordsAvon Products, Inc. is owned Brazil's Natura and Co. which itself leaked over 192 million records in May 2020.

HackRead Shared .

MPs may have been misled over BAME voter ID claimsElectoral Commission says data that proves voter ID doesn't discriminate against BAME people doesn't exist.

Guardian Privacy Shared .

A Seat at the TableThis week, we welcome Drew Cohen, President and CEO at MasterPeace Solutions Ltd., to discuss Cybersecurity Challenges in a Teleworking World!

Paul's Security Weekly Shared .

DJI's Android App: Ripe for a Hack or Legitimate Usage?Or is it nothing to worry about?, Twitter shares more info about the hack, and Garmin is hit with ransomware!

Hak5 Shared .

Firefox 79 is out  its a double-update month so patch now!It's a Blue Moon month for Firefox - the second full update in July!

Naked Security Shared .

Hacker disrupts Emotet botnet operation by replacing payload with GIFsEmotet is one of the most commonly used botnets nowadays, which is distributed via wireless networks and can load different types of malware.

HackRead Shared .

Practical Privacy: Basic Principles and Default SettingsThere are practical privacy standards that can and should be used as a foundation upon which we build our digital world - privacy by design.

Ghostery Blog Shared .

Researchers Warn of High-Severity Dell PowerEdge Server FlawA path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.

Threatpost Shared .

MI6 tried to intervene in independent court by stopping judge seeing legal papersIt must have been love, but it's over now: Rockset tries to break up storage and compute, meet transactional, data-warehouse systems in middle.

The Register Shared .

Find out this week: How to build a cyber threat intelligence program while cutting through the noiseTune in online to get a handle on separating good data from clutter.

The Register Shared .

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS DevicesQSnatch data-stealing malware has compromised 62,000 devices since reports emerged last October.

The Hacker News Shared .

Tune in this week to learn all about an identity-centric approach to zero-trust securityIt's time to think beyond simple perimeter defenses.

The Register Shared .

Business ID Theft Soars Amid COVID ClosuresIdentity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned.

Krebs on Security Shared .

Create Brute-Force Wordlists from Leaked Password DatabasesBrute-force attacks are a common way that hackers crack passwords. However, it also tends to be slow and inefficient.

Null Byte Shared .

It Makes No SenseThis week, we welcome John Matherly, Founder of Shodan, to talk about Fixing Vulnerabilities Effectively and Efficiently!

Paul's Security Weekly Shared .

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infectionsIf you're still using a vulnerable box, you ought to factory reset it before patching.

The Register Shared .

Microsoft Revamps Windows Insider Preview Bug Bounty ProgramResearchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.

Threatpost Shared .

Source code of over 50 high profile organizations leaked onlineSource code leak took place due to a misconfiguration error. Here's what happened and which companies were involved.

HackRead Shared .

Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.A vigilante appears to be interfering with Emotet's payloads. A fintech breach is blamed on a third-party service provider.

The CyberWire Shared .

Attackers Exploiting High-Severity Network Security Flaw, Cisco WarnsAttackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.

Threatpost Shared .

Cloudflare suffered data leak; exposing 3 million IP addresses: UkraineThe National Security and Defense Council of Ukraine claims the data leak has exposed millions of top websites to cyber attacks.

HackRead Shared .

Encryption Under 'Full-Frontal Nuclear Assault' By U.S. BillsThe U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.

Threatpost Shared .

7 Best VPNs for Luxembourg in 2020: Top for Speed and PrivacyWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's whySAP takes a punch to its software licensing revenue but Ellison's promise of customer exodus to Oracle seemingly fails to materialise.

The Register Shared .

How to Delete your Twitter Account PermanentlyWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to Watch Finnish TV Shows Online abroadWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

What is an Advanced Persistent Threat , With ExamplesWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

ProLock ransomware  new report reveals the evolution of a threatRansomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say they'd never pay up.

Naked Security Shared .

How to Watch New Zealand TV Shows Online From AbroadWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

The 5 Best iSaaS Tools for 2020 + Guide to iSaaSWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to Perform an External Vulnerability ScanWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Monday review  our recent stories revisitedOur most recent articles and videos, all in one place.

Naked Security Shared .

Best VPNs for Kenya in 2020: Top for streaming, speed and privacyWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to get a Kenya IP Address Anywhere: Step-by-step guideWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to Watch Wentworth Season 8 Online from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Learn Machine Learning and AIEssential AI and Machine Learning Certification Training Bundle aims to help you explore the technology, with four hands-on video courses working towards certification.

The Hacker News Shared .

