Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets
AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.…
Malicious deepfakes used in attacks up 13% from last year, VMware finds
Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in...
Microsoft’s fix for ‘data damage’ risk hits PC performance
'AES-based operations might be two times slower' without latest updates Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.…
Chinese scammers target kids with promise of extra gaming hours
Cyberspace regulator's fraud report finds all is not well behind the Great Firewall Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games – for a...
China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs
We're 'highly likely' to see similar attacks, Kaspersky warned Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions,...
US treasury whips up sanctions for crypto mixer Tornado Cash
Being the money launderer for North Korea’s Lazarus Group comes at a price The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang...
Twilio customer data exposed after its staffers got phished
Comms giant says several other firms targeted in 'sophisticated attack' Twilio confirmed a breach of the communication giant's network and accessed "a limited number" of customer accounts after tricking some employees into falling for a phishing attack.…
Microsoft tightens Edge security for less visited websites
We're pretty sure that doesn't mean it's safe to click on sketchy popups Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings.…
Slack leaked hashed passwords from its servers for years
Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace...
Dark Utilities C2 service draws thousands of cyber criminals
Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier...
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more In brief DuckDuckGo has finally cracked down on the Microsoft tracking scripts that got the alternative search engine into hot water earlier...
Hi, I’ll be your ransomware negotiator today – but don’t tell the crooks that
What it's like bargaining with criminals ... and advising clients suffering their worst day yet Interview The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator — at least not to LockBit...
Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?
The Feds may see things differently Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10...
Warning! Critical flaws found in US Emergency Alert System
DEF CON may be about to blow lid off security hole The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could enable intruders to send fake alerts out over television,...
Critical flaws found in four Cisco SMB router ranges – for the second time this year
At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June Cisco has revealed four of its small business router ranges have critical flaws – for the second time in 2022 alone.…
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
I got played via the Play store Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.…
Taiwanese military reports DDoS in wake of Pelosi visit
Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for...
India scraps data protection law in favor of better law coming … sometime
Tech giants and digital rights groups didn't like it, but at least it was a law The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually...
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
Simple to exploit, enough to pocket $3,000 A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal...
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
