Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
Adult Sites Lack Privacy, Open the Door for Harassment and Tracking
Third-party tracking is rampant on sites like Pornhub, with users' sexual preferences on full view.
Bug in NVIDIA’s Tegra Chipset Opens Door to Malicious Code Execution
Researcher creates 'Selfblow' proof-of-concept attack for exploiting a vulnerability that exists in "every single Tegra device released so far".
Security Watch: Elon Musk’s NeuraLink Links Brains to iPhones via Bluetooth
Directly linking thoughts to a phone via Bluetooth -- what could go wrong?
Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises
Mirai activity has nearly doubled between the first quarter of 2018 and the first quarter of 2019.
Slack Initiates Mass Password Reset
More victims of a 2015 credential-harvesting incident have come to light.
Google Triples Some Bug Bounty Payouts
Google is announcing much higher bug bounty payouts for Chrome, Chrome OS and Google Play.
Ke3chang APT Linked to Previously Undocumented Backdoor
The cyberspy group's activities are broader than originally thought.
Wormable BlueKeep Bug Still Threatens Legions of Windows Systems
Two months after the alarm sounded warning of a WannaCry-level event, progress in patching exposed Windows systems varies by country and industry.
Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted
Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.
Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices
Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices -- opening an attack vector.
Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain
A sophisticated and growing malvertising attacker is partnering with legitimate ad tech platforms to drop malware at scale.
StrongPity APT Returns with Retooled Spyware
The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.
LenovoEMC Storage Gear Leaks Sensitive Financial Data
Lenovo patches enterprise and SMB network attached storage devices for a vulnerability that leaked data to the public internet.
The Future is Female: A Key to the Cybersecurity Workforce Challenge
With cybersecurity worldwide facing a major applicant shortage, businesses should be courting women and supporting girls.
WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files
The issue, present on Android versions, is similar to the known man-in-the-disk attack vector.
JetBlue Bomb Scare Set Off with Apple AirDrop
Someone AirDropped a picture of a suicide vest to multiple people on a JetBlue flight, prompting an evacuation.
Privacy Experts: Facebook’s $5B Fine Unlikely to Do Much
The FTC has levied its biggest fine ever against the social network, but it's unlikely to have much effect.
Turla APT Returns with New Malware, Anti-Censorship Angle
A dropper called “Topinambour" is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.
Researcher Bypasses Instagram 2FA to Hack Any Account
An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.
Cisco Patches Critical Flaw in Vision Dynamic Signage Director
Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.
Tracked as CVE-2019-1917, the vulnerability was found in the REST...
The Great Hack: the film that goes behind the scenes of the Facebook data scandal
This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
Scotland Yard Twitter and Emails Hacked
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
read more
Browser Extensions Scraped Data From Millions of People
Slack passwords, NSO spyware, and more of the week's top security news.
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