Endpoint Security Guide: What is Endpoint Protection?We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

UKIP blackmail, data breach sueball allegations were groundless, rules High CourtTawdry political scuffle over database access binned for lack of evidence.

The Register Shared .

Encryption laws are hurting Australia's tech sector, Atlassian saysAn inquiry into the encryption laws resumed on Monday before the parliamentary joint committee on intelligence and security, hearing from the industry leader Atlassian, which said it was presenting concerns on behalf of other players who "do not have the resources to engage in such advocacy".

Guardian Privacy Shared .

IOS14 shows Instagram access camera even when users scroll photo feedIPhone's iOS14 shows that Instagram opens the user's camera even when they are only scrolling through their photo feed.

HackRead Shared .

Steve Wozniak sues YouTube over Bitcoin giveaway scams using his nameApple co-founder Steve Wozniak is suing YouTube and its parent company Google for allegedly allowing phony Bitcoin giveaway that exploits his name and likeness to scam people.

HackRead Shared .

No matter the statistic, even if against the odds, focus on what you want.Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl.

The CyberWire Shared .

Hackers leak 7m Dave.com accounts; 17m Couchsurfing accounts for saleA couple of days ago, it was discovered that Couchsurfing was hacked subsequent to which the data of its 17 million users was found being sold on a hacker forum and conventional messaging apps like Telegram for $700.

HackRead Shared .

How to Watch Wynonna Earp Season 4 Online from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

How to watch The Alienist Season 2 Online AbroadWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Gouge My Eyes Out With ForksThis week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications!

Paul's Security Weekly Shared .

How to Watch A Suitable Boy Online AbroadWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Best VPNs with Ad BlockingAs most readers know, online ads are a big threat to both privacy and security.

Restore Privacy Shared .

It was only a matter of time.On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability.

The CyberWire Shared .

Psst. You may want to patch this under-attack data-leaking Cisco bugPlus: US govt sounds the alarm on industrial equipment attacks.

The Register Shared .

Thinking of a Cybersecurity Career? Read ThisThousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills.

Krebs on Security Shared .

NordVPN vs SurfsharkSurfshark and NordVPN are both popular VPN services with a lot in common  but there was only one winner in this NordVPN vs Surfshark comparison report.

Restore Privacy Shared .

It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databasesProtoVPN IP range fingrered as source of destructive attacks.

The Register Shared .

Crown JewelsThis week, we welcome Mark Ralls, President and Chief Operating Officer at Acunetix, to discuss The Evolution of Enterprise Web Apps and Its Impact on Web Security!

Paul's Security Weekly Shared .

Forex Trading and Online Security: Things to Look Out ForHave you recently started to trade on the Forex market? If so, you are probably busy trying to learn the best strategies and tips to make the most money in the least amount of time.

HackRead Shared .

BadPower Attacks, Emotet Returns, and Twitter Hack Follow UpThis week, Twitter is still hacked, social engineering, Emotet returns, Chinese Hackers, Your VPN is definitely lying to you, Bad Power, and Doug Revisits Forever Hack via the Meow Attack!

Paul's Security Weekly Shared .

A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who's got the keys to Twitter? Sino-American cyber tenCISA and NSA warn of a foreign threat to US critical infrastructure. A look at what the Bears have been up to lately.

The CyberWire Shared .

DJI drone app can transfer sensitive data and install malicious appsDJI drone app called "DJI GO4" can have full control of the users' devices, claims researchers from two cyber security firms.

HackRead Shared .

DJI Drone App Riddled With Privacy Issues, Researchers AllegeThe DJI GO 4 application open users' sensitive data up for the taking, researchers allege.

Threatpost Shared .

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical BugPower plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.

Threatpost Shared .

Ransomware attack on fitness devices maker Garmin cripples operationGarmin ransomware attack not only disrupted its operation but also affected its call center. Here's what happened.

HackRead Shared .

Cabinet Office takes over control of UK government data: Mundane machinery or Machiavellian manoeuvrings?Argh! Dominic Cummings' department! Everybody panic!

The Register Shared .

ASUS routers could be reflashed with malware  patch now!Computing gear of this sort - a market segment often referred to as the Internet of Things , because the devices are typically tiny and don't look or feel like traditional computers - is generally simple to use, and thanks to a highly competitive market is usually built down to a price, which is good news for consumers&.

Naked Security Shared .

180-Contact Management and Crash Reporting ConcernsThis week I discuss considerations for contact management, along with several ways your stored contacts are abused, a privacy concern with Wickr and other apps which use third-party crash reporting and analytics, plus an interesting OSINT tip which could identify a target's iPhone serial number.

The Complete Privacy & Security Podcast Shared .

