Security
AWS postmortem: a first-hand account of the outage
The AWS outage dealt a massive blow to companies worldwide. To understand the full effects, Cybernews spoke to engineering experts who were directly impacted.
Read more about AWS postmortem: a first-hand account of the outage
Vibe coders targeted with Pokémon, Minecraft-themed add-ons: malware steals crypto
Looking at plain code feels too boring, so you add a little animated sidekick to keep you entertained or a new theme to keep you focused? Pwned. Security researchers are flagging a wave of VS Code extensions that quietly mine cryptocurrency or potentially worse.
Read more about Vibe coders targeted with Pokémon, Minecraft-themed add-ons: malware steals crypto
Canadian cybersecurity agency recommends enabling 2FA after cyberattack reports on vital infrastructure
The Canadian Center for Cyber Security is warning businesses and organizations involved in vital infrastructure to implement additional security measures, as they’ve become a target for hacktivists.
Read more about Canadian cybersecurity agency recommends enabling 2FA after cyberattack reports on vital infrastructure
The US government just got closer to banning popular TP-Link routers
Top US federal agencies are backing a proposal to ban future sales of popular TP-Link home routers because the vendor is allegedly still closely tied to its former Chinese parent company.
Read more about The US government just got closer to banning popular TP-Link routers
WhatsApp announces passkey-encrypted backups
WhatsApp has disclosed that its messaging platform is launching passkey-encrypted backups, offering both Android and iOS users the option to secure their stored messages with facial recognition, fingerprint, or screen lock code.
Read more about WhatsApp announces passkey-encrypted backups
The evil masterminds behind Meduza infostealer malware are…kids in Hello Kitty pants
The latest bust by Russian authorities has destroyed the familiar image of the hacker as a villain who wears a black hoodie. The Meduza Infostealer malware developers appear to be more like kids who play Roblox.
Read more about The evil masterminds behind Meduza infostealer malware are…kids in Hello Kitty pants
CISA releases security best practices guide for on-site Microsoft Exchange Servers
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a 15-page best practices guide – all so that organizations still using the now-outdated Microsoft Exchange Servers can properly harden their systems against known threats.
Read more about CISA releases security best practices guide for on-site Microsoft Exchange Servers
Naruto, Sailor Moon US publisher’s Google Drive breached, attackers claim
The attack allegedly resulted in hackers downloading hundreds of gigabytes of corporate data, including employee credentials.
Read more about Naruto, Sailor Moon US publisher’s Google Drive breached, attackers claim
Over 3 billion Chromium users vulnerable to browser crash bug
Chrome, Edge, Brave, Opera, and Vivaldi – all Chromium-based browsers – are currently vulnerable to a critical bug that allows attackers to crash the app in 15 to 60 seconds. All it takes is to open a malicious (or educational) website.
Read more about Over 3 billion Chromium users vulnerable to browser crash bug
Hacker gang claims raid on Japanese grocery store chain
A prolific Russia-linked ransomware gang has allegedly struck again. This time, it is claiming the Japanese supermarket chain Super Value Co. and leaking employee and financial data on the dark web.
Read more about Hacker gang claims raid on Japanese grocery store chain
This sucks: dev finds backdoor in his robot vacuum, potentially giving full control to spies
This software engineer was a happy user of an iLife A11 vacuum cleaner for nearly a year, until he discovered a constant stream of data being beamed to China. But that wasn’t the worst of it.
Read more about This sucks: dev finds backdoor in his robot vacuum, potentially giving full control to spies
Germany publishes checklist on how to act when your online account is hacked
The Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, and the Federal and State Police Crime Prevention Program (ProPK) have published a checklist outlining steps that victims should take when one of their online accounts has been compromised.
Read more about Germany publishes checklist on how to act when your online account is hacked
Nation-state attackers infiltrate Ribbon, a major telecom services provider also used by the US DoD
Nation-state attackers have infiltrated Ribbon Communications, one of the telecom industry’s leading providers of cloud services, communications software, and network solutions – including for clients such as BT, Verizon, Deutsche Telekom, Tata, and more.
Read more about Nation-state attackers infiltrate Ribbon, a major telecom services provider also used by the US DoD
Google Chrome will switch to HTTPS by default and alert users about unencrypted visits
Google is changing its default Chrome settings to always try an HTTPS-encrypted connection first. Users will see warnings when visiting HTTP sites that do not support this secure connection.
Read more about Google Chrome will switch to HTTPS by default and alert users about unencrypted visits
Reputation.com exposes 120 million logs in major data leak
Major online reputation management company Reputation.com, which serves hundreds of major brands, has exposed 120 million records containing backend system data. The leak includes session cookies that could lead to the abuse of customer social media accounts.
Read more about Reputation.com exposes 120 million logs in major data leak
LG Uplus joins three major South Korean telecoms hacked this year
LG Uplus has confirmed a data breach, adding to a wave of cyberattacks on major South Korean telecom providers.
Read more about LG Uplus joins three major South Korean telecoms hacked this year
Employee data from advertising giant Dentsu leaked in hacker attack
Dentsu, one of the largest advertising agencies on the planet, has had its UK employee data exposed via a data breach in its trading divisions. Thousands of people were likely exposed.
Read more about Employee data from advertising giant Dentsu leaked in hacker attack
The US refuses to sign UN’s cybercrime treaty
The United States declined to sign the United Nations’ Convention against Cybercrime in Hanoi this weekend, stating that it continues to review the treaty.
Read more about The US refuses to sign UN’s cybercrime treaty
Massive risk: 92% of Exchange servers in Germany unprotected after Microsoft support ends
Microsoft flipped the switch on October 14th, ending security updates for deprecated Exchange Server 2016 and 2019. However, network admins have seemingly ignored the memo, and now tens of thousands of servers are potentially vulnerable in Germany alone.
Read more about Massive risk: 92% of Exchange servers in Germany unprotected after Microsoft support ends
Swedish power grid operator confirms it was hit by hacker attack
Svenska kraftnät, Sweden’s primary electricity grid operator, has confirmed that it suffered a data breach after the Russia-linked Everest ransomware gang claimed to have syphoned hundreds of gigabytes of the company’s data.
Read more about Swedish power grid operator confirms it was hit by hacker attack
