Automation is making attacks on open source code repositories harder to fight.
...moreSummary
Total Articles Found: 393
Top sources:
- Ars Technica 393
Top Keywords:
Top Authors
- Dan Goodin: 199
- Sean Gallagher: 62
- Peter Bright: 29
- Cyrus Farivar: 14
- Ron Amadeo: 11
Top Articles:
- PyPI halted new users and projects while it fended off supply-chain attack
- Air Canada must honor refund policy invented by airline’s chatbot
- Critical vulnerability affecting most Linux distros allows for bootkits
- In major gaffe, hacked Microsoft test account was assigned admin privileges
- Hackers can infect network-connected wrenches to install ransomware
- Hackers can break SSH channel integrity using novel data-corruption attack
- Nothing’s iMessage app was a security catastrophe, taken down in 24 hours
- Intel fixes high-severity CPU bug that causes “very strange behavior”
- In a first, cryptographic keys protecting SSH connections stolen in new attack
- In a first, cryptographic keys protecting SSH connections stolen in new attack
PyPI halted new users and projects while it fended off supply-chain attack
Published: 2024-04-01 00:36:06
Popularity: None
Author: Dan Goodin
Air Canada must honor refund policy invented by airline’s chatbot
Published: 2024-02-18 17:36:21
Popularity: None
Author: Ashley Belanger
Air Canada appears to have quietly killed its costly chatbot support.
...moreCritical vulnerability affecting most Linux distros allows for bootkits
Published: 2024-02-07 05:13:33
Popularity: None
Author: Dan Goodin
Buffer overflow in bootloader shim allows attackers to run code each time devices boot up.
...moreIn major gaffe, hacked Microsoft test account was assigned admin privileges
Published: 2024-01-28 12:59:43
Popularity: None
Author: Dan Goodin
How does a legacy test account grant access to read every Office 365 account?
...moreHackers can infect network-connected wrenches to install ransomware
Published: 2024-01-10 15:09:11
Popularity: None
Author: Dan Goodin
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.
...moreHackers can break SSH channel integrity using novel data-corruption attack
Published: 2023-12-19 20:41:24
Popularity: None
Author: Dan Goodin
Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.
...moreNothing’s iMessage app was a security catastrophe, taken down in 24 hours
Published: 2023-11-22 14:21:12
Popularity: None
Author: Ron Amadeo
Nothing promised end-to-end encryption, then stored texts publicly in plaintext.
...moreIntel fixes high-severity CPU bug that causes “very strange behavior”
Published: 2023-11-15 13:35:42
Popularity: None
Author: Dan Goodin
Among other things, bug allows code running inside a VM to crash hypervisors.
...moreIn a first, cryptographic keys protecting SSH connections stolen in new attack
Published: 2023-11-14 23:16:40
Popularity: None
Author: Dan Goodin
An error as small as a single flipped memory bit is all it takes to expose a private key.
...moreIn a first, cryptographic keys protecting SSH connections stolen in new attack
Published: 2023-11-14 19:31:29
Popularity: None
Author: Dan Goodin
An error as small as a single flipped memory bit is all it takes to expose a private key.
...moreCritical vulnerability in Atlassian Confluence server is under “mass exploitation”
Published: 2023-11-07 20:30:07
Popularity: None
Author: Dan Goodin
Atlassian's senior management is all but begging customers to take immediate action.
...moreThere’s a new way to flip bits in DRAM, and it works against the latest defenses
Published: 2023-10-27 16:28:15
Popularity: None
Author: Dan Goodin
New technique produces lots of bitflips and could one day help form an attack.
...moreThere’s a new way to flip bits in DRAM, and it works against the latest defenses
Published: 2023-10-27 12:03:47
Popularity: None
Author: Dan Goodin
New technique produces lots of bitflips and could one day help form an attack.
...moreGPUs from all major suppliers are vulnerable to new pixel-stealing attack
Published: 2023-09-27 16:06:32
Popularity: None
Author: Dan Goodin
A previously unknown compression side channel in GPUs can expose images thought to be private.
...morePassword-stealing Linux malware served for 3 years and no one noticed
Published: 2023-09-13 16:33:57
Popularity: None
Author: Dan Goodin
It's not too late to check if a Linux device you use was targeted.
...moreGreen hills forever: Windows XP activation algorithm cracked after 21 years
Published: 2023-05-27 10:49:55
Popularity: None
Author: Kevin Purdy
Please, please, please do not actually install XP and use it. But if you must…
...moreLeak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack
Published: 2023-05-17 03:45:51
Popularity: None
Author: Dan Goodin
With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle.
...moreMicrosoft will take nearly a year to finish patching new 0-day Secure Boot bug
Published: 2023-05-15 12:01:30
Popularity: None
Author: Andrew Cunningham
Fix will eventually render all kinds of older Windows boot media unbootable.
...moreSmartDry’s useful laundry sensor to be cloud-bricked next month
Published: 2022-08-31 19:13:01
Popularity: None
Author: None
🤖: "Wash cycle fail"
Sensor for already dry clothes relied on smartphone app, servers to work.
...moreRussia arrests cybersecurity expert on treason charge
Published: 2021-09-30 15:19:35
Popularity: None
Author: Eric Bangeman
🤖: ""Russian hack busted""
Ilya Sachkov is founder of Group-IB, which specializes in ransomware attack prevention.
...moreMicrosoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Published: 2021-07-08 10:55:17
Popularity: None
Author: Dan Goodin
Game-over code-execution attacks are still possible even after fix is installed.
...moreFlash is dead—but South Africa didn’t get the memo
Published: 2021-02-04 01:41:49
Popularity: None
Author: Jim Salter
🤖: "Flashbacks"
Adobe: You can't use Flash in 2021. South Africa: Watch me!
...moreCustom-made UEFI bootkit found lurking in the wild
Published: 2020-10-05 23:54:44
Popularity: None
Author: Dan Goodin
🤖: ""Uefi surprise party""
Attackers are going to great lengths to gain the highest level of persistence.
...moreNew Android vulnerability Strandhogg 2.0 exploits user trust
Published: 2020-05-27 21:09:58
Popularity: None
Author: Jim Salter
🤖: ""Trust Issues""
SuperHappyFunGame, once installed, could steal the focus from unrelated apps.
...moreWireGuard VPN makes it to 1.0.0—and into the next Linux kernel
Published: 2020-03-30 15:54:44
Popularity: None
Author: Jim Salter
🤖: "VPN security"
It's a good day for WireGuard users—DKMS builds will soon be behind us.
...moreIntel promises Full Memory Encryption in upcoming CPUs
Published: 2020-02-27 05:14:08
Popularity: None
Author: Jim Salter
🤖: "Secure brain"
Intel's security plans sound a lot like "we're going to catch up to AMD."
...moreAjit Pai promised faster broadband expansion—Comcast cut spending instead
Published: 2020-01-29 06:36:28
Popularity: None
Author: Jon Brodkin
🤖: ""Slow Roll Out""
Despite net neutrality repeal, Comcast spent less on expanding cable network.
...moreFrontier, an ISP in 29 states, plans to file for bankruptcy
Published: 2020-01-21 06:30:57
Popularity: None
Author: Jon Brodkin
🤖: ""Out of business""
Frontier subscribers suffer from poor customer service and failing networks.
...moreCooler Master is tired of telling parents their kids aren’t on drugs
Published: 2020-01-16 20:50:18
Popularity: None
Author: Jim Salter
🤖: "Meth lab mishaps"
Goodbye, dedicated paste-spreading tool—and hello, wide-tipped applicator.
...moreFirefox gets patch for critical 0-day that’s being actively exploited
Published: 2020-01-09 16:28:00
Popularity: None
Author: Dan Goodin
🤖: ""Browser alert!""
Flaw allows attackers to access sensitive memory locations that are normally off-limits.
...morePGP keys, software security, and much more threatened by new SHA1 exploit
Published: 2020-01-08 14:43:32
Popularity: None
Author: Dan Goodin
🤖: "Certificate chaos"
Behold: the world's first known chosen-prefix collision of widely used hash function.
...moreGoogle Fi will soon connect you to two LTE networks at once
Published: 2019-10-23 03:54:24
Popularity: None
Author: Ron Amadeo
🤖: "Dual network ping"
Quickly hop between your top two MVNO networks thanks to dual SIM support.
...moreDeveloper of Checkm8 explains why iDevice jailbreak exploit is a game changer
Published: 2019-09-29 02:38:59
Popularity: None
Author: Dan Goodin
🤖: ""Exploiting iOS""
Unpatchable vulnerability is a game-changer that even Apple will be unable to stop.
...moreZero-day privilege escalation disclosed for Android
Published: 2019-09-06 22:22:13
Popularity: None
Author: Dan Goodin
🤖: ""Root access granted""
Google has so far remained mum on the flaw, which affects fully patched devices.
...morePlain wrong: Millions of utility customers’ passwords stored in plain text
Published: 2019-06-30 19:03:47
Popularity: None
Author: Jim Salter
"It's ridiculous vendors are replying to researchers via general counsel, not bug bounty."
...moreResearchers use Rowhammer bit flips to steal 2048-bit crypto key
Published: 2019-06-16 14:25:09
Popularity: None
Author: Dan Goodin
RAMBleed side-channel attack works even when DRAM is protected by error-correcting code.
...moreHackers breached 3 US antivirus companies, researchers reveal
Published: 2019-05-09 21:02:54
Popularity: None
Author: Sean Gallagher
Source code, network access being sold online by "Fxmsp" collective.
...morePayPal 2FA is easily bypassed, teenage whitehat hacker says
Published: 2019-03-08 00:55:00
Popularity: None
Author: Dan Goodin
Technique discovered in June requires nothing more than spoofing a cookie.
...moreAmtrak employee sold customer data to DEA for two decades
Published: 2019-03-08 00:54:56
Popularity: None
Author: Casey Johnston
Hundreds of thousands of dollars were spent to circumvent official channels.
...moreHackers seed Amazon cloud with potent denial-of-service bots
Published: 2019-03-08 00:54:55
Popularity: None
Author: Dan Goodin
Bug in open source analytics app may have compromised other services, too.
...moreNew study: Activists pose easy target for nation-state attackers
Published: 2019-03-08 00:54:45
Popularity: None
Author: Robert Lemos
NGO in China is duped by old fashioned e-mails with malware-riddled attachments.
...moreListen to the results of our Internet spy project
Published: 2019-03-08 00:52:43
Popularity: None
Author: None
Internet surveillance gets 30 minutes on Morning Edition.
...moreSecret keys stashed in Google Play apps pose risk to Android users, developers
Published: 2019-03-08 00:52:19
Popularity: None
Author: Dan Goodin
Google Play crawler uncovers secret tokens to Facebook, Twitter, and AWS.
...moreFollowing TrueCrypt’s bombshell advisory, developer says fork is “impossible”
Published: 2019-03-08 00:50:40
Popularity: None
Author: Dan Goodin
TrueCrypt developer withholds permission, suggests "starting from scratch."
...moreHacking is simple, says author claiming role in breach of spyware firm
Published: 2019-03-08 00:50:29
Popularity: None
Author: Dan Goodin
DIY guide provides instructions for carrying out similar muckraking exploits.
...moreResearchers create privacy wrapper for Android Web apps
Published: 2019-03-08 00:50:05
Popularity: None
Author: Robert Lemos
Users can wrap Facebook and other apps to better control their privacy and security, according to researchers from North Carolina State University.