Brit unis hit in Blackbaud hack inform students that their data was nicked, which has gone as well as you might expectThat cloudy CRM firm paid ransom doesn't fill anyone with confidence.

The Register Shared .

Malicious 'Blur' Photo App Campaign Discovered on Google PlayTwenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads.

Threatpost Shared .

UK's NCSC reveals Premier League footie clubs to be ripe pickings for cybercrooks: One almost lost £1m to BEC attackIntel's 7nm is busted, chips delayed, may have to use rival foundries to get GPUs out for US govt exascale super.

The Register Shared .

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twistBe careful about bunking off when you're billing your hours to a government.

The Register Shared .

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack

The Hacker News Shared .

Researchers Reveal New Security Flaw Affecting China's DJI Drones

The Hacker News Shared .

Prince Harry and Meghan Sue Over Photos of Their Son, ArchieThe couple contend that the photos were most likely taken with a drone or telephoto lens while they were in their backyard in the Los Angeles area, which violates California's so-called paparazzi law.

New York Times Privacy Shared .

Crack SSH Private Key Passwords with John the RipperThe Secure Shell network protocol, usually used to manage remote machines, is prone to password brute-forcing.

Null Byte Shared .

Congrats, First American Title Insurance, you've made technology history. For all the wrong reasonsInsurer is first biz to be charged in New York for data security negligence after exposing millions of records to the web.

The Register Shared .

Cryptojacking botnet Prometei uses NSA exploit to steal data, mine MoneroPrometei mainly exploits the SMB protocol to move across the targeted system laterally. The infection chain starts with compromising the device's Windows SMB protocol through exploiting SMB vulnerabilities like EternalBlue or the more recent vulnerability SMBGhost.

HackRead Shared .

Cisco Network Security Flaw Leaks Sensitive DataThe flaw exists in the web services interface of Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices.

Threatpost Shared .

Garmin Suffers Reported Ransomware AttackGarmin's services, websites and customer service have all been down since Wednesday night.

Threatpost Shared .

Twitter: hackers got a few accounts' DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.Twitter updates the news of last week's incident: the attackers seem to have accessed some direct messages.

The CyberWire Shared .

Bridgecrew: Our mission is to set cloud security freeCloud misconfiguration screw-ups are ‘completely avoidable'

The Register Shared .

NordVPN Review: Blazing Fast and Secure, But With DrawbacksNordVPN is one of the most popular VPN services. In this NordVPN review we exam how it does in real-world testing with speeds, security, and unblocking.

Restore Privacy Shared .

Sharp Spike in Ransomware in U.S. as Pandemic Inspires AttackersThe COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things devices seeing sharp increases in the U.S. for the first half of the year.

Threatpost Shared .

Sports team nearly paid a $1.25m transfer fee& to cybercrooksIf a crook is already inside your email, occasionally adding in believable emails of their own& how on earth do you spot the fake ones?

Naked Security Shared .

NY Charges First American Financial for Massive Data LeakIn May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp.

Krebs on Security Shared .

ASUS Home Router Bugs Open Consumers to Snooping AttacksThe two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router.

Threatpost Shared .

Cisco, Zoom and Others Must Bolster Security, Say Privacy ChiefsPrivacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures.

Threatpost Shared .

New privacy tool 'Fawkes' blocks your images from facial recognitionFawkes was tested against Facial AI including Microsoft Azure Face API, Amazon Rekognition, and Face++ amongst and beat all of them.

HackRead Shared .

Twitter hack latest: Up to 36 compromised accounts had their private messages readWaves subside for now as microblogging site faces tough questions.

The Register Shared .

Twitter: Hackers Accessed Private Messages for Elite AccountsAn elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late Wednesday, as part of Twitter's interest in sharing "more specifics about what the attackers did with the accounts they accessed."

Threatpost Shared .

Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'… Update silently breaks IDS/IPSBad traffic rules from HQ caused intrusion detection and prevention on gateways to just stop working.

The Register Shared .

Popular Chinese-Made Drone Is Found to Have Security WeaknessResearchers found a potential vulnerability in an app that helps power the drones, highlighting U.S. officials' concerns that Beijing could get access to information about Americans.

New York Times Privacy Shared .

UK surveillance laws tightened up as most spying demands to be subject to warrantsRetired judges now to take greater part in overseeing council snoopers.

The Register Shared .

North Korean Hackers Spotted Using New Multi-Platform Malware Framework

The Hacker News Shared .

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time griftersMicrosoft Q4 sales up, profit down, shares down. More importantly, someone reboot the CEO. He keeps repeating 'tech intensity' over and over.

The Register Shared .

