Serious Security: That KeePass “master password crack”, and what we can learn from it
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
Serious Security: Verification is vital – examining an OAUTH login bug
What good is a popup asking for your approval if an attacker can bypass it simply by suprpessing it?
Ransomware tales: The MitM attack that really had a Man in the Middle
Another traitorous insider, busted by system logs that gave his game away.
PyPI open-source code repository deals with manic malware maelstrom
Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...
Phone scamming kingpin gets 13 years for running “iSpoof” service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
All Apple users have zero-days that need patching, though some have more zero-days than others.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
