US Supremes deny Pegasus spyware maker's immunity claimNSO maintains that it's all legit The US Supreme Court has quashed spyware maker NSO Group's argument that it...
Month: January 2023
Homeland Security, CISA builds AI-based cybersecurity analytics sandbox
Homeland Security, CISA builds AI-based cybersecurity analytics sandboxHigh-spec system is crucial to defending against the latest threats Two of the US government's leading security agencies are...
Pakistan’s government to agencies: Dark web is dangerous, please don’t go there
Pakistan’s government to agencies: Dark web is dangerous, please don’t go thereAdvice follows embarrassing leak of audio from Prime Minister’s office Pakistan’s government has warned its...
Wiretap lawsuit accuses Apple of tracking iPhone users who opted out
Wiretap lawsuit accuses Apple of tracking iPhone users who opted outThis is the company that claims: 'Privacy. That's iPhone' Apple "unlawfully records and uses consumers' personal...
How to track equipped cars via exploitable e-ink platemaker
How to track equipped cars via exploitable e-ink platemakerMiscreants could have tracked, modified, deleted digital plates California's street-legal ink license plates only received a nod from...
Russian meddling in 2016 US presidential election was weak sauce
Russian meddling in 2016 US presidential election was weak sauceBoffins find Twitter foreign influence campaign didn't have much pull Russian disinformation didn't materially affect the way...
First Patch Tuesday of the year explodes with in-the-wild exploit fix
First Patch Tuesday of the year explodes with in-the-wild exploit fixPlus: Intel, Adobe, SAP and Android bugs Patch Tuesday Microsoft fixed 98 security flaws in its...
Privacy on the line: Boffins break VoLTE phone security
Privacy on the line: Boffins break VoLTE phone securityCall metadata can be ferreted out Boffins based in China and the UK have devised a telecom network...
Health insurer Aflac blames US partner for leak of Japanese cancer policy info
Health insurer Aflac blames US partner for leak of Japanese cancer policy infoZurich’s Japanese outpost also leaks a couple of million records Global insurer Aflac's Japanese...
Swiss Army’s Threema messaging app was full of holes – at least seven
Swiss Army's Threema messaging app was full of holes – at least sevenAt least the penknives are still secure A supposedly secure messaging app preferred by...
German cartel watchdog objects to the way Google processes user data
German cartel watchdog objects to the way Google processes user dataNot transparent, not specific, and too easy to say yes to Google users don't have enough...
Microsoft fixes Windows database connections it broke in November
Microsoft fixes Windows database connections it broke in NovemberJanuary Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22 Included in the usual...
AI-generated phishing emails just got much more convincing
AI-generated phishing emails just got much more convincingDid a criminally minded robot write this? In part, yes. GPT-3 language models are being abused to do much...
Royal Mail, cops probe ‘cyber incident’ that’s knackered international mail
Royal Mail, cops probe 'cyber incident' that's knackered international mailDon't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system...
US think tank says China would probably lose if it tries to invade Taiwan
US think tank says China would probably lose if it tries to invade TaiwanBut even a short conflict would wreck the economy, which would be bad...
VALL-E AI can mimic a person’s voice from a three-second snippet
VALL-E AI can mimic a person’s voice from a three-second snippetAre you really saying what I’m hearing? Microsoft researchers are working on a text-to-speech (TTS) model...
Lawyers slam SEC for ‘blatant fishing expedition’ after Exchange mega-attack
Lawyers slam SEC for 'blatant fishing expedition' after Exchange mega-attackNot a 'whiff of wrongdoing' here, says attorney now fighting off Uncle Sam The US Securities and...
Microsoft fumbles zero trust upgrade for some Asian customers
Microsoft fumbles zero trust upgrade for some Asian customersEnhanced access privileges for partners choke on double-byte characters, contribute to global delays Microsoft has messed up a...
Euro-cops shut down crypto scam that bilked millions from unwitting punters
Euro-cops shut down crypto scam that bilked millions from unwitting puntersIf the investment opportunity sounds too good to be true … European cops arrested 15 suspected...
Announcing a stable release of sigstore-python
Announcing a stable release of sigstore-pythonBy William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the...
This can’t be a real bomb threat: You’ve called a modem, not a phone
This can’t be a real bomb threat: You've called a modem, not a phoneSecurity was nonetheless very, very, interested in hearing this comms engineer tell his...
Long data privacy notices aren’t foolproof, Euro watchdog tells Meta
Long data privacy notices aren't foolproof, Euro watchdog tells MetaAs Meta reels from €390 million EU fine, the 'personalized ads' case might not be over, Max...
ManageEngine CVE-2022-47966 IOCs
ManageEngine CVE-2022-47966 IOCsIntroduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on...
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start Menu
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start MenuHappy Friday 13th sysadmins! Techies find workarounds but Redmond still 'investigating' Techies are reporting that...
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious ExtensionsA new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to...
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security...
Top SaaS Cybersecurity Threats in 2023: Are You Ready?
Top SaaS Cybersecurity Threats in 2023: Are You Ready?Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by...
Yikes, Control Web Panel has Critical RCE — Patch NOW
Yikes, Control Web Panel has Critical RCE — Patch NOW Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being...
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through FirewallsIn yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found...
Canadian owes bosses for ‘time theft’ after work-tracking app sinks tribunal bid
Canadian owes bosses for 'time theft' after work-tracking app sinks tribunal bidShe hoped to score thousands but laptop app had other ideas A woman in Canada...