Top

Tag: Security


Application security, Security

API sprawl: navigating the web of connectivity and security challenges

March 11, 2024

Via: TechRadar

In today’s fast evolving digital space, the proliferation of application programming interfaces (APIs) has been nothing short of explosive. One forecast predicts there will be nearly 1.7 billion active APIs by 2030 which ushers in unparalleled opportunities for innovation and […]


Network security, Security

NIST updates Cybersecurity Framework after a decade of lessons

February 27, 2024

Via: The Register

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). Unlike the original, which was designed with critical […]


Data loss, Threats & Malware

Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing’s cyber-attackers for hire

February 22, 2024

Via: The Register

A cache of stolen documents posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing. The trove appeared on GitHub last week and contains hundreds of documents documenting I-Soon’s activities. Analysis of […]


Data loss, Threats & Malware

Wyze admits 13,000 users could have viewed strangers’ camera feeds

February 20, 2024

Via: The Register

Smart home security camera slinger Wyze is telling customers that a cybersecurity “incident” allowed thousands of users to see other people’s camera feeds. Thanks to a helpful Reg reader who sent a customer email over to us, we know that […]


Network security, Security

Chrome is getting a big privacy and security boost from Google to help safeguard your home network

February 19, 2024

Via: TechRadar

Google Chrome is getting an upgrade that will help safeguard devices connected to a private or home network. Google outlined its plans in a post on its Chrome Platform Status page, explaining that the new feature will behave as a […]


Cyber-crime, Identity theft

Meta says risk of account theft after phone number recycling isn’t its problem to solve

February 13, 2024

Via: The Register

Meta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t qualify for its bug bounty program and is a matter for telecom companies to sort out. […]


Application security, Security

Rust can help make software secure – but it’s no cure-all

February 8, 2024

Via: The Register

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they’re not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won’t fix […]


Threats & Malware, Vulnerabilities

Raspberry Pi Pico cracks BitLocker in under a minute

February 7, 2024

Via: The Register

We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company […]


Data loss, Threats & Malware

Verizon says 63K employees’ info fell into the wrong hands – an insider this time

February 6, 2024

Via: The Register

Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data. The privacy blunder happened in September, and the American telco giant attributed it to “inadvertent disclosure” and […]


Threats & Malware, Virus & Malware

Vast botnet hijacks smart TVs for prime-time cybercrime

January 18, 2024

Via: The Register

Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi. At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and […]


Privacy protection, Security

Drivers: We’ll take that plain dumb car over a flashy data-spilling internet one, thanks

January 12, 2024

Via: The Register

Despite all the buzz around internet-connected smart cars at this year’s CES in Las Vegas, most folks don’t want vehicle manufacturers sharing their personal data with third parties – and even say they’d consider buying an older or dumber car […]


Access control, Security

Adding Security Keys to Your Authentication Toolbox

January 10, 2024

Via: SecurityWeek

I have always known about physical security keys, also called hard tokens, but never actually used one despite my curiosity. So, I was kind of excited when I got my hands on two cool things: a YubiKey 5 and a […]


Threats & Malware, Vulnerabilities

New year, new updates for security holes in Windows, Adobe, Android and more

January 9, 2024

Via: The Register

Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, […]


Cyber-crime, Malware

This brand new type of malware is out to target Windows machines, so watch out

January 5, 2024

Via: TechRadar

Cybersecurity researchers have discovered a new piece of malware targeting Windows devices, so be on the lookout. Experts from Fortinet’s FortiGuard Labs claim to have found a previously undetected version of a remote access trojan called Bandook. This malware was […]


Threats & Malware, Virus & Malware

Microsoft disables one of its own software tools following multiple malware attacks

December 29, 2023

Via: TechRadar

Microsoft has disabled the ms-appinstaller protocol handler as default after it found new evidence of hackers using it to deploy malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for […]


Cyber-crime, Malware

A tale of 2 casino ransomware attacks: One paid out, one did not

December 28, 2023

Via: The Register

The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. But despite the similar characters and plots, […]


Editorial

Navigating the Risks: Security Challenges in the Age of Industry 4.0

December 25, 2023

Via: Natalie Dunn

The Fourth Industrial Revolution, commonly known as Industry 4.0, is a transformative paradigm shift that is revolutionizing the manufacturing landscape. This era of interconnectedness and automation is characterized by the convergence of physical systems, the Internet of Things (IoT), and […]


Threats & Malware, Vulnerabilities

Before you go away for Xmas: You’ve patched that critical Perforce Server hole, right?

December 19, 2023

Via: The Register

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]


Network security, Security

Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

December 8, 2023

Via: The Register

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We’re told the attacks – which are usable against […]


Cyber-crime, Malware

Japan’s space agency suffers cyber attack, points finger at Active Directory

November 29, 2023

Via: The Register

Japan’s Space Exploration Agency (JAXA) has reported a cyber incident. Chief cabinet secretary Matsuno mentioned the incident in his morning briefing, telling reporters the agency suspected a breach, possibly to its Active Directory implementation, so conducted further research and found […]