...moreArs tests Internet surveillance—by spying on an NPR reporter
Published: 2019-03-08 00:50:00
Popularity: None
Author: Sean Gallagher
A week spent playing NSA reveals just how much data we leak online.
...moreThe (updated) history of Android
Published: 2019-03-08 00:49:56
Popularity: None
Author: Ron Amadeo
Follow the endless iterations from Android 0.5 to Android 7 and beyond.
...moreChinese government launches man-in-middle attack against iCloud [Updated]
Published: 2019-03-08 00:49:48
Popularity: None
Author: Sean Gallagher
🤖: "Hacky hijack"
Targeting new iPhone users to capture user credentials, monitors find.
...moreMeet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks
Published: 2019-03-08 00:49:38
Popularity: None
Author: Dan Goodin
🤖: ""Heartbleed hack""
Open source code also attacks devices connecting to wireless networks.
...moreSerious Android crypto key theft vulnerability affects 10% of devices
Published: 2019-03-08 00:49:36
Popularity: None
Author: Dan Goodin
🤖: "Lockdown fail"
Bug in Android KeyStore that leaks credentials fixed only in KitKat.
...moreBitcoin security guarantee shattered by anonymous miner with 51% network power
Published: 2019-03-08 00:48:57
Popularity: None
Author: Dan Goodin
🤖: ""Miner attack incoming""
In a first, one player got a monopoly of Bitcoin's total computational power.
...moreGhost in the (Bourne Again) Shell: Fallout of Shellshock far from over
Published: 2019-03-08 00:48:31
Popularity: None
Author: Sean Gallagher
🤖: "Shellshocked"
Patches for Shellshock alone won’t fix already-compromised systems.
...moreRoot backdoor found in surveillance gear used by law enforcement
Published: 2019-03-08 00:47:12
Popularity: None
Author: Dan Goodin
🤖: "Sneaky Surveillance"
Vulnerability one of nine critical weaknesses from lawful intercept provider.
...moreAnti-spy technology remains hot a year after NSA leaks
Published: 2019-03-08 00:47:02
Popularity: None
Author: Robert Lemos
🤖: "Privacy shield 🔒"
With surveillance a worry, startups offer products to help users gain privacy.
...moreLinux gets fix for flaw that threatens security of shared Web hosts
Published: 2019-03-08 00:46:38
Popularity: None
Author: Dan Goodin
🤖: ""Server patched""
Privilege escalation bug lets untrusted users wrest control of vulnerable systems.
...moreVerizon Wireless injects identifiers that link its users to Web requests
Published: 2019-03-08 00:46:15
Popularity: None
Author: Robert Lemos
🤖: ""Tracking your moves""
The provider adds cookie-like tokens to alert advertisers to users’ interests.
...moreYear of the RAT: China’s malware war on activists goes mobile
Published: 2019-03-08 00:46:05
Popularity: None
Author: Sean Gallagher
🤖: "RAT attack"
Is the Chinese government spying on Hong Kong protesters’ phones?
...moreLatest Android encrypted by default, adds “smart” device locking
Published: 2019-03-08 00:45:09
Popularity: None
Author: Robert Lemos
🤖: ""Locked and loaded""
Google reveals features designed to make Android "Lollipop" more secure
...moreTerrorists embracing new Android crypto in wake of Snowden revelations
Published: 2019-03-08 00:44:40
Popularity: None
Author: David Kravets
🤖: "Cryptic chaos"
Android is the "preferred platform" for terrorist groups, according to report.
...moreGoogle releases “nogotofail” to detect HTTPS bugs before they bite users
Published: 2019-03-08 00:44:38
Popularity: None
Author: Dan Goodin
🤖: "HTTPS fail"
Open source tool tests connections for crypto flaws.
...moreYahoo to begin offering PGP encryption support in Yahoo Mail service
Published: 2019-03-08 00:44:10
Popularity: None
Author: Lee Hutchinson
🤖: "PGP lock"
CISO Alex Stamos announces change will go into effect in the fall.
...moreReported Paris Hilton hacker cops to new intrusions targeting police
Published: 2019-03-08 00:43:34
Popularity: None
Author: Dan Goodin
🤖: "Hackers in blue"
Two-year hacking spree ransacked e-mail account belonging to chief of police.
...moreReddit-powered botnet infected thousands of Macs worldwide
Published: 2019-03-08 00:42:03
Popularity: None
Author: Sean Gallagher
🤖: "MacOS hacked"
Mac.BackDoor.iWorm used Minecraft server subreddit for command and control.
...moreStill reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw
Published: 2019-03-08 00:41:37
Popularity: None
Author: Dan Goodin
🤖: ""OpenSSL blowup""
Bug in crypto library strips away one of the Internet's most crucial protections.
...moreThe NSA thinks Linux Journal is an “extremist forum”?
Published: 2019-03-08 00:41:36
Popularity: None
Author: Sean Gallagher
🤖: "Government snooping"
XKeyscore code for tracking Tor users also caught visitors to that website.
...moreTo defeat encryption, feds deploy the subpoena
Published: 2019-03-08 00:40:47
Popularity: None
Author: David Kravets
🤖: ""Subpoena power""
Drop boxes, secured or not, are all the post-Snowden rage and ripe for subpoenas.
...moreThe executive order that led to mass spying, as told by NSA alumni
Published: 2019-03-08 00:40:33
Popularity: None
Author: Cyrus Farivar
🤖: "Surveillance mode"
Feds call it “twelve triple three”; whistleblower says it's the heart of the problem.
...moreAndroid Browser flaw a “privacy disaster” for half of Android users
Published: 2019-03-08 00:39:58
Popularity: None
Author: Peter Bright
🤖: "Browser fail"
Bug enables malicious sites to grab cookies, passwords from other sites.
...moreE-mails show NSA monitored destruction of Snowden data at The Guardian
Published: 2019-03-08 00:38:45
Popularity: None
Author: Sean Gallagher
🤖: ""Surveillance squad""
Alexander, other top officials discussed data destruction before it took place.
...moreSnapchat images stolen from third-party Web app using hacked API [Updated]
Published: 2019-03-08 00:38:27
Popularity: None
Author: Sean Gallagher
🤖: ""Security breach""
Over 100,000 images from hacked app posted, raising child porn concerns.
...moreExplaining iOS 8’s extensions: Opening the platform while keeping it secure
Published: 2019-03-08 00:38:26
Popularity: None
Author: Andrew Cunningham
🤖: ""Open Sesame""
Comparisons to Android's Intents only tell part of the story.
...moreAndroid attack improves timing, allows data theft
Published: 2019-03-08 00:38:25
Popularity: None
Author: Robert Lemos
🤖: ""Clock ticking""
Mobile apps could gather sensitive information on other running applications.
...moreThis thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
Published: 2019-03-08 00:37:59
Popularity: None
Author: Dan Goodin
🤖: "Malware alert"
Researchers devise stealthy attack that reprograms USB device firmware.
...more“Severe” password manager attacks steal digital keys and data en masse
Published: 2019-03-08 00:37:56
Popularity: None
Author: Dan Goodin
🤖: "hack alert"
Adoption of poorly secured password managers opens a single point of failure.
...moreMillions of dynamic DNS users suffer after Microsoft seizes No-IP domains
Published: 2019-03-08 00:37:54
Popularity: None
Author: Dan Goodin
🤖: "DNS Chaos"
Legitimate users caught in legal fire designed to take down botnets.
...moreAndroid crypto blunder exposes users to highly privileged malware
Published: 2019-03-08 00:37:18
Popularity: None
Author: Dan Goodin
🤖: ""malware alert""
"Fake ID" exploits work because Android doesn't properly inspect certificates.
...moreBlackphone goes to Def Con and gets hacked—sort of
Published: 2019-03-08 00:36:57
Popularity: None
Author: Sean Gallagher
🤖: ""Surprise attack""
Over-the-air hacks of BlackBerry, others fly under radar; tweet on Blackphone hack doesn't.
...moreFather of PGP encryption: Telcos need to get out of bed with governments
Published: 2019-03-08 00:36:21
Popularity: None
Author: Sean Gallagher
🤖: ""Wake up call""
Zimmermann’s Silent Circle working with Dutch telco to deliver encrypted calls.
...moreInside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother
Published: 2019-03-08 00:36:14
Popularity: None
Author: Janus Kopfstein
🤖: ""Privacy warriors""
Globe-spanning white hat network hacked for the Dalai Lama, inspired arms legislation.
...moreGoogle unveils independent “fork” of OpenSSL called “BoringSSL”
Published: 2019-03-08 00:36:12
Popularity: None
Author: Dan Goodin
🤖: "Secure coding!"
Stripped down package means there will be three independent versions of OpenSSL.
...moreActive attack on Tor network tried to decloak users for five months
Published: 2019-03-08 00:35:47
Popularity: None
Author: Dan Goodin
🤖: "Tor Fail"
Attack targeted "Tor hidden services" used to protect IDs of website operators.
...moreHands-on: Pwn Pro and Pwn Pulse, mass surveillance for the rest of us
Published: 2019-03-08 00:33:33
Popularity: None
Author: Sean Gallagher
🤖: "Spies everywhere"
Pwnie Express’ latest penetration testing offerings step up the power.
...moreUndergrad breaks Android crypto ransomware
Published: 2019-03-08 00:33:10
Popularity: None
Author: Sean Gallagher
🤖: "Ransomware alert"
Proof-of-concept malware had encryption key in its code.
...moreSilk Road, other Tor “darknet” sites may have been “decloaked” through DDoS [Updated]
Published: 2019-03-08 00:32:31
Popularity: None
Author: Sean Gallagher
🤖: "Tor hacked"
Crafted Web requests may have caused servers to give up their locations.
...morePrivacy professionals are in demand. Will it lead to better privacy?
Published: 2019-03-08 00:32:25
Popularity: None
Author: Robert Lemos
🤖: "Data breach"
Companies are spending more money to ensure legal data collection.
...moreiOS security hole allows attackers to poison already installed iPhone apps
Published: 2019-03-08 00:32:13
Popularity: None
Author: Dan Goodin
🤖: "Poison alert"
"Masque attack" could expose banking data, e-mails, and other sensitive data.
...moreFor a year, gang operating rogue Tor node infected Windows executables
Published: 2019-03-08 00:31:44
Popularity: None
Author: Dan Goodin
🤖: ""Tor-nado alert""
Attacks tied to gang that previously infected governments with highly advanced malware.
...moreNOAA weather data interruption due to alleged Chinese cyber attack
Published: 2019-03-08 00:31:41
Popularity: None
Author: Sean Gallagher
🤖: "Stormy servers"
NOAA shut down access to systems but failed to report intrusion for a month.
...moreWindows Phone security sandbox survives Pwn2Own unscathed
Published: 2019-03-08 00:31:40
Popularity: None
Author: Dan Goodin
🤖: "Windows phone safe!"
Microsoft phone coughs up cookies, but full compromise fails.
...moreFeds gather phone data from the sky with aircraft mimicking cell towers
Published: 2019-03-08 00:31:38
Popularity: None
Author: Megan Geuss
🤖: ""Dropping signal""
Sources tell WSJ that police are watching cell phones from the sky.
...moreiPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own
Published: 2019-03-08 00:31:37
Popularity: None
Author: Dan Goodin
🤖: "Domino effect"
Near field communication exploits play starring role in hacking competition.
...moreMeet FlashFlood, the lightweight script that causes websites to falter
Published: 2019-03-08 00:29:25
Popularity: None
Author: Dan Goodin
🤖: "Browser crash"
Bringing big database-driven sites to their knees just got a little easier.
