Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks
Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
Netflix’s Password-Sharing Crackdown Has Hit the US
TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.
Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye
The co-inventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.
The Security Hole at the Heart of ChatGPT and Bing
Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.
China Hacks US Critical Networks in Guam, Raising Cyberwar Fears
Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.
Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto
And it's happening in plain sight.
There’s Finally a Way to Improve Cloud Container Registry Security
“Container registries” are ubiquitous software clearinghouses, but they've been exposed for years. Chainguard says it now has a solution.
Leaked Government Document Shows Spain Wants to Ban End-to-End Encryption
In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.”
Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism
The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement.
The Real Risks in Google’s New .Zip and .Mov Domains
While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.
A TikTok ‘Car Theft’ Challenge Is Costing Hyundai $200 Million
Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.
The Underground History of Turla, Russia's Most Ingenious Hacker Group
From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.”
How You, or Anyone, Can Dodge Montana’s TikTok Ban
Montana’s TikTok ban will be impossible to enforce. But it could encourage copycat crackdowns against the social media app.
A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks
Kaspersky researchers have uncovered clues that further illuminate the hackers’ activities, which appear to have begun far earlier than originally believed.
Google May Delete Your Old Accounts. Here’s How to Stop It
Your inactive profiles, like Gmail or Docs, could turn into digital dust later this year. A few clicks can save them.
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls
Enlarge (credit: Getty Images)
Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...
AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill
Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov)
Over...
