Hardware-level Apple Silicon vulnerability can leak cryptographic keys
Short of redesigning CPUs, the fix will seriously degrade performance
Research22 Mar 2024 | 22
Research
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet
The device that makes it possible is required in all American big rigs, and has poor security
Security22 Mar 2024 | 74
It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia
Research21 Mar 2024 | 5
As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims
Wave of Okta attacks mark what researchers are calling the biggest security trend of the year
Research15 Mar 2024 | 15
Poking holes in Google tech bagged bug hunters $10M
A $2M drop from previous year. So … things are more secure?
Security13 Mar 2024 | 4
Apple promises to protect iMessage chats from quantum computers
Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like
Research21 Feb 2024 | 30
How to weaponize LLMs to auto-hijack websites
We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets
Research17 Feb 2024 | 24
Cutting kids off from the dark web – the solution can only ever be social
Expert weighs in after Brianna Ghey murder amid worrying rates of child cybercrime
Cyber-crime16 Feb 2024 | 93
Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts
Deepfake-enabled attacks against Android and iPhone users are netting criminals serious cash
Research15 Feb 2024 | 30
Miscreants turn to ad tech to measure malware metrics
Now that's what you call dual-use tech
Research15 Feb 2024 | 4
Raspberry Robin devs are buying exploits for faster attacks
One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever
Research08 Feb 2024 | 2
Raspberry Pi Pico cracks BitLocker in under a minute
Windows encryption feature defeated by $10 and a YouTube tutorial
Research07 Feb 2024 | 143
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies
How good are your takedowns when