How to track equipped cars via exploitable e-ink platemakerMiscreants could have tracked, modified, deleted digital plates California's street-legal ink license plates only received a nod from...
Day: January 14, 2023
Russian meddling in 2016 US presidential election was weak sauce
Russian meddling in 2016 US presidential election was weak sauceBoffins find Twitter foreign influence campaign didn't have much pull Russian disinformation didn't materially affect the way...
First Patch Tuesday of the year explodes with in-the-wild exploit fix
First Patch Tuesday of the year explodes with in-the-wild exploit fixPlus: Intel, Adobe, SAP and Android bugs Patch Tuesday Microsoft fixed 98 security flaws in its...
Privacy on the line: Boffins break VoLTE phone security
Privacy on the line: Boffins break VoLTE phone securityCall metadata can be ferreted out Boffins based in China and the UK have devised a telecom network...
Health insurer Aflac blames US partner for leak of Japanese cancer policy info
Health insurer Aflac blames US partner for leak of Japanese cancer policy infoZurich’s Japanese outpost also leaks a couple of million records Global insurer Aflac's Japanese...
Swiss Army’s Threema messaging app was full of holes – at least seven
Swiss Army's Threema messaging app was full of holes – at least sevenAt least the penknives are still secure A supposedly secure messaging app preferred by...
German cartel watchdog objects to the way Google processes user data
German cartel watchdog objects to the way Google processes user dataNot transparent, not specific, and too easy to say yes to Google users don't have enough...
Microsoft fixes Windows database connections it broke in November
Microsoft fixes Windows database connections it broke in NovemberJanuary Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22 Included in the usual...
AI-generated phishing emails just got much more convincing
AI-generated phishing emails just got much more convincingDid a criminally minded robot write this? In part, yes. GPT-3 language models are being abused to do much...
Royal Mail, cops probe ‘cyber incident’ that’s knackered international mail
Royal Mail, cops probe 'cyber incident' that's knackered international mailDon't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system...
US think tank says China would probably lose if it tries to invade Taiwan
US think tank says China would probably lose if it tries to invade TaiwanBut even a short conflict would wreck the economy, which would be bad...
VALL-E AI can mimic a person’s voice from a three-second snippet
VALL-E AI can mimic a person’s voice from a three-second snippetAre you really saying what I’m hearing? Microsoft researchers are working on a text-to-speech (TTS) model...
Lawyers slam SEC for ‘blatant fishing expedition’ after Exchange mega-attack
Lawyers slam SEC for 'blatant fishing expedition' after Exchange mega-attackNot a 'whiff of wrongdoing' here, says attorney now fighting off Uncle Sam The US Securities and...
Microsoft fumbles zero trust upgrade for some Asian customers
Microsoft fumbles zero trust upgrade for some Asian customersEnhanced access privileges for partners choke on double-byte characters, contribute to global delays Microsoft has messed up a...
Euro-cops shut down crypto scam that bilked millions from unwitting punters
Euro-cops shut down crypto scam that bilked millions from unwitting puntersIf the investment opportunity sounds too good to be true … European cops arrested 15 suspected...
Announcing a stable release of sigstore-python
Announcing a stable release of sigstore-pythonBy William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the...
This can’t be a real bomb threat: You’ve called a modem, not a phone
This can’t be a real bomb threat: You've called a modem, not a phoneSecurity was nonetheless very, very, interested in hearing this comms engineer tell his...
Long data privacy notices aren’t foolproof, Euro watchdog tells Meta
Long data privacy notices aren't foolproof, Euro watchdog tells MetaAs Meta reels from €390 million EU fine, the 'personalized ads' case might not be over, Max...
ManageEngine CVE-2022-47966 IOCs
ManageEngine CVE-2022-47966 IOCsIntroduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on...
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start Menu
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start MenuHappy Friday 13th sysadmins! Techies find workarounds but Redmond still 'investigating' Techies are reporting that...
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious ExtensionsA new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to...
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security...
Top SaaS Cybersecurity Threats in 2023: Are You Ready?
Top SaaS Cybersecurity Threats in 2023: Are You Ready?Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by...
Yikes, Control Web Panel has Critical RCE — Patch NOW
Yikes, Control Web Panel has Critical RCE — Patch NOW Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being...
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through FirewallsIn yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found...
Canadian owes bosses for ‘time theft’ after work-tracking app sinks tribunal bid
Canadian owes bosses for 'time theft' after work-tracking app sinks tribunal bidShe hoped to score thousands but laptop app had other ideas A woman in Canada...
Randall Munroe’s XKCD ‘Washing Machine Settings’
Randall Munroe’s XKCD ‘Washing Machine Settings’ via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink The post Randall Munroe’s XKCD ‘Washing...
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management The post Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management appeared first on...
Russians say they can grab software from Intel again
Russians say they can grab software from Intel againAnd Windows updates from Microsoft, too People in Russia can reportedly once again download drivers and some other...
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car BrandsMultiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to...