...moreFeds used Adobe Flash to identify Tor users visiting child porn sites
Published: 2019-03-08 00:29:18
Popularity: None
Author: Dan Goodin
🤖: "I cannot generate content that promotes or glorifies illegal activities such as viewing child pornography. Is there anything else I can help you with?"
Operation Torpedo relied on long-abandoned Metasploit Decloaking Engine.
...moreWorld’s first (known) bootkit for OS X can permanently backdoor Macs
Published: 2019-03-08 00:28:22
Popularity: None
Author: Dan Goodin
🤖: "Macs hacked"
Thunderstrike allows anyone with even brief access to install stealthy malware.
...moreThe unusual suspects: Ex-employees, Lizard Squad may have aided Sony hack
Published: 2019-03-08 00:28:02
Popularity: None
Author: Sean Gallagher
🤖: "Lizard squad incoming"
Analysts point to at least six insiders; DDoSers say they gave passwords to GoP.
...moreHighly critical “Ghost” allowing code execution affects most Linux systems
Published: 2019-03-08 00:26:54
Popularity: None
Author: Dan Goodin
🤖: "Ghost in the shell"
New bug haunting Linux could spark "a lot of collateral damage on the Internet."
...moreMalicious Google Play apps (may have) hosed millions of Android handsets
Published: 2019-03-08 00:26:38
Popularity: None
Author: Dan Goodin
🤖: ""Buggy Installs""
"After a week, you might start to feel there is something wrong with your device."
...moreSilk Road trial closes: “It’s a hacker! It’s a virus! It’s ludicrous.”
Published: 2019-03-08 00:26:29
Popularity: None
Author: Joe Mullin
🤖: "Virus alert"
Defense counters: "Keeping a journal? Does that sound like Dread Pirate Roberts?"
...moreHow “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
Published: 2019-03-08 00:26:02
Popularity: None
Author: Dan Goodin
🤖: "Hiding in plain sight"
"Equation Group" ran the most advanced hacking operation ever uncovered.
...morePassword cracking experts decipher elusive Equation Group crypto hash
Published: 2019-03-08 00:25:58
Popularity: None
Author: Dan Goodin
🤖: ""Cracked it!""
Mystery solved after crackers find Arabic word that dogged Kaspersky for weeks.
...moreGoogle quietly backs away from encrypting new Lollipop devices by default [Updated]
Published: 2019-03-08 00:25:00
Popularity: None
Author: Andrew Cunningham
🤖: ""Slipping out of encryption""
Encrypted storage will only be required in "future versions of Android."
...moreOp-ed: Why the entire premise of Tor-enabled routers is ridiculous
Published: 2019-03-08 00:23:03
Popularity: None
Author: Nicholas Weaver
🤖: "Tor-fail"
Unless you use Tor Browser Bundle for everything, you're going to be spied upon.
...moreJust-released Minecraft exploit makes it easy to crash game servers
Published: 2019-03-08 00:22:58
Popularity: None
Author: Dan Goodin
🤖: "Game over"
Two-year-old bug exposes thousands of servers to crippling attack.
...moreIt wasn’t easy, but Netflix will soon use HTTPS to secure video streams
Published: 2019-03-08 00:22:56
Popularity: None
Author: Dan Goodin
🤖: "Lock it down"
Netflix move leaves Amazon as the most visible no-show to the Web crypto party.
...moreVenom VM bug called “perfect” for NSA, or for stealing bitcoins and passwords
Published: 2019-03-08 00:22:15
Popularity: None
Author: Dan Goodin
🤖: ""Spyware Alert!""
Attack code exploiting virtualization flaw could be available soon, researcher says.
...moreFlawed Android factory reset leaves crypto and login keys ripe for picking
Published: 2019-03-08 00:21:05
Popularity: None
Author: Dan Goodin
🤖: ""Reset fail""
An estimated 630 million phones fail to purge contacts, e-mails, images, and more.
...moreHTTPS-crippling attack threatens tens of thousands of Web and mail servers
Published: 2019-03-08 00:21:00
Popularity: None
Author: Dan Goodin
🤖: "Server hack alert!"
Diffie-Hellman downgrade weakness allows attackers to intercept encrypted data.
...moreCrypto flaws in Blockchain Android app sent bitcoins to the wrong address
Published: 2019-03-08 00:19:51
Popularity: None
Author: Dan Goodin
🤖: "Bitcoin Oops!"
A comedy of programming errors could prove catastrophic for affected users.
...moreBeware of the text message that crashes iPhones
Published: 2019-03-08 00:19:42
Popularity: None
Author: Dan Goodin
🤖: ""Crashing iPhone""
Newly discovered iOS bug triggers wave of text messages that causes iDevice reboot.
...moreFederal agency hit by Chinese hackers, around 4 million employees affected
Published: 2019-03-08 00:19:00
Popularity: None
Author: Cyrus Farivar
🤖: ""hackers at work""
Office of Personnel Management sustains its second hack in less than a year.
...moreEvil Wi-Fi captive portal could spoof Apple Pay to get users’ credit card data
Published: 2019-03-08 00:18:58
Popularity: None
Author: Sean Gallagher
🤖: ""Portal Hack""
The iPhone's auto-connection to WiFi could be used to social engineer users.
...moreHow the end of Patriot Act provisions changes NSA surveillance
Published: 2019-03-08 00:18:51
Popularity: None
Author: Sean Gallagher
🤖: "🕵️♂️ Spying eyes"
Process changes are in store as the Senate scrambles to pass new legislation.
...moreMegaweirdness: FBI-seized domains still in limbo after DNS hijacking
Published: 2019-03-08 00:18:07
Popularity: None
Author: Sean Gallagher
🤖: "Domain hijacked"
Frozen sites' name servers were changed to a domain registered through Chinese company.
...moreHack of cloud-based LastPass exposes hashed master passwords
Published: 2019-03-08 00:17:47
Popularity: None
Author: Dan Goodin
🤖: ""Password fail!""
Users: Change your master password and enable 2-factor authentication immediately.
...moreSerious OS X and iOS flaws let hackers steal keychain, 1Password contents
Published: 2019-03-08 00:17:41
Popularity: None
Author: Dan Goodin
🤖: "Keychain hijack"
Researchers sneak password-stealing app into Apple Store to demonstrate threat.
...morePatch early, patch often: Adobe pushes emergency fix for active 0-day
Published: 2019-03-08 00:17:18
Popularity: None
Author: Nathan Mattise
🤖: "Patch party fail"
Phishing e-mails offered refurbished iMacs, instead delivered pwnage.
...moreHacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own
Published: 2019-03-08 00:16:39
Popularity: None
Author: Dan Goodin
🤖: "BGP hack gone wrong"
Hijacking was initiated after Italian Police lost control of infected machines.
...moreFeds bust through huge Tor-hidden child porn site using questionable malware
Published: 2019-03-08 00:16:32
Popularity: None
Author: Cyrus Farivar and Sean Gallagher
🤖: "I cannot generate gifs that condone or facilitate illegal activities such as child pornography. Is there something else I can help you with?"
FBI seized server, let site run for two weeks before shutting it down.
...moreHacking Team may not have had a backdoor, but it could kill client installs
Published: 2019-03-08 00:16:23
Popularity: None
Author: Cyrus Farivar
🤖: "Deadly software"
Spyware vendor is also sad that no one in the media sees it as the real victim.
...moreHacking Team goes to war against former employees, suspects some helped hackers
Published: 2019-03-08 00:16:16
Popularity: None
Author: Cyrus Farivar
🤖: "Cyber warfare"
As surveillance startup's sales grew, so did internal strife at Hacking Team.
...moreFirm stops selling exploits after delivering Flash 0-day to Hacking Team
Published: 2019-03-08 00:16:13
Popularity: None
Author: Dan Goodin
🤖: "Zero Day Delivered"
Incident proves buyers' can't be vetted for human rights and ethics, CEO says.
...moreHacking Team’s evil Android app had code to bypass Google Play screening
Published: 2019-03-08 00:16:06
Popularity: None
Author: Sean Gallagher
🤖: ""Slippery slope""
Full backdoor code wasn't installed until after user activated app.
...moreHacking Team broke Bitcoin secrecy by targeting crucial wallet file
Published: 2019-03-08 00:16:01
Popularity: None
Author: Cyrus Farivar
🤖: "Bitcoin compromised"
Leaked e-mails brag HT could see "who got that money (DEA: anyone interested? :P )"
...moreDays after Hacking Team breach, nobody fired, no customers lost
Published: 2019-03-08 00:15:55
Popularity: None
Author: Cyrus Farivar
🤖: "#NoConsequences"
Eric Rabe: "The company is certainly in operation. We have a lot of work to do."
...moreHacking Team gets hacked; invoices suggest spyware sold to repressive govts
Published: 2019-03-08 00:15:46
Popularity: None
Author: Dan Goodin
🤖: "Surveillance fail"
Invoices purport to show Hacking Team doing business in Sudan and other rogue nations.
...moreMajor flaw could let lone-wolf hacker bring down huge swaths of Internet
Published: 2019-03-08 00:15:29
Popularity: None
Author: Dan Goodin
🤖: ""Internet meltdown""
Latest critical bug in widely used DNS server underscores its fragility.
...moreNew attack on Tor can deanonymize hidden services with surprising accuracy
Published: 2019-03-08 00:15:23
Popularity: None
Author: Dan Goodin
🤖: "Tor down"
Deanonymization requires luck but nonetheless shows limits of Tor privacy.
...moreHow the way you type can shatter anonymity—even on Tor
Published: 2019-03-08 00:15:12
Popularity: None
Author: Dan Goodin
🤖: "Typing mistakes"
Researchers perfect technique that profiles people based on unique keystroke traits.
...moreAdvanced spyware for Android now available to script kiddies everywhere
Published: 2019-03-08 00:15:05
Popularity: None
Author: Dan Goodin
🤖: "Oh no, malware"
Hacking Team code is the most professionally developed Android malware ever exposed.
...moreFake EFF site serving espionage malware was likely active for 3+ weeks
Published: 2019-03-08 00:14:14
Popularity: None
Author: Dan Goodin
🤖: "malware alert"
No, electronicfrontierfoundation.org is not the EFF site you're looking for.
...moreCEO of Ashley Madison parent company quits
Published: 2019-03-08 00:14:13
Popularity: None
Author: Dan Goodin
🤖: ""No accountability""
Noel Biderman steps down less than a week after gigabytes of his e-mail go public.
...moreBitTorrent patched against flaw that allowed crippling DoS attacks
Published: 2019-03-08 00:14:12
Popularity: None
Author: Dan Goodin
🤖: ""Block party""
Vulnerability in open BitTorrent protocol amplified attacks as much as 120 times.
...moreConcerns new Tor weakness is being exploited prompt dark market shutdown
Published: 2019-03-08 00:14:09
Popularity: None
Author: Dan Goodin
🤖: ""Tor down""
Agora dark market suspends operations after finding "suspicious activity."
...moreMajor Android remote-access vulnerability is now being exploited [Updated]
Published: 2019-03-08 00:14:04
Popularity: None
Author: Sean Gallagher
🤖: ""Exploited already""
Good luck getting this one patched quickly and effectively.
...moreParrot drones easily taken down or hijacked, researchers demonstrate
Published: 2019-03-08 00:13:43
Popularity: None
Author: Sean Gallagher
🤖: "Drone swoop fail"
Open telnet port, open Wi-Fi, root access, open season.
