Items tagged with cybersecurity
A new variant of the BADBOX malware campaign has taken root in over a million Android-based devices worldwide, and if you’ve picked up a cheap smart TV box or projector off Amazon or AliExpress lately, you might be part of the problem. BADBOX 2.0 is a sprawling botnet targeting Android Open Source Project (AOSP)...
Read more...
Lingerie giant Victoria's Secret has abruptly taken down its U.S. website and some in-store services, citing an ongoing "security incident." The move, which has left customers unable to access online shopping and order tracking, comes as the company works with third-party experts to investigate and restore operations...
Read more...
It might surprise you to learn this, but cybercriminals are usually fairly protective of the data they steal, because things like credentials and login details have value, and can be sold to the right buyer. That's why it's so unusual that this latest discovery was apparently found completely unencrypted and visible...
Read more...
Intel is once again in the crosshairs of a fresh speculative execution exploit, this time dubbed "Branch Privilege Injection." The new vulnerability, revealed by researchers at ETH Zurich's COMSEC group, is capable of extracting sensitive kernel memory using techniques that bypass existing Spectre-class mitigations...
Read more...
In a recent study, scientists sounded the alarm on the vulnerability of DNA data, particularly those obtained through next-generation DNA sequencing (NGS), against nefarious hackers. While no known bio-data breach has occurred in the real world yet, the study set out to identify new and emerging hacking methods that...
Read more...
Modern AI is far from science-fiction AGI, and yet it can still be an incredibly powerful tool. Like any tool, if misused, it can pose a threat to legitimate users, like how we recently covered photographers' concerns that Google's Gemini Flash 2.0 could be used to easily remove watermarks from copyrighted...
Read more...
You probably have experienced situations where you needed to convert files from one format to another. In these cases, free online file converters are a common solution. However, the FBI Denver Field Office has just taken to X (formerly Twitter) to warn users that threat actors now use these seemingly harmless online...
Read more...
Netgear has issued an urgent security update for six of its popular WiFi home gateways, including three Nighthawk Pro gaming routers, after researchers uncovered severe Remote Code Execution (RCE) vulnerabilities. These flaws, which allow attackers to run arbitrary code on the devices without authentication, have been...
Read more...
Before we get started, let's clarify this headline. "DeepSeek" is the name of a Chinese AI startup that has produced some very impressive AI models, given the limited resources at its disposal. It is also the name of that startup's mobile app, and it's the latter that we're specifically concerned about today. That is...
Read more...
Malicious actors have a variety of techniques to try and ensnare victims online, one of which is scareware. It entails displaying web pages designed to convince a user that their system has been somehow compromised, but promises to offer a tech support solution that will “fix” the issue. Microsoft is now providing a...
Read more...
Medical device manufacturer Artivion, who specializes in making products used by cardiac and vascular surgeons to treat patients, has been hit with a ransomware attack. It was severe enough attack that it has disrupted the company’s operations to the point it needed to disable some of its systems. The company...
Read more...
Security researchers at Any.Run have found a new zero-day attack currently being used by threat actors to evade detection tools used by security professionals. This new technique “evades antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your...
Read more...
It might seem as if threat actors have been more heavily targeting mobile users lately with malware and exploits, but it doesn’t mean desktop users can drop their guard. Researchers at ESET have discovered a vulnerability in several Mozilla products, which are currently being exploited by a Russian hacking group known...
Read more...
Companies that offer AI services to the public, like Anthropic and OpenAI, try to prevent out-of-pocket behavior from their AI models by establishing "guardrails" on them, hopefully preventing their AIs from doing things like asking their human users to "please die." These guardrails prevent the networks from engaging...
Read more...
Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says that “this is one of the more serious vulnerabilities that we have reported on in our 12 year history.”
The affected...
Read more...
Security researchers at Kaspersky have discovered malware, dubbed SteelFox, which has been spreading “via forums posts, torrent trackers and blogs” since February of last year. It’s a potent piece of malicious software that attackers can use to extract a whole host of data from a victim’s computer, and can even enable...
Read more...
In what feels like a serious case of déjà vu, a piece of Android malware initially discovered two years ago, and spotted this time by cybersecurity firm Zimperium, is making the rounds again with a new version sporting several alarming advancements. While the malicious app has a new coat of paint, the aim is still the...
Read more...
A joint statement by the Federal Bureau of Investigations (FBI) and Critical Infrastructure Security and Resilience (CISA) have revealed that parties affiliated with People's Republic of China have gained access to U.S. commercial telecommunication infrastructure. Some of the phones targeted by the attack...
Read more...
With threat actors constantly targeting Android users with spam to distribute new malware, and even going so far as to repurpose older malware, Google is upgrading Messages to better protect users. The company is bringing “new controls and features to make your conversations on Google Messages even more secure and...
Read more...
Security software provider Kaspersky, which will soon be banned from selling or providing its services in the United States, promised a smooth transition for current customers. However, many of these customers were shocked to find that their Kaspersky antivirus software had suddenly deleted itself and was...
Read more...
In what feels like déjà vu, a particular piece of Android malware has managed to sneak its way back into apps available in the Google Play Store after initially being discovered in 2019. The security research team at Kaspersky shared that the "Necro" trojan was found within several popular apps that, according to...
Read more...
Researchers at Cado Security have found new malware targeting maOS users, which is dubbed “Cthulhu Stealer.” The malicious app attempts to deceiver users by masquerading as legitimate software, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP. It’s incredibly similar to Atomic Stealer, malware first released in...
Read more...
