Earlier this month, researchers from Palo Alto’s Unit 42 discovered a peer-to-peer worm dubbed P2PInfect targeting Redis installations, an open-source database application used in cloud environments. While only 934 of the publicly communicating 307,000 unique Redis systems may be vulnerable, the worm may knock on the...Read more...
Apple is threatening to pull the ability to use iMessage and FaceTime from users in the UK over proposed new requirements on telecommunications operators. The new proposal is not a new law, but rather an update to the existing Investigatory Powers Act (IPA) 2016.
When it comes to allowing law enforcement and...Read more...
Tech support scammers have been around for quite some time, continually innovating and perfecting their game to rake in more money. The problem has become so big that even YouTubers like Kitboga are making a living trolling these people. However, that has not been enough to stop these problematic people, as the FBI...Read more...
Microsoft’s traditional Patch Tuesday has arrived, bringing with it a slew of security fixes for 130 vulnerabilities and two published advisories. This update comes at the perfect time, as threat actors have been exploiting some of these vulnerabilities for espionage against defense and government organizations in...Read more...
You can call a kitty with a “pspspsps,” but you might be able to call Advanced Persistent Threat (APT) group 42, otherwise known as “Charming Kitten,” with a “pspspsps aux.” All jokes aside, this group, also known as TA453, now targets nuclear security and foreign policy experts to gather intelligence.
Earlier this...Read more...
Attempts at or unintended incidents of tracking military members have been happening for years, such as when the Strava running app leaked the location of military bases thanks to a published heat map of running locations. Now, however, a threat actor is either being incredibly precise, or companies are just trying to...Read more...
Earlier this week, ASUS pushed a firmware update for 19 of the company’s routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port...Read more...
With all the excitement around ChatGPT, it is no wonder that threat actors are taking advantage of the situation. Besides having those with malicious intentions steal your Facebook account, they might also be stealing your ChatGPT account credentials as well, following the discovery of over 100,000 compromised ChatGPT...Read more...
We like to joke about percussive maintenance when we talk about tools and technology. A good swift hit with a hammer can fix a lot of issues, right? Well, one researcher out of New Zealand found it was possible to use a screwdriver to reset the BIOS password for a Lenovo laptop.
If you’ve ever run into an issue...Read more...
Conventional wisdom holds that adding two-factor authentication (2FA) is the best way to secure your online accounts. With this feature enabled, a threat actor would need your login credentials, as well as a one-time code to access your data. Google Authenticator is a popular way to store two-factor codes, and a...Read more...
A new piece of Windows malware is making the rounds, but what else is new? You never want to fall victim to a malware campaign, but this one is particularly troublesome. EvilExtractor is billed as an "all-in-one" solution for your online criminal needs. With this one tool, a threat actor can monitor keystrokes, steal...Read more...
The FBI just issued a warning to the public against using free public USB charging ports, such as those found at airports or malls, because they've been found to be ports of entry for malware.
A recent tweet by the FBI Denver field office advised that bad actors (i.e. people with nefarious intentions, not Steven...Read more...
Time to tighten up your password complexity, dear readers. A deep learning password guessing tool called PassGAN has been found to take less than six minutes to crack your seven-character password, even ones with symbols.
Nefarious hackers are constantly looking for new means of stealing your information, and...Read more...
Google wants its Play Store users to have more control over their app account data by allowing them to delete their account and/or data directly within the app or online. Chalk that up as a nice win for personal data privacy.
In an announcement yesterday, Google laid down new rules that will require Android app...Read more...
Storage heavyweight Western Digitial announced over the weekend that it has suffered a "network security incident," which is a less alarming way to say its systems have been hacked by unknown threat actors. The company says it is currently working to investigate the attack and secure its systems, and that means...Read more...
Google used to offer Nexus-branded Android phones, but now Nexus means mobile malware. Chatter about the Nexus banking botnet began appearing on hacking forums in January 2023, but security researchers from Cleafy now believe this Android malware's origins stretch back to the middle of 2022. It's already very capable...Read more...
A highly malicious malware is infecting Intel- and M-powered Macs, stealing sensitive information such as user passwords, credit card info, and cookies.
Uptycs researchers recently uncovered a new malware that targets macOS desktop and laptops and shared details on their blog. It's called MacStealer and can infect...Read more...
Security experts confirmed a major bug in a core Windows app last week, and Microsoft is already rolling out a fix. As we learned recently, the Windows 11 Snipping Tool was susceptible to the "Acropalypse" bug initially discovered in Google's Pixel phones. Google is already patching that one up, and Microsoft isn't...Read more...
When you delete something, you would naturally expect it to stay deleted. With the "acropalypse" bug, all bets are off. Security researchers discovered last week that Google's Pixel phones would retain data from cropped screenshots, allowing the cropped sections to be recovered. Now, it sounds like there's an almost...Read more...
Famed automaker Ferrari announced yesterday that the company suffered a data breach involving personal information of its clients, without any impact on its operations.
A hacker or hackers were recently able to gain access to the Maranello based company's IT systems, demanding a ransom for the client info...Read more...
Amazon-owned Ring is one of the largest providers of smart home cameras and security products, but any users who were trying to get by with the free service tier might be looking to jump ship soon. According to notices sent out by Ring, the company's cameras and security system will lose several key features in the...Read more...
Mortal Kombat has a reputation for being brutal, but rather than exacting excessive violence on video game characters, unknown threat actors are brazenly brutalizing their victims’ finances in a Mortal Kombat-themed ransomware campaign. Aside from ransomware, this campaign also makes use of the Laplas Clipper malware...Read more...