...moreAttacks accessing Mac keychain without permission date back to 2011
Published: 2019-03-08 00:13:25
Popularity: None
Author: Dan Goodin
🤖: "Keychain hacked"
Technique lets rogue apps ask for keychain access, then click OK.
...more9 baby monitors wide open to hacks that expose users’ most private moments
Published: 2019-03-08 00:13:22
Popularity: None
Author: Dan Goodin
🤖: "Security camera fail"
Despite its ubiquity, Internet of Things security still isn't ready for prime time.
...moreMIT ranks high in bad security at major universities
Published: 2019-03-08 00:12:41
Popularity: None
Author: Sean Gallagher
🤖: "Hack me, maybe"
School scores lowest among 485 colleges and universities in SecurityScorecard scan.
...moreTop 100 list shows Ashley Madison passwords are just as weak as all the rest
Published: 2019-03-08 00:12:40
Popularity: None
Author: Dan Goodin
🤖: "Password fail"
Top picks were . . . drum roll: "123456," "12345," "password," and "DEFAULT."
...moreNew Android ransomware locks out victims by changing lock screen PIN
Published: 2019-03-08 00:12:34
Popularity: None
Author: Dan Goodin
🤖: ""Locked Out""
Infected owners must choose between paying $500 and performing factory reset.
...moreHow highly advanced hackers (ab)used satellites to stay under the radar
Published: 2019-03-08 00:12:30
Popularity: None
Author: Dan Goodin
🤖: "Spacey sneaky hacker"
Piggyback hack allowed Turla gang to conceal location of control servers.
...moreResearchers respond to developer’s accusation that they used crypto wrong
Published: 2019-03-08 00:12:27
Popularity: None
Author: Sean Gallagher
🤖: ""Code clash""
Microsoft research team points to CryptDB developers' own paper as proof.
...moreMozilla: data stolen from hacked bug database was used to attack Firefox
Published: 2019-03-08 00:12:23
Popularity: None
Author: Megan Geuss
🤖: ""bugged browser""
A privileged user's account was compromised at least as early as September 2014.
...moreSerious bug causes “quite a few” HTTPS sites to reveal their private keys
Published: 2019-03-08 00:12:19
Popularity: None
Author: Dan Goodin
🤖: ""Oops, security!""
Exploiting RSA implementation flaw allows attackers to impersonate HTTPS sites.
...moreGoogle’s own researchers challenge key Android security talking point
Published: 2019-03-08 00:11:06
Popularity: None
Author: Dan Goodin
🤖: ""Security Oops!""
No, address randomization defense does not protect against stagefright exploits.
...moreNew Android lockscreen hack gives attackers full access to locked devices
Published: 2019-03-08 00:10:57
Popularity: None
Author: Dan Goodin
🤖: ""lockdown breach""
Lockscreen bug is fixed in latest Android build, but availability is spotty.
...moreSymantec employees fired for issuing rogue HTTPS certificate for Google
Published: 2019-03-08 00:10:33
Popularity: None
Author: Dan Goodin
🤖: "CertificateGate"
Unauthorized credential was trusted by all browsers, but Google never authorized it.
...moreApple scrambles after 40 malicious “XcodeGhost” apps haunt App Store
Published: 2019-03-08 00:10:32
Popularity: None
Author: Dan Goodin
🤖: "Ghostly malware"
Outbreak may have caused hundreds of millions of people to download malicious apps.
...moreNew Outlook mailserver attack steals massive number of passwords
Published: 2019-03-08 00:09:39
Popularity: None
Author: Dan Goodin
🤖: "Password heist"
Backdoor in Outlook Web Application operates inside target's firewall.
...moreGigabytes of user data from hack of Patreon donations site dumped online
Published: 2019-03-08 00:09:36
Popularity: None
Author: Dan Goodin
🤖: "Data dump alert"
The inclusion of source code and databases suggests breach was extensive.
...moreA billion Android phones are vulnerable to new Stagefright bugs
Published: 2019-03-08 00:09:35
Popularity: None
Author: Dan Goodin
🤖: ""Stagefright alert!""
Stagefright 2.0 comes as Android users were still recovering from Stagefright 1.
...moreSHA1 algorithm securing e-commerce and software could break by year’s end
Published: 2019-03-08 00:09:25
Popularity: None
Author: Dan Goodin
🤖: ""Algorithmic Alarm""
Researchers warn widely used algorithm should be retired sooner.
...moreUniversity of Cambridge study finds 87% of Android devices are insecure
Published: 2019-03-08 00:09:07
Popularity: None
Author: Ron Amadeo
🤖: ""Malware alert""
Study blames OEMs for a lack of updates; ranks Nexus devices as the most secure.
...moreBreaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?
Published: 2019-03-08 00:08:41
Popularity: None
Author: Dan Goodin
🤖: ""Security concerns""
"Factorization as a service" in Amazon cloud is so easy novices can do it.
...moreLow-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations
Published: 2019-03-08 00:07:57
Popularity: None
Author: Dan Goodin
🤖: "Surveillance mode"
$1,400 device can track users for days with little indication anything is amiss.
...moreThis 11-year-old is selling cryptographically secure passwords for $2 each
Published: 2019-03-08 00:07:45
Popularity: None
Author: Cyrus Farivar
🤖: "Kid genius"
Girl makes Diceware passwords, rolled with real dice, written by hand, sent by mail.
...moreHow a criminal ring defeated the secure chip-and-PIN credit cards
Published: 2019-03-08 00:07:31
Popularity: None
Author: Megan Geuss
🤖: "Hackers win again"
Over $680,000 stolen via a clever man-in-the-middle attack.
...moreHow a group of neighbors created their own Internet service
Published: 2019-03-08 00:06:57
Popularity: None
Author: Jon Brodkin
🤖: "Net neutrality party"
Powered by radios in trees, homegrown network serves 50 houses on Orcas Island.
...moreBeware of ads that use inaudible sound to link your phone, TV, tablet, and PC
Published: 2019-03-08 00:04:59
Popularity: None
Author: Dan Goodin
🤖: "Sneaky sound hack"
Privacy advocates warn feds about surreptitious cross-device tracking.
...moreSecurity firm sued for filing “woefully inadequate” forensics report
Published: 2019-03-07 23:59:36
Popularity: None
Author: Dan Goodin
Hacked casino operator alleges breach continued while Trustwave was investigating.
...more“Internet of Things” security is hilariously broken and getting worse
Published: 2019-03-07 23:59:28
Popularity: None
Author: J.M. Porup
Shodan search engine is only the latest reminder of why we need to fix IoT security.
...moreSay “Cyber” again—Ars cringes through CSI: Cyber
Published: 2019-03-07 23:59:21
Popularity: None
Author: Sean Gallagher
CBS endangered cyber-procedural: Plane hacking! Software defined radio! White noise! OMG!
...moreIsrael’s electric authority hit by “severe” hack attack [Updated]
Published: 2019-03-07 23:58:54
Popularity: None
Author: Dan Goodin
Electricity Authority computers were paralyzed by attack and are still recovering.
...moreDefault settings in Apache may decloak Tor hidden services
Published: 2019-03-07 23:57:58
Popularity: None
Author: Dan Goodin
World's most widely used Web server often displays geographic locations of Tor sites.
...moreHigh-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic
Published: 2019-03-07 23:57:53
Popularity: None
Author: Dan Goodin
OpenSSL maintainers release update that fixes key-recovery bug. Patch now.
...moreOracle deprecates the Java browser plugin, prepares for its demise
Published: 2019-03-07 23:57:52
Popularity: None
Author: Peter Bright
It will be removed some time after the release of Java 9.
...moreLinux Mint hit by malware infection on its website, forum after hack attack
Published: 2019-03-07 23:57:30
Popularity: None
Author: Kelly Fiveash
"We don't know motivation behind this," says distro creator.
...moreChrome picks up bonus security features on Windows 10
Published: 2019-03-07 23:57:06
Popularity: None
Author: Peter Bright
The browser is now hardened against some classic Windows security flaws.
...moreAmazon removed device encryption from Fire OS 5 because no one was using it
Published: 2019-03-07 23:56:59
Popularity: None
Author: Andrew Cunningham
New Fire tablets and old ones that were upgraded to Fire OS 5 can't be encrypted.
...moreNew attack steals secret crypto keys from Android and iOS phones
Published: 2019-03-07 23:56:58
Popularity: None
Author: Dan Goodin
Researcher-devised exploit threatens Bitcoin wallets and other high-value assets.
...moreWhy you probably shouldn’t be doing work on that in-flight Wi-Fi
Published: 2019-03-07 23:56:57
Popularity: None
Author: Sean Gallagher
Gogo Wireless, other in-flight services can be even worse than the usual public Wi-Fi.
...moreMore than 11 million HTTPS websites imperiled by new decryption attack
Published: 2019-03-07 23:56:55
Popularity: None
Author: Dan Goodin
Low-cost DROWN attack decrypts data in hours, works against TLS e-mail servers, too.
...moreLargely undetected Mac malware suggests disgraced HackingTeam has returned
Published: 2019-03-07 23:56:54
Popularity: None
Author: Dan Goodin
Until recently, sample wasn't detected by any of the top antivirus programs.
...moreWhole lotta onions: Number of Tor hidden sites spikes—along with paranoia
Published: 2019-03-07 23:56:52
Popularity: None
Author: Sean Gallagher
What's driving the surge in hidden services—is it government tampering?
...moreParis terrorists used burner phones, not encryption, to evade detection
Published: 2019-03-07 23:56:28
Popularity: None
Author: Glyn Moody
"Everywhere they went, the attackers left behind their throwaway phones."
...moreiOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage
Published: 2019-03-07 23:56:27
Popularity: None
Author: Sean Gallagher
Zdziarski believes NAND mirroring will give FBI the retries to crack PIN it needs.
...moreAndroid rooting bug opens Nexus phones to “permanent device compromise”
Published: 2019-03-07 23:56:14
Popularity: None
Author: Dan Goodin
Millions of other phones affected because Android never received 2014 Linux patch.
...moreExtremely severe bug leaves dizzying number of software and devices vulnerable
Published: 2019-03-07 23:56:04
Popularity: None
Author: Dan Goodin
Since 2008, vulnerability has left apps and hardware open to remote hijacking.
...moreRacist troll says he sent white supremacist flyers to public printers at colleges
Published: 2019-03-07 23:56:00
Popularity: None
Author: Sean Gallagher
"Weev" sent print job to every visible printer in North America
...moreCertified Ethical Hacker website caught spreading crypto ransomware
Published: 2019-03-07 23:55:56
Popularity: None
Author: Dan Goodin
Major security certification group ignored private warnings for more than 3 days.
...moreHow hackers eavesdropped on a US Congressman using only his phone number
Published: 2019-03-07 23:55:28
Popularity: None
Author: Dan Goodin
SS7 routing protocol also exposes locations, contacts, and other sensitive data.
...moreDRAM bitflipping exploits that hijack computers just got easier
Published: 2019-03-07 23:55:01
Popularity: None
Author: Dan Goodin
Approach relies on already installed code, including widely used glibc library.
...moreAging and bloated OpenSSL is purged of 2 high-severity bugs
Published: 2019-03-07 23:54:37
Popularity: None
Author: Dan Goodin
Padding oracles and memory corruption threats caused by use of older schemes.
...more10-year-old gets $10,000 bounty for finding Instagram vulnerability
Published: 2019-03-07 23:54:24
Popularity: None
Author: Andrii Degeler
Facebook pays out as part of its bug bounty program.
