Security
Horror story app Chilling haunted by loose permissions, spilling data
There is no autocorrect for cybersecurity, and one mistake can leave doors for attackers open for months. Chilling, a subscription-based app featuring narrated horror stories, was discovered leaking user data and sensitive secrets for nine months.
Read more about Horror story app Chilling haunted by loose permissions, spilling data
Hidden crisis in cybersecurity: 17 out of 20 professionals suffering from fatigue and burnout
Cybersecurity professionals, lacking resources and struggling with overwhelming workloads, are grappling with mental health issues, the Sophos commissioned Tech Research Asia research survey reveals.
Read more about Hidden crisis in cybersecurity: 17 out of 20 professionals suffering from fatigue and burnout
The world’s greatest cyber threats, according to pros on Reddit
Cybersecurity firms are sounding the alarm about a rise in almost all malicious activities. But which threat is the most dangerous? Is it highly resourced nation-state actors, aiming to score geopolitical points on the world stage? Criminal gangs running ransomware, malware, and infostealer scams? Or could it be just the simple negligence of big tech? The Cyber pros on Reddit seem to have a unique view.
Read more about The world’s greatest cyber threats, according to pros on Reddit
Russian hackers accessed UK Home Office’s emails and data – report
Russian foreign intelligence service-affiliated cyber spies, tracked as Midnight Blizzard, compromised the British Government in January 2024, according to a report by The Record.
Read more about Russian hackers accessed UK Home Office’s emails and data – report
DEF CON 32: the unfixable bug that allows malware to be deployed via a browser
A fundamental vulnerability in secure web gateway (SWG) logic opens virtually any business, organization, or user to “last mile reassembly” attacks, which enable attackers to deploy malware on a device, SquareX researchers announced at the DEF CON 32 conference.
Read more about DEF CON 32: the unfixable bug that allows malware to be deployed via a browser
Astrology app exposes locations of 6M users, founders likely linked to Russia
The Moonly app has leaked employee credentials and the GPS locations of a staggering number of users. The leak also suggests that the company, ostensibly headquartered in the US, might be largely operated from Russia.
Read more about Astrology app exposes locations of 6M users, founders likely linked to Russia
Swiss cow and calf dead after ransomware attack on milking robot
A ransomware attack on a Swiss farmer’s computer systems left milking robots offline and prevented access to vital cattle data, leading to the death of the calf and its mother.
Read more about Swiss cow and calf dead after ransomware attack on milking robot
Black Hat USA 2024: Microsoft’s AI will soon start leaking user data
A researcher at the Black Hat 2024 conference has revealed that Copilot, Microsoft’s AI assistant, has multiple security loopholes, allowing attackers to exfiltrate sensitive data and corporate credentials.
Read more about Black Hat USA 2024: Microsoft’s AI will soon start leaking user data
Black Hat USA 2024: researcher strips all Windows security using updates to downgrade
A fully patched and secure system is just an illusion. SafeBreach Labs researcher Alon Leviev has bypassed the deepest layer of Windows security without a screwdriver and made a fully patched Windows machine vulnerable to hordes of past vulnerabilities.
Read more about Black Hat USA 2024: researcher strips all Windows security using updates to downgrade
Black Hat USA 2024: fifth of the world’s solar output exposed to disruption
A series of now-patched bugs in a leading photovoltaic (PV) plant management platform exposed a fifth of the world’s solar power output to blackout-inducing attacks, researchers claim.
Read more about Black Hat USA 2024: fifth of the world’s solar output exposed to disruption
Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal
Android-based infotainment systems used in Ford, GM, Honda, and other major vehicle brands can be turned into data-stealing devices, Cisco Talos researchers have uncovered.
Read more about Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal
Paris Olympics ransomware attack hits famed Grand Palais venue
The historic Grand Palais museum complex, one of the sporting venues for the Paris Olympic Games, has been targeted by ransomware crooks, French cyber police revealed on Tuesday.
Read more about Paris Olympics ransomware attack hits famed Grand Palais venue
Polish quiz website fails cybersecurity test, leaving 60K users exposed
Quizme, a Polish entertainment platform popular among educational institutions for creating and sharing quizzes, has inadvertently exposed the sensitive data of over 60,000 users, including easily crackable passwords. Users may be at risk of account takeovers and phishing attacks.
Read more about Polish quiz website fails cybersecurity test, leaving 60K users exposed
Chrome update leaves uBlock Origin users behind, with development to continue on Firefox
Users of uBlock Origin, one of the most popular content-blocking solutions on Chrome, have been warned that the extension should be removed or replaced. As Google moves to a new extensions platform, only a “pared-down” version will prevail.
Read more about Chrome update leaves uBlock Origin users behind, with development to continue on Firefox
Users are getting malware instead of software updates in ISP breach
A sophisticated Chinese cyber-espionage group, known as Evasive Panda or StormBamboo, successfully compromised an undisclosed internet service provider (ISP) to poison software updates to its users.
Read more about Users are getting malware instead of software updates in ISP breach
Scammers now impersonating crypto exchanges to get access to your accounts, FBI warns
Scammers are increasingly impersonating cryptocurrency exchanges, feigning concern about clients’ funds. They urge victims to “safeguard” accounts from attackers by providing credentials or access, The Federal Bureau of Investigation (FBI) warns.
Read more about Scammers now impersonating crypto exchanges to get access to your accounts, FBI warns
Thousands of Ubiquiti cameras and routers vulnerable, despite patches available
More than 20,000 internet-exposed Ubiquiti devices are open to attackers, revealing sensitive data about the owners, Check Point Research warns.
Read more about Thousands of Ubiquiti cameras and routers vulnerable, despite patches available
Cloudflare’s free tunnels plagued by RATs and other malware, researchers warn
Cybercriminals have found a no-cost professional infrastructure to perform their attacks and deliver malware. It’s Cloudflare’s free tier tunnel service, which is supposed to protect legitimate web services.
Read more about Cloudflare’s free tunnels plagued by RATs and other malware, researchers warn
Employees at Dell, AT&T, Verizon, Capital One, and other companies exposed via popular office app
A massive data leak has exposed employees' credentials, affecting around 900 companies and organizations, including Dell, Verizon, AT&T, the Department of Energy, Comcast, and Chase.
Read more about Employees at Dell, AT&T, Verizon, Capital One, and other companies exposed via popular office app
Google being impersonated on Google Ads by scammers peddling fake Authenticator
Hackers are abusing Google Ads to masquerade as Google, tricking users into downloading a Google Authenticator that’s actually malware on GitHub.
Read more about Google being impersonated on Google Ads by scammers peddling fake Authenticator