Best VPNs for GamingFirst, lets get one thing straight. This isnt your typical gaming VPN review. Many of the reviews of VPNs for gaming seem to believe that there is one best VPN for all gamers.

Restore Privacy Shared .

'BadPower' attack on fast chargers can burn your smartphoneBadPower was tested on 35 fast charging models out of 234 available in the market and it turns out 18 models showcased vulnerability.

HackRead Shared .

OilRig APT Drills into Malware Innovation with Unique BackdoorThe RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images.

Threatpost Shared .

Apple Security Research Device Program Draws Mixed ReactionsApple's Security Research Device program is now open to select researchers - but some are irked by the program's vulnerability disclosure restrictions.

Threatpost Shared .

Twitter Hacking for Profit and the LoLsThe New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week's epic hack against Twitter.

Krebs on Security Shared .

Hackers destroy leaked UFO VPN database in massive Meow attackUFO VPN was caught saving and leaking user logs despite complaining strictly no-log policy. Here's what happened now.

HackRead Shared .

Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate."Meowing" is now a thing: the automated discovery and wiping of exposed and unprotected databases.

The CyberWire Shared .

Lazarus Group Surfaces with Advanced Malware FrameworkThe North Korean APT has been using the multiplatform framework, called MATA, for a number of purposes, from spying to financial gain.

Threatpost Shared .

Naughty PeopleThis week, we have a very special edition of Security and Compliance weekly, welcoming the PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper, as they answer all of the toughest PCI questions in a two part interview!

Paul's Security Weekly Shared .

Hot Take: the Russia Report and ElectionsAmongst the many revelations in the Russia report, a battle is playing out for the future regulatory landscape of UK elections.

Open Rights Group Shared .

Leak Exposes Private Data of Genealogy Service UsersAn exposed ElasticSearch server belonging to Software MacKiev put 60,000 users of Ancestry.com's Family Tree Maker software at risk.

Threatpost Shared .

Fake cryptocurrency trading app hits Mac users with malwareA recent report by ESET has identified yet another such case where malware in the form of malicious cryptocurrency trading applications was found being distributed for Mac devices.

HackRead Shared .

Capita's bespoke British Army recruiting IT cost military 25k applicants after switch-onTaxpayers shelled out £1.3bn for this 'abysmal' flop.

The Register Shared .

If you expose it, they will come: data honeypot draws hundreds of attackersWe put a MongoDB honeypot on the web for three months to see who would attempt to view, steal, and destroy exposed data.

Comparitech Shared .

US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade SecretsThe United States has charged two Chinese state sponsored hackers for targeting COVID-19 research and stealing trade secrets.

The Hacker News Shared .

Pakistan bans one Chinese app and gives TikTok a final warning to clean up its actThe W3C steers the way the World Wide Web works. Yet it is reluctant to record crucial meetings - and its minutes are incomplete.

The Register Shared .

SN 776: A Tale of Two CounterfeitsSteve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Security Now Shared .

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customersAPI dev kit remained modified for hours, says source.

The Register Shared .

The Importance of the Twitter Hack, ExplainedWho is hacking vaccine researchers? And zoom fixes a vanity URL vulnerability! All that coming up now on ThreatWire.

Hak5 Shared .

Emotet Returns in Malspam Attacks Dropping TrickBot, QakBotEmotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide.

Threatpost Shared .

It's July 2020, and your PC or Mac can be pwned by a dodgy Photoshop fileMajor fixes for Bridge and Prelude, too, plus Reader Android updated.

The Register Shared .

Crypto Trojans, GoldenSpy, and BadPower AttacksThis week, Twitter updates, Chinese GoldenSpy, Cloudflare outages, Rapid 7 reports, Crypto Trojans, BadPower attacks, and Jason Wood returns for Expert Commentary on 7 VPNs that leaked their logs - the logs that "didn't exist"!

Paul's Security Weekly Shared .

Camera privacy bug found in Firefox Android in 2019 hasn't been fixed yetThe issue was originally raised in July 2019 by a Firefox Android user. Here's what happened and what should users do.

HackRead Shared .

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cashIncluding COVID-19 research, it is claimed. And they'll almost certainly never face an American court.

The Register Shared .

Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.Trend Micro reports on the workings of the cyber criminal underground economy. Ben Yelin on U.S. Customs and Border Protection collecting license plate data.

The CyberWire Shared .

Chris Vickery: AI Will Drive Tomorrow's Data BreachesChris Vickery talks about his craziest data breach discoveries and why "vishing" is the next top threat no one's ready for.

Threatpost Shared .