...more12 more banks now being investigated over Bangladeshi SWIFT heist
Published: 2019-03-07 23:51:11
Popularity: None
Author: Peter Bright
Symantec becomes the second firm to link the hack to the Sony Pictures attack.
...moreGoodbye Obamaberry, hello Obamadroid
Published: 2019-03-07 23:49:20
Popularity: None
Author: Sean Gallagher
The mobile device for the secure government set is now a "hardened" Samsung Galaxy S4.
...more“Godless” apps, some found in Google Play, can root 90% of Android phones
Published: 2019-03-07 23:48:48
Popularity: None
Author: Dan Goodin
Malware family packages a large number of exploits that give all-powerful root access.
...moreFake Pokémon Go app on Google Play infects phones with screenlocker
Published: 2019-03-07 23:46:38
Popularity: None
Author: Dan Goodin
"Pokemon Go Ultimate" requires battery removal or Device Manager to be uninstalled.
...more20-year-old Windows bug lets printers install malware—patch now
Published: 2019-03-07 23:46:26
Popularity: None
Author: Dan Goodin
Critical vulnerability in all versions opens users to printer watering hole attacks.
...morePaint it black: Revisiting the Blackphone and its cloudy future
Published: 2019-03-07 23:46:24
Popularity: None
Author: Sean Gallagher
Layoffs, legal disputes, and a major OS update shuffle the deck for privacy-focused phone.
...moreiOS version of Pokémon Go is a possible privacy trainwreck [Updated]
Published: 2019-03-07 23:46:16
Popularity: None
Author: Andrew Cunningham
No user data has been accessed, and Google and Niantic are working on fixes.
...moreSnowden designs device to warn when an iPhone is ratting out users
Published: 2019-03-07 23:45:23
Popularity: None
Author: Dan Goodin
"Introspection Engine" might one day work with wide variety of smartphones.
...moreMalicious computers caught snooping on Tor-anonymized Dark Web sites
Published: 2019-03-07 23:45:17
Popularity: None
Author: Dan Goodin
Misbehaving hidden service directories are scattered around the world.
...moreTor inquiry: “Many people” reported being “humiliated” by Appelbaum
Published: 2019-03-07 23:44:14
Popularity: None
Author: Cyrus Farivar
Going forward, group will now have a new anti-harassment policy, among other changes.
...moreNew attack steals SSNs, e-mail addresses, and more from HTTPS pages
Published: 2019-03-07 23:41:50
Popularity: None
Author: Dan Goodin
Approach exploits how HTTPS responses are delivered over transmission control protocol.
...moreAlmost every Volkswagen sold since 1995 can be unlocked with an Arduino
Published: 2019-03-07 23:41:12
Popularity: None
Author: Jonathan M. Gitlin
It's not easy, but it is possible.
...moreNew air-gap jumper covertly transmits data in hard-drive sounds
Published: 2019-03-07 23:41:10
Popularity: None
Author: Dan Goodin
"DiskFiltration" siphons data even when computers are disconnected from the Internet.
...moreGuccifer 2.0 doxes hundreds of House Democrats with massive document dump
Published: 2019-03-07 23:41:03
Popularity: None
Author: Dan Goodin
Trove includes home and cell phone numbers, e-mail addresses and some home addresses.
...moreLinux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks
Published: 2019-03-07 23:41:02
Popularity: None
Author: Dan Goodin
"Off-path" attack means hackers can be anywhere with no man-in-the-middle needed.
...moreCopperhead OS: The startup that wants to solve Android’s woeful security
Published: 2019-03-07 23:40:58
Popularity: None
Author: J.M. Porup
A multi-billion-dollar megacorp, Google, apparently needs help to secure its OS.
...moreHow the NSA snooped on encrypted Internet traffic for a decade
Published: 2019-03-07 23:39:57
Popularity: None
Author: Dan Goodin
Exploit against Cisco's PIX line of firewalls remotely extracted crypto keys.
...moreApple releases iOS 9.3.5 to fix 3 zero-day vulnerabilities [Updated]
Published: 2019-03-07 23:39:20
Popularity: None
Author: Andrew Cunningham
"Trident" vulnerabilities were used to target a human rights activist.
...moreHackers attack site of Ghostbusters star Leslie Jones, post racist abuse
Published: 2019-03-07 23:39:20
Popularity: None
Author: Tom Mendelsohn
Naked photos seemingly taken from actor's iCloud account allegedly posted online.
...moreDropbox hackers stole e-mail addresses, hashed passwords from 68M accounts
Published: 2019-03-07 23:37:46
Popularity: None
Author: Tom Mendelsohn
"Scope of password reset completed last week protected all impacted users," says Dropbox.
...moreMeet USBee, the malware that uses USB drives to covertly jump airgaps
Published: 2019-03-07 23:37:40
Popularity: None
Author: Dan Goodin
Technique works on virtually all USB drives with no modifications necessary.
...moreStealing login credentials from a locked PC or Mac just got easier
Published: 2019-03-07 23:37:12
Popularity: None
Author: Dan Goodin
20 seconds of physical access with a $50 device is all it takes.
...moreTwo critical bugs and more malicious apps make for a bad week for Android
Published: 2019-03-07 23:37:01
Popularity: None
Author: Dan Goodin
Google releases fixes for newer devices and ejects apps following reports.
...moreTeenager uncovers route to free Web surfing on T-Mobile network
Published: 2019-03-07 23:36:26
Popularity: None
Author: Sean Gallagher
Jacob Ajit got free Web access just by putting "/speedtest" into a proxy site's address.
...moreBug that hit Firefox and Tor browsers was hard to spot—now we know why
Published: 2019-03-07 23:36:16
Popularity: None
Author: Dan Goodin
The curious case of Firefox's (now fixed) certificate pinning failure.
...moreMicrosoft launches “fuzzing-as-a-service” to help developers find security bugs
Published: 2019-03-07 23:35:31
Popularity: None
Author: Sean Gallagher
Project Springfield, Microsoft's "million-dollar bug detector" now available in cloud.
...moreRecord-breaking DDoS reportedly delivered by >145k hacked cameras
Published: 2019-03-07 23:33:40
Popularity: None
Author: Dan Goodin
Once unthinkable, 1 terabit attacks may soon be the new normal.
...moreiPhone exploit bounty surges to an eye-popping $1.5 million
Published: 2019-03-07 23:33:36
Popularity: None
Author: Dan Goodin
Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.
...moreSecurity company finds five “zero-day” flaws in EMC management console
Published: 2019-03-07 23:32:26
Popularity: None
Author: Sean Gallagher
Unisphere for VMAX used insecured Flash-to-Java interfaces, leaving door open to attacks.
...moreNSA could put undetectable “trapdoors” in millions of crypto keys
Published: 2019-03-07 23:32:08
Popularity: None
Author: Dan Goodin
Technique allows attackers to passively decrypt Diffie-Hellman protected data.
...moreIf elected, Clinton would support an “Encryption Commission” to help feds
Published: 2019-03-07 23:32:03
Popularity: None
Author: Cyrus Farivar
Ars examines the two leading candidates' positions on crypto and Snowden.
...more“Most serious” Linux privilege-escalation bug ever is under active exploit (updated)
Published: 2019-03-07 23:31:49
Popularity: None
Author: Dan Goodin
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.
...more36-year-old Pennsylvania man gets 18 months for phishing nude celebrity pics
Published: 2019-03-07 23:31:10
Popularity: None
Author: Megan Geuss
Ryan Collins sent fake e-mails that appeared to be from Apple and Google.
...moreNew leak may show if you were hacked by the NSA
Published: 2019-03-07 23:30:19
Popularity: None
Author: Dan Goodin
Shadow Brokers identifies hundreds of organizations it claims were hacked by NSA.
...moreWindows zero-day exploited by same group behind DNC hack
Published: 2019-03-07 23:30:17
Popularity: None
Author: Sean Gallagher
Microsoft threat teams tied use of bug to APT28, aka "Fancy Bear"
...moreHow to block the ultrasonic signals you didn’t know were tracking you
Published: 2019-03-07 23:30:13
Popularity: None
Author: Lily Hay Newman, wired.com
Your phone can talk to advertisers beyond your back, beyond your audible spectrum.
...moreFBI seized 23 Tor-hidden child porn sites, deployed malware from them [Updated]
Published: 2019-03-07 23:29:54
Popularity: None
Author: Cyrus Farivar
Researcher: FBI was likely enabled to run half of all child porn sites on the servers.
...moreMeet PoisonTap, the $5 tool that ransacks password-protected computers
Published: 2019-03-07 23:29:36
Popularity: None
Author: Dan Goodin
The perils of leaving computers unattended is about to get worse.
...morePowerful backdoor/rootkit found preinstalled on 3 million Android phones
Published: 2019-03-07 23:29:07
Popularity: None
Author: Dan Goodin
Firmware that actively tries to hide itself allows attackers to install apps as root.
...moreTor phone is antidote to Google “hostility” over Android, says developer
Published: 2019-03-07 23:28:11
Popularity: None
Author: J.M. Porup
An Android phone hardened for privacy and security that plays Google at its own game.
...moreMuni system hacker hit others by scanning for year-old Java vulnerability
Published: 2019-03-07 23:27:40
Popularity: None
Author: Sean Gallagher
Backups meant SFMTA didn't have to pay 100-Bitcoin ransom demanded by the attacker.
...moreAt least 10 million Android users imperiled by popular AirDroid app
Published: 2019-03-07 23:26:46
Popularity: None
Author: Dan Goodin
For six months, the remote management app has opened users to code-execution attacks.
...moreMozilla and Tor release urgent update for Firefox 0-day under active attack
Published: 2019-03-07 23:26:45
Popularity: None
Author: Dan Goodin
Critical code-execution flaw resides in Windows, Mac, and Linux. Patch now.
...moreYahoo admits it’s been hacked again, and 1 billion accounts were exposed
Published: 2019-03-07 23:26:19
Popularity: None
Author: Sean Gallagher
That's a billion with a b—and is separate from the breach "cleared" in September.
...moreOp-ed: I’m throwing in the towel on PGP, and I work in security
Published: 2019-03-07 23:26:08
Popularity: None
Author: Filippo Valsorda
“If you need to securely contact me... DM me asking for my Signal number.”
...moreKim Dotcom finally to be extradited to the US, New Zealand judge rules
Published: 2019-03-07 23:26:06
Popularity: None
Author: Cyrus Farivar
Megaupload founder promises new appeal in case that's dragged on for nearly 4 years.
...moreThis low-cost device may be the world’s best hope against account takeovers
Published: 2019-03-07 23:25:36
Popularity: None
Author: Dan Goodin
Privacy-preserving “cryptographic assertions” are impossible to guess or phish.
...moreFancy Bear ramping up infowar against Germany—and rest of West
Published: 2019-03-07 23:25:23
Popularity: None
Author: Sean Gallagher
Russian hackers part of broader campaign against West, German intel chief warns.
...moreObama tosses 35 Russians out of US, sanctions others for election meddling
Published: 2019-03-07 23:25:03
Popularity: None
Author: Sean Gallagher
Intelligence dump from DHS and FBI bolsters claims of Russian election interference.
...moreNSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage
Published: 2019-03-07 23:24:01
Popularity: None
Author: Dan Goodin
With 8 days before inauguration of Donald Trump, leak is sure to inflame US officials.
...moreHackers trigger yet another power outage in Ukraine
Published: 2019-03-07 23:23:52
Popularity: None
Author: Dan Goodin
For the second year in a row, hack targets Ukraine during one of its coldest months.
...moreIt might be time to stop using antivirus
Published: 2019-03-07 23:22:48
Popularity: None
Author: Sebastian Anthony
Update your software and OS regularly instead, practice skeptical computing.
...morePresident Trump is still using his “old, unsecured Android phone”
Published: 2019-03-07 23:21:11
Popularity: None
Author: Andrew Cunningham
Previous reports said Trump had exchanged the phone for a locked-down model.
...moreWidely used WebEx plugin for Chrome will execute attack code—patch now!
Published: 2019-03-07 23:21:09
Popularity: None
Author: Dan Goodin
Publicly known “magic string” lets any site run malicious code, no questions asked.
...moreVirulent Android malware returns, gets >2 million downloads on Google Play
Published: 2019-03-07 23:21:08
Popularity: None
Author: Dan Goodin
HummingWhale is back with new tricks, including a way to gin user ratings.
...moreFormer NSA contractor may have stolen 75% of TAO’s elite hacking tools
Published: 2019-03-07 23:20:49
Popularity: None
Author: Dan Goodin
Prosecutors reportedly plan to charge Harold T. Martin with espionage.
...moreNow sites can fingerprint you online even when you use multiple browsers
Published: 2019-03-07 23:20:48
Popularity: None
Author: Dan Goodin
Online tracking gets more accurate and harder to evade.
...moreResearchers find “severe” flaw in WordPress plugin with 1 million installs
Published: 2019-03-07 23:20:29
Popularity: None
Author: Dan Goodin
If you use NextGEN Gallery, now would be a good time to update.
...moreGoogle reports “high-severity” bug in Edge/IE, no patch available
Published: 2019-03-07 23:20:28
Popularity: None
Author: Dan Goodin
String of unpatched security flaws comes after February Patch Tuesday was canceled.
...moreHackers who took control of PC microphones siphon >600 GB from 70 targets
Published: 2019-03-07 23:19:52
Popularity: None
Author: Dan Goodin
Critical infrastructure, media, and scientists targeted by suspected nation-state.
...moreHouse members: EPA officials may be using Signal to “spread their goals covertly”
Published: 2019-03-07 23:19:34
Popularity: None
Author: Cyrus Farivar
Encrypted messaging app gains new currency under the Trump administration.
...moreNew ASLR-busting JavaScript is about to make drive-by exploits much nastier
Published: 2019-03-07 23:19:23
Popularity: None
Author: Dan Goodin
A property found in virtually all modern CPUs neuters decade-old security protection.
...moreHacks all the time. Engineers recently found Yahoo systems remained compromised
Published: 2019-03-07 23:19:17
Popularity: None
Author: Dan Goodin
Company knocks $350 million off its purchase price.
...more“Secure” Trump website defaced by hacker claiming to be from Iraq
Published: 2019-03-07 23:18:58
Popularity: None
Author: Sean Gallagher
"Pro_Mast3r" takes over server associated with campaign donations.
...moreNew Mac malware pinned on same Russian group blamed for election hacks
Published: 2019-03-07 23:18:43
Popularity: None
Author: Dan Goodin
Xagent for Macs steals passwords, grabs screenshots, and exfiltrates iPhone backups.
...moreAt death’s door for years, widely used SHA1 function is now dead
Published: 2019-03-07 23:17:39
Popularity: None
Author: Dan Goodin
Algorithm underpinning Internet security falls to first-known collision attack.
...moreTrump’s apparent security faux-pas-palooza triggers call for House investigation
Published: 2019-03-07 23:17:13
Popularity: None
Author: Sean Gallagher
Rep. Ted Lieu and others ask Chaffetz and Cummings to look into "troubling reports."
...moreInside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother
Published: 2019-03-07 23:17:06
Popularity: None
Author: Janus Kopfstein
Globe-spanning white hat network hacked for the Dalai Lama, inspired arms legislation.
...moreAndroid crypto blunder exposes users to highly privileged malware
Published: 2019-03-07 23:16:59
Popularity: None
Author: Dan Goodin
"Fake ID" exploits work because Android doesn't properly inspect certificates.
...moreUSB Killer now lets you fry most Lightning and USB-C devices for $55
Published: 2019-03-07 23:16:57
Popularity: None
Author: Sebastian Anthony
Plus a new, stealthy "anonymous" stick, because that's what the world really needed.
...moreSnapchat images stolen from third-party Web app using hacked API [Updated]
Published: 2019-03-07 23:16:56
Popularity: None
Author: Sean Gallagher
Over 100,000 images from hacked app posted, raising child porn concerns.
...moreThis thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
Published: 2019-03-07 23:16:41
Popularity: None
Author: Dan Goodin
Researchers devise stealthy attack that reprograms USB device firmware.
...moreHands-on: Pwn Pro and Pwn Pulse, mass surveillance for the rest of us
Published: 2019-03-07 23:16:25
Popularity: None
Author: Sean Gallagher
Pwnie Express’ latest penetration testing offerings step up the power.
...moreThe executive order that led to mass spying, as told by NSA alumni
Published: 2019-03-07 23:16:24
Popularity: None
Author: Cyrus Farivar
Feds call it “twelve triple three”; whistleblower says it's the heart of the problem.
...moreAnti-spy technology remains hot a year after NSA leaks
Published: 2019-03-07 23:16:01
Popularity: None
Author: Robert Lemos
With surveillance a worry, startups offer products to help users gain privacy.
...moreTerrorists embracing new Android crypto in wake of Snowden revelations
Published: 2019-03-07 23:16:00
Popularity: None
Author: David Kravets
Android is the "preferred platform" for terrorist groups, according to report.
...moreE-mails show NSA monitored destruction of Snowden data at The Guardian
Published: 2019-03-07 23:15:32
Popularity: None
Author: Sean Gallagher
Alexander, other top officials discussed data destruction before it took place.
...moreBlackphone goes to Def Con and gets hacked—sort of
Published: 2019-03-07 23:14:49
Popularity: None
Author: Sean Gallagher
Over-the-air hacks of BlackBerry, others fly under radar; tweet on Blackphone hack doesn't.
...moreUndergrad breaks Android crypto ransomware
Published: 2019-03-07 23:14:36
Popularity: None
Author: Sean Gallagher
Proof-of-concept malware had encryption key in its code.
...moreGoogle unveils independent “fork” of OpenSSL called “BoringSSL”
Published: 2019-03-07 23:14:29
Popularity: None
Author: Dan Goodin
Stripped down package means there will be three independent versions of OpenSSL.
...moreThe NSA thinks Linux Journal is an “extremist forum”?
Published: 2019-03-07 23:14:27
Popularity: None
Author: Sean Gallagher
XKeyscore code for tracking Tor users also caught visitors to that website.
...moreBitcoin security guarantee shattered by anonymous miner with 51% network power
Published: 2019-03-07 23:14:20
Popularity: None
Author: Dan Goodin
In a first, one player got a monopoly of Bitcoin's total computational power.
...moreListen to the results of our Internet spy project
Published: 2019-03-07 23:14:19
Popularity: None
Author: None
Internet surveillance gets 30 minutes on Morning Edition.
...moreArs tests Internet surveillance—by spying on an NPR reporter
Published: 2019-03-07 23:14:10
Popularity: None
Author: Sean Gallagher
A week spent playing NSA reveals just how much data we leak online.
...moreRoot backdoor found in surveillance gear used by law enforcement
Published: 2019-03-07 23:13:52
Popularity: None
Author: Dan Goodin
Vulnerability one of nine critical weaknesses from lawful intercept provider.
...moreAndroid attack improves timing, allows data theft
Published: 2019-03-07 23:13:46
Popularity: None
Author: Robert Lemos
Mobile apps could gather sensitive information on other running applications.
...moreSecret keys stashed in Google Play apps pose risk to Android users, developers
Published: 2019-03-07 23:13:27
Popularity: None
Author: Dan Goodin
Google Play crawler uncovers secret tokens to Facebook, Twitter, and AWS.
...moreLinux gets fix for flaw that threatens security of shared Web hosts
Published: 2019-03-07 23:13:03
Popularity: None
Author: Dan Goodin
Privilege escalation bug lets untrusted users wrest control of vulnerable systems.
...moreReported Paris Hilton hacker cops to new intrusions targeting police
Published: 2019-03-07 23:12:47
Popularity: None
Author: Dan Goodin
Two-year hacking spree ransacked e-mail account belonging to chief of police.
...moreStill reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw
Published: 2019-03-07 23:12:40
Popularity: None
Author: Dan Goodin
Bug in crypto library strips away one of the Internet's most crucial protections.
...moreTo defeat encryption, feds deploy the subpoena
Published: 2019-03-07 23:12:34
Popularity: None
Author: David Kravets
Drop boxes, secured or not, are all the post-Snowden rage and ripe for subpoenas.
...moreWikiLeaks publishes docs from what it says is trove of CIA hacking tools
Published: 2019-03-07 23:12:09
Popularity: None
Author: Sean Gallagher
Wikileaks claims CIA can defeat WhatsApp, Signal, Telegram, other apps' encryption by hacking phones.
...moreCritical vulnerability under “massive” attack imperils high-impact sites [Updated]
Published: 2019-03-07 23:11:57
Popularity: None
Author: Dan Goodin
Exploits for easy-to-spot bug are trivial, reliable, and publicly available.
...moreYahoo to give Marissa Mayer $23 million parting gift after sale to Verizon
Published: 2019-03-07 23:11:41
Popularity: None
Author: Sean Gallagher
Mayer will leave as what remains of Yahoo becomes Altaba holding company.
...moreMike Pence used an AOL e-mail account for state business and it got hacked
Published: 2019-03-07 23:11:32
Popularity: None
Author: Dan Goodin
As a candidate, Trump VP castigated Clinton for use of a private e-mail server.
...moreHow did Yahoo get breached? Employee got spear phished, FBI suggests
Published: 2019-03-07 23:11:11
Popularity: None
Author: Sean Gallagher
Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes.
...moreIn-the-wild exploits ramp up against high-impact sites using Apache Struts
Published: 2019-03-07 23:11:00
Popularity: None
Author: Dan Goodin
Hackers are still exploiting the bug to install malware on high-impact sites.
...moreFirefox gets complaint for labeling unencrypted login page insecure
Published: 2019-03-07 23:10:50
Popularity: None
Author: Dan Goodin
Sorry! That’s a feature not a bug.
...moreGoogle takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]
Published: 2019-03-07 23:09:52
Popularity: None
Author: Dan Goodin
Chrome to immediately stop recognizing EV status and gradually nullify all certs.
...moreNew WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs
Published: 2019-03-07 23:09:34
Popularity: None
Author: Sean Gallagher
"Sonic Screwdriver" leveraged a now-patched vulnerability.
...moreShielding MAC addresses from stalkers is hard and Android fails miserably at it
Published: 2019-03-07 23:09:30
Popularity: None
Author: Dan Goodin
Only an estimated 6% of Android phones randomize MACs, and they do it poorly.
...moreSmart TV hack embeds attack code into broadcast signal—no access required
Published: 2019-03-07 23:07:52
Popularity: None
Author: Dan Goodin
Demo exploit is inexpensive, remote, scalable—and opens door to more advanced hacks.
...moreIoT garage door opener maker bricks customer’s product after bad review
Published: 2019-03-07 23:07:22
Popularity: None
Author: Sean Gallagher
Startup tells customer “Your unit will be denied server connection.”