Software firm leaks 25GB worth of subscription and Ancestry.com user dataThe data was leaked due to a misconfiguration on an ElasticSearch server. Here's how Ancestry.com users were implacted.

HackRead Shared .

Stick that in your named pipe and smoke it: Flaw in Citrix Workspace app could let remote attacker pwn hostPatch out for Pen Test Partners-spotted vuln - you know what to do.

The Register Shared .

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid TensionsA new Chinese hacking group found targeting the Indian Government and Hong Kong residents using MgBot malware.

The Hacker News Shared .

UK intel committee on Russia: Social media firms should remove state disinformation. What was that, MI5? ████████?Also : A 'complicated wiring diagram of responsibilities amongst ministers' in the event of cyber attack.

The Register Shared .

Critical Adobe Photoshop Flaws Patched in Emergency UpdateAdobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications.

Threatpost Shared .

The Internet GenieThis week, we welcome Justin Bradley, Chief Growth Officer at Intezer, to talk about Zero Trust Execution as Part of Your Cloud Workload Protection Strategy!

Paul's Security Weekly Shared .

Surveillance capitalism: How it affects you and what to do about itWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Internet safety statistics: Are women at more risk to online scams?Ever wondered who is more likely to be targeted by online scammers? We reveal some surprising internet safety statistics as well as easy to follow advice to protect yourself from online scams.

Comparitech Shared .

Building Privacy into Ghostery ProductsA crucial part of achieving our main goal at Ghostery is incorporating the fundamental values of privacy into our own business and products.

Ghostery Blog Shared .

The Art of Convenience in A World Run by The Internet of ThingsWith the Internet of Things growing to be more accessible on a range of devices, there's no stopping the advance of technology.

HackRead Shared .

Diebold ATM Terminals Jackpotted Using Machine's Own SoftwareThe company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe.

Threatpost Shared .

Apple was the only Fortune 50 company to foresee COVID-19 pandemic risk and properly insure against itNugget nestled in report on how outbreak will change the tech biz.

The Register Shared .

The age of blunt diplomacy? Twitter can be used to escalate global conflict, study saysTrump isn't the only one to fire off shots at other world leaders; Twitter can amplify misunderstandings and spread disinformation.

Guardian Privacy Shared .

Argentina's largest telecom hacked with hackers demanding $7.5 millionOne such incident has emerged recently when the largest telecommunications company of Argentina named Telecom S.A. was hacked with the attackers encrypting crucial data and demanding a ransom of $7.5 million in Monero cryptocurrency.

HackRead Shared .

Back in the 90'sThis week, we welcome Kris Rajana, President and CTO at Biarca, and Bhasker Nallapothula, Director of Engineering at Biarca, to talk about Cloud Security Posture Management and Governance!

Paul's Security Weekly Shared .

Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok The US Government mulls a ban on TikTok. Johannes Ullrich from SANS on Google Cloud storage becoming a more popular phishing platform.

The CyberWire Shared .

Teens arrested after paying Bitcoin to watch livestream abuse and murderThe tale of dark web's disturbing Red Room has been revealed by Italian authorities and how Bitcoin is being used for malicious use.

HackRead Shared .

Google Coronavirus Apps Give it Way to Access Location DataSome government agencies that use the software said they were surprised that Google may pick up the locations of certain app users.

New York Times Privacy Shared .

Facebook's NSO Group Lawsuit Over WhatsApp Spying Set to ProceedA federal judge in California ruled that the spyware vendor does not have sovereign immunity.

Threatpost Shared .

Computer misuse crimes down 9% on last year in England and Wales, says Office of National StatisticsMainframe madness as the snowflakes take control - and the on-duty operator hasn't a clue how to stop the blizzard.

The Register Shared .

7 VPNs that leaked their logs  the logs that didnt existThe app will scramble all the network traffic between your device and the company's servers, and unscramble it and release it onto the internet from there - perhaps even in a different country - which does indeed disguise the true source of your data packets, and therefore makes you harder to trace.

Naked Security Shared .

Mac Cryptocurrency Traders Targeted by Trojanized AppsFour trojanized cryptocurrency trading apps have been found spreading malware that drains cryptocurrency wallets and collects Mac users' browsing data.

Threatpost Shared .

You've had your pandemic holiday, now Microsoft really is going to kill off TLS 1.0, 1.1Plus: Skype plays catch-up, Barracuda goes Azure, and WinUI slings another preview.

The Register Shared .

Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attackBlackbaud claims it paid a ransom to protect customer data. Here's what happened and why the company decided to pay the ransom.

HackRead Shared .

An axe age, a sword age, Privacy Shield is riven, but what might that mean for European businesses?The little guys could get caught out with costly consequences.

The Register Shared .