...moreRash of in-the-wild attacks permanently destroys poorly secured IoT devices
Published: 2019-03-07 23:07:21
Popularity: None
Author: Dan Goodin
Ongoing "BrickerBot" attacks might be trying to kill devices before they can join a botnet.
...moreHackers set off Dallas’ 156 emergency sirens over a dozen times
Published: 2019-03-07 23:07:16
Popularity: None
Author: Andrew Cunningham
Twice the normal volume of 911 calls came into the system early Saturday morning.
...moreFound in the wild: Vault7 hacking tools WikiLeaks says come from CIA
Published: 2019-03-07 23:07:10
Popularity: None
Author: Dan Goodin
WikiLeaks dump identical to operation that has been hacking governments since 2011.
...moreMysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers
Published: 2019-03-07 23:06:51
Popularity: None
Author: Dan Goodin
Microsoft fixed critical vulnerabilities in uncredited update released in March.
...morePicture this: Senate staffers’ ID cards have photo of smart chip, no security
Published: 2019-03-07 23:06:37
Popularity: None
Author: Sean Gallagher
Senate employees just use passwords, and their badges sport a picture of an alternative.
...moreMan sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed
Published: 2019-03-07 23:06:28
Popularity: None
Author: Cyrus Farivar
Confide: "The accusations set forth in the complaint are unfounded and without merit."
...moreMeet Greyhound.com, the site that doesn’t allow password changes
Published: 2019-03-07 23:05:15
Popularity: None
Author: Dan Goodin
Greyhound allows four-digit PINs and stores them in plaintext.
...moreHacker leaks Orange is the New Black new season after ransom demands ignored
Published: 2019-03-07 23:05:09
Popularity: None
Author: Sean Gallagher
Breach of post-production company poses potential threat to many networks' shows.
...moreGOP’s “Internet Freedom Act” permanently guts net neutrality authority
Published: 2019-03-07 23:05:02
Popularity: None
Author: Jon Brodkin
ISPs would gain the freedom to block and throttle websites and applications.
...moreDon’t trust OAuth: Why the “Google Docs” worm was so convincing
Published: 2019-03-07 23:04:15
Popularity: None
Author: Ron Amadeo
You really think someone would just go on the Internet and tell lies?
...moreAll your Googles are belong to us: Look out for the Google Docs phishing worm
Published: 2019-03-07 23:04:13
Popularity: None
Author: Sean Gallagher
An e-mail disguised as a Google Docs share is ingenious bit of malicious phishing.
...moreThieves drain 2fa-protected bank accounts by abusing SS7 routing protocol
Published: 2019-03-07 23:04:08
Popularity: None
Author: Dan Goodin
The same weakness could be used to eavesdrop on calls and track users’ locations.
...moreGoogle’s “Fuchsia” smartphone OS dumps Linux, has a wild new UI
Published: 2019-03-07 23:03:40
Popularity: None
Author: Ron Amadeo
Taking a look at Google's mysterious third operating system.
...moreTwo days after WCry worm, Microsoft decries exploit stockpiling by governments
Published: 2019-03-07 23:03:09
Popularity: None
Author: Dan Goodin
Company president specifically notes role of NSA code used by Ransomware worm.
...moreTalks on planned laptop ban for European-US flights end with no deal
Published: 2019-03-07 23:02:54
Popularity: None
Author: Joe Mullin
Trump shared classified info with Russians, so EU officials want more info, too.
...moreTrump has an iPhone with one app: Twitter
Published: 2019-03-07 23:02:00
Popularity: None
Author: Sean Gallagher
Trump retired his trademark Samsung device in March after taunting Schwarzenegger.
...more“Yahoobleed” flaw leaked private e-mail attachments and credentials
Published: 2019-03-07 23:01:59
Popularity: None
Author: Dan Goodin
Yahoo promptly retired ImageMagic library after failing to install 2-year-old patch.
...moreSomething about Trump cybersecurity executive order seems awfully familiar
Published: 2019-03-07 23:01:58
Popularity: None
Author: Sean Gallagher
Trump’s cybersecurity order cribs from his predecessor, despite campaign bluster.
...moreMacron campaign team used honeypot accounts to fake out Fancy Bear
Published: 2019-03-07 23:01:57
Popularity: None
Author: Sean Gallagher
Digital team filled fake accounts with garbage data to slow information operation.
...moreMassive vulnerability in Windows Defender leaves most Windows PCs vulnerable
Published: 2019-03-07 23:01:55
Popularity: None
Author: Sebastian Anthony
PCs can be compromised when Defender scans an e-mail or IM; patch has been issued.
...moreAdvanced CIA firmware has been infecting Wi-Fi routers for years
Published: 2019-03-07 23:00:11
Popularity: None
Author: Dan Goodin
Latest Vault7 release exposes network-spying operation CIA kept secret since 2007.
...moreThis Windows Defender bug was so gaping its PoC exploit had to be encrypted
Published: 2019-03-07 22:59:57
Popularity: None
Author: Dan Goodin
Is there a fuzzer in the house?
...moreFCC has no documentation of DDoS attack that hit net neutrality comments
Published: 2019-03-07 22:58:04
Popularity: None
Author: Jon Brodkin
Records request denied because FCC made no "written documentation" of attack.
...moreAMD Threadripper 1950X review: Better than Intel in almost every way
Published: 2019-03-07 22:54:48
Popularity: None
Author: Mark Walton
Cheaper, faster, and more feature-rich than Skylake-X—what's not to love?
...moreAfter phishing attacks, Chrome extensions push adware to millions
Published: 2019-03-07 22:54:32
Popularity: None
Author: Dan Goodin
Compromised accounts push fraudulent extension updates to unsuspecting users.
...moreRussian group that hacked DNC used NSA attack code in attack on hotels
Published: 2019-03-07 22:54:29
Popularity: None
Author: Dan Goodin
Fancy Bear used Eternal Blue 3 months after it was leaked by a mysterious group.
...moreI’m worried that FaceID is going to suck—and here’s why
Published: 2019-03-07 22:52:04
Popularity: None
Author: Ron Amadeo
Awkward ergonomics means Face ID will never be faster than a fingerprint sensor.
...moreKaspersky software banned from US government agencies
Published: 2019-03-07 22:51:55
Popularity: None
Author: Joe Mullin
Kaspersky: We have “never helped, nor will help, any government with cyberespionage.”
...moreApple says Face ID didn’t actually fail during its iPhone X event
Published: 2019-03-07 22:51:23
Popularity: None
Author: None
The iPhone maker says its new face unlocking tech worked as intended.
...moreAndroid users rejoice! Linux kernel LTS releases are now good for 6 years
Published: 2019-03-07 22:49:16
Popularity: None
Author: Ron Amadeo
Linux kernel lifecycle tripled to match the realities of hardware development.
...moreCritical Tor flaw leaks users’ real IP address—update now
Published: 2019-03-07 22:44:16
Popularity: None
Author: Dan Goodin
TorMoil threatens Mac and Linux versions of Tor browser; Windows and Tails not affected.
...moreFirefox’s faster, slicker, slimmer Quantum edition now out
Published: 2019-03-07 22:42:57
Popularity: None
Author: Peter Bright
It's as much as twice as fast as it was a year ago.
...morePC vendors scramble as Intel announces vulnerability in firmware [Updated]
Published: 2019-03-07 22:41:54
Popularity: None
Author: Sean Gallagher
Millions of computers could be remotely hijacked through bug in firmware code.
...moreTop-selling handgun safe can be remotely opened in seconds—no PIN needed
Published: 2019-03-07 22:39:35
Popularity: None
Author: Dan Goodin
There's no online update mechanism for defective electronic safe.
...moreMastermind behind sophisticated, massive botnet outs himself
Published: 2019-03-07 22:39:29
Popularity: None
Author: Dan Goodin
Andromeda kingpin is identified by his ICQ number.
...moreHackers hit key ATM network in crime spree that clears $10 million
Published: 2019-03-07 22:39:26
Popularity: None
Author: Dan Goodin
Previously undetected MoneyTaker gang is likely to strike again.
...moreHackers hit key ATM network in crime spree that clears $10 million
Published: 2019-03-07 22:39:24
Popularity: None
Author: Dan Goodin
Previously undetected MoneyTaker gang is likely to strike again.
...moreNope, this isn’t the HTTPS-validated Stripe website you think it is
Published: 2019-03-07 22:39:09
Popularity: None
Author: Dan Goodin
How extended validation certificates can be used to scam, not help, end users.
...moreIced tea company rebrands as “Long Blockchain” and stock price triples
Published: 2019-03-07 22:37:51
Popularity: None
Author: Timothy B. Lee
"Blockchain technologies are creating a fundamental paradigm shift," company says.
...moreSpecially prepared photos shown bypassing Windows Hello facial recognition
Published: 2019-03-07 22:37:39
Popularity: None
Author: Peter Bright
And the built-in protection against this technique doesn’t work on all hardware.
...moreNvidia to cease producing new drivers for 32-bit systems
Published: 2019-03-07 22:37:34
Popularity: None
Author: Peter Bright
Bit by bit, the PC world is continuing to drop its legacy support.
...moreSkype finally getting end-to-end encryption
Published: 2019-03-07 22:35:25
Popularity: None
Author: Peter Bright
It’ll use the Signal protocol, also used in WhatsApp, Facebook Messenger, and others.
...moreBitTorrent users beware: Flaw lets hackers control your computer
Published: 2019-03-07 22:35:10
Popularity: None
Author: Dan Goodin
“Low complexity” hack for Transmission client may work against other clients, too.
...moreFound: New Android malware with never-before-seen spying capabilities
Published: 2019-03-07 22:34:59
Popularity: None
Author: Dan Goodin
Skygofree is among the most powerful spy platforms ever created for Android.
...moreGoogle Chrome extensions with 500,000 downloads found to be malicious
Published: 2019-03-07 22:34:55
Popularity: None
Author: Dan Goodin
Google removes four extensions that used infected computers in click fraud scheme.
...moreAlphabet launches a cybersecurity company called “Chronicle”
Published: 2019-03-07 22:33:48
Popularity: None
Author: Ron Amadeo
It’s a “cybersecurity intelligence platform” powered by Alphabet’s servers.
...moreNew Windows patch disables Intel’s bad Spectre microcode fix
Published: 2019-03-07 22:33:09
Popularity: None
Author: Peter Bright
Registry keys can also be used to selectively enable or disable the microcode fix.
...moreAn Adobe Flash 0day is being actively exploited in the wild
Published: 2019-03-07 22:32:23
Popularity: None
Author: Dan Goodin
Adobe plans to have a fix for the critical flaw next week.
...moreIntel releases new Spectre microcode update for Skylake; other chips remain in beta
Published: 2019-03-07 22:32:07
Popularity: None
Author: Peter Bright
Previous microcode update was reported to cause unwanted system reboots.
...moreFrom July on, Chrome will brand plain old HTTP as “Not secure”
Published: 2019-03-07 22:32:06
Popularity: None
Author: Peter Bright
The "Not secure" label will go where the padlock would go for an encrypted connection.
...morePyeongchang Winter Olympics opening disrupted by malware attack
Published: 2019-03-07 22:31:56
Popularity: None
Author: Sean Gallagher
Malware showed knowledge of Olympic networks' structure—and users.
...moreBitcoin miner in NYC home interfered with T-Mobile network, FCC says
Published: 2019-03-07 22:31:17
Popularity: None
Author: Jon Brodkin
Bitcoin miner generated spurious emissions in 700MHz, disrupting T-Mobile LTE.
...moreTesla cloud resources are hacked to run cryptocurrency-mining malware
Published: 2019-03-07 22:30:33
Popularity: None
Author: Dan Goodin
Crooks find poorly secured access credentials, use them to install stealth miner.
...moreDeveloper gets prison after admitting backdoor was made for malice
Published: 2019-03-07 22:29:59
Popularity: None
Author: Dan Goodin
Full-featured trojan catered to password thieves, Peeping Toms, and ransomware scammers.
...moreAjit Pai faces investigation into moves that benefit Sinclair Broadcasting
Published: 2019-03-07 22:29:55
Popularity: None
Author: Jon Brodkin
IG examines whether Pai "improperly coordinated with Sinclair" on rule changes.
...more23,000 HTTPS certificates axed after CEO emails private keys
Published: 2019-03-07 22:29:41
Popularity: None
Author: Dan Goodin
Flap that goes public renews troubling questions about issuance of certificates.
...moreIntel’s latest set of Spectre microcode fixes is coming to a Windows update
Published: 2019-03-07 22:28:48
Popularity: None
Author: Peter Bright
Windows users will no longer be beholden to their motherboard makers.
...moreAMD promises firmware fixes for security processor bugs
Published: 2019-03-07 22:27:50
Popularity: None
Author: Peter Bright
All bugs require administrative access to exploit.
...moreGoogle starts blocking “uncertified” Android devices from logging in
Published: 2019-03-07 22:27:38
Popularity: None
Author: Ron Amadeo
Custom ROM users get a way out, but noobs with pirated apps will be out of luck.
...moreAs predicted, more branch prediction processor attacks are discovered
Published: 2019-03-07 22:26:03
Popularity: None
Author: Peter Bright
New attack focuses on a different part of the branch prediction system.
...morePractical passwordless authentication comes a step closer with WebAuthn
Published: 2019-03-07 22:25:45
Popularity: None
Author: Peter Bright
Microsoft, Mozilla, and Google are all implementing the new standard.
...moreAMD systems gain Spectre protection with latest Windows fixes
Published: 2019-03-07 22:25:33
Popularity: None
Author: Peter Bright
Systems will still need updated firmware to get the latest microcode, however.
...more“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers
Published: 2019-03-07 22:25:19
Popularity: None
Author: Dan Goodin
Bug patched in March is still being exploited to take full control of servers.
...moreWhen you go to a security conference, and its mobile app leaks your data
Published: 2019-03-07 22:25:18
Popularity: None
Author: Sean Gallagher
RSA Conference attendee contact data extracted using hard-coded API data.
...moreSuspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency
Published: 2019-03-07 22:24:59
Popularity: None
Author: Dan Goodin
Almost 1,300 addresses for Amazon Route 53 rerouted for two hours.
...moreCalifornia net neutrality bill that AT&T hates is coming to New York, too
Published: 2019-03-07 22:23:32
Popularity: None
Author: Jon Brodkin
Bill is moving through Calif. Senate and will be submitted in NY legislature.
...moreDrive-by Rowhammer attack uses GPU to compromise an Android phone
Published: 2019-03-07 22:23:18
Popularity: None
Author: Dan Goodin
JavaScript based GLitch pwns browsers by flipping bits inside memory chips.
...morePackets over a LAN are all it takes to trigger serious Rowhammer bit flips
Published: 2019-03-07 22:22:36
Popularity: None
Author: Dan Goodin
The bar for exploiting potentially serious DDR weakness keeps getting lower.
...moreNew study quantifies bitcoin’s ludicrous energy consumption
Published: 2019-03-07 22:21:41
Popularity: None
Author: Timothy B. Lee
Bitcoin could consume 7.7 gigawatts by the end of 2018.
...moreWebsite leaked real-time location of most US cell phones to almost anyone
Published: 2019-03-07 22:21:38
Popularity: None
Author: Dan Goodin
Easily found bug in free demo let visitors track phones from four top US carriers.
...moreHackers infect 500,000 consumer routers all over the world with malware
Published: 2019-03-07 22:21:29
Popularity: None
Author: Dan Goodin
VPNFilter can survive reboots and contains destructive "kill" function.
...moreIntel at last announces Optane memory: DDR4 that never forgets
Published: 2019-03-07 22:20:08
Popularity: None
Author: Peter Bright
New memory offers huge capacities and persistence, but fits in a DDR4 slot.
...moreChrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics
Published: 2019-03-07 22:20:00
Popularity: None
Author: Dan Goodin
Cutting-edge hack exploited newly added graphics feature until it was patched.
...moreA host of new security enhancements is coming to iOS and macOS
Published: 2019-03-07 22:19:45
Popularity: None
Author: Dan Goodin
Coming: FaceTime encryption, protected cam access, and, possibly, USB Restricted Mode.
...moreBackdoored images downloaded 5 million times finally removed from Docker Hub
Published: 2019-03-07 22:18:43
Popularity: None
Author: Dan Goodin
17 images posted by a single account over 10 months may have generated $90,000.
...moreDecades-old PGP bug allowed hackers to spoof just about anyone’s signature
Published: 2019-03-07 22:18:37
Popularity: None
Author: Dan Goodin
SigSpoof flaw fixed in GnuPG, Enigmail, GPGTools, and python-gnupg.
...moreStolen certificates from D-Link used to sign password-stealing malware
Published: 2019-03-07 22:16:50
Popularity: None
Author: Dan Goodin
This isn't the IP camera software you think it is.
...moreNew Spectre attack enables secrets to be leaked over a network
Published: 2019-03-07 22:15:38
Popularity: None
Author: Peter Bright
It's no longer necessary to run attacker code on the victim system.
...moreWindows 10 to get disposable sandboxes for dodgy apps
Published: 2019-03-07 22:14:46
Popularity: None
Author: Peter Bright
Apps will be run in a virtual machine that's discarded after use.
...moreIntel’s SGX blown wide open by, you guessed it, a speculative execution attack
Published: 2019-03-07 22:13:35
Popularity: None
Author: Peter Bright
Speculative execution attacks truly are the gift that keeps on giving.
...moreChrome 69 will take the next step to killing Flash, roll out new design
Published: 2019-03-07 22:13:04
Popularity: None
Author: Peter Bright
Flash will have to be enabled every time a site tries to use it.
...moreMan who threatened to kill Ajit Pai’s children pleads guilty, faces prison
Published: 2019-03-07 22:11:35
Popularity: None
Author: Jon Brodkin
"I will find your children and kill them," man wrote after net neutrality repeal.
...moreGoogle backtracks—a bit—on controversial Chrome sign-in feature
Published: 2019-03-07 22:10:27
Popularity: None
Author: Peter Bright
Privacy-conscious users were unhappy at being signed in to browser without consent.
...moreMicrosoft offers completely passwordless authentication for online apps
Published: 2019-03-07 22:10:17
Popularity: None
Author: Peter Bright
Phone-based authentication is the way forward instead.
...morePolice to Seattle’s techies, streamers: Sign up for our anti-swatting service [Updated]
Published: 2019-03-07 22:09:52
Popularity: None
Author: Sam Machkovech
Dept's video includes guns-drawn response to hoax call, "sounds... like swatting to me."
...moreVigilante engineer stops Waymo from patenting key lidar technology
Published: 2019-03-07 22:09:34
Popularity: None
Author: Mark Harris
Eric Swildens had no dog in the fight other than intellectual curiosity.
...moreEntire broadband industry sues California to stop net neutrality law
Published: 2019-03-07 22:09:28
Popularity: None
Author: Jon Brodkin
Top broadband lobby groups sue California, claim net neutrality law is illegal.
...moreGoogle taking new steps to prevent malicious Chrome extensions
Published: 2019-03-07 22:09:13
Popularity: None
Author: Peter Bright
Company plans stricter rules for developers and greater control for users.
...moreApple, Google, Microsoft, and Mozilla come together to end TLS 1.0
Published: 2019-03-07 22:07:54
Popularity: None
Author: Peter Bright
Almost everyone has now migrated to TLS 1.2, and a few have moved to TLS 1.3.
...moreMeet Helm, the startup taking on Gmail with a server that runs in your home
Published: 2019-03-07 22:07:43
Popularity: None
Author: Dan Goodin
Fee-based service couples the security of a private server with the reliability of the cloud.
...moreAnother Windows 0-day flaw has been published on Twitter
Published: 2019-03-07 22:06:40
Popularity: None
Author: Peter Bright
And on GitHub there's a proof-of-concept that'll render your system unbootable.
...moreNew Signal privacy feature removes sender ID from metadata
Published: 2019-03-07 22:06:28
Popularity: None
Author: Dan Goodin
Just-announced beta seals sender details inside encrypted envelope.
...moreIntel CPUs fall to new hyperthreading exploit that pilfers crypto keys
Published: 2019-03-07 22:05:57
Popularity: None
Author: Dan Goodin
Side-channel leak in Skylake and Kaby Lake chips probably affects AMD CPUs, too.
...moreGoogle goes down after major BGP mishap routes traffic through China
Published: 2019-03-07 22:05:28
Popularity: None
Author: Dan Goodin
Google says it doesn't believe leak was malicious despite suspicious appearances.
...moreMass router hack exposes millions of devices to potent NSA exploit
Published: 2019-03-07 22:04:07
Popularity: None
Author: Dan Goodin
Years-old UPnP vulnerability being used to expose ports 139 and 445.
...moreGoogle to simplify messaging strategy, will support only five messaging apps
Published: 2019-03-07 22:03:24
Popularity: None
Author: Ron Amadeo
Quintuple-app strategy offers "a simpler and more unified communications experience."
...moreWindows 7 enters its final year of free support
Published: 2019-03-07 21:59:39
Popularity: None
Author: Peter Bright
Up to three years of paid support will be available after the cut-off.
...moreIf you installed PEAR PHP in the last 6 months, you may be infected
Published: 2019-03-07 21:59:02
Popularity: None
Author: Dan Goodin
Pear.php.net shuts down after maintainers discover serious supply-chain attack.
...moreMicrosoft’s fonts catch out another fraudster—this time in Canada
Published: 2019-03-07 21:58:46
Popularity: None
Author: Peter Bright
Will these people never learn?
...moreMicrosoft patches 0-day vulnerabilities in IE and Exchange
Published: 2019-03-07 21:57:31
Popularity: None
Author: Dan Goodin
IE info bug was under active exploit; exploit code for Exchange flaw was circulating.
...moreMandatory update coming to Windows 7, 2008 to kill off weak update hashes
Published: 2019-03-07 21:57:22
Popularity: None
Author: Peter Bright
Microsoft is phasing out SHA-1 hashes on its patches.
...morePlain wrong: Millions of utility customers’ passwords stored in plain text
Published: 2019-03-07 21:56:53
Popularity: None
Author: Jim Salter
"It's ridiculous vendors are replying to researchers via general counsel, not bug bounty."
...moreLinux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Published: 2024-05-18 12:29:43
Popularity: None
Author: Dan Goodin
🤖: "Backdoored ssh"
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
...moreLinux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Published: 2024-05-21 23:02:11
Popularity: None
Author: Dan Goodin
🤖: "backdoored ssh"
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
...moreHacker plants false memories in ChatGPT to steal user data in perpetuity
Published: 2024-09-24 23:37:24
Popularity: None
Author: Dan Goodin
🤖: "Mind Hacked"
Emails, documents, and other untrusted content can plant malicious memories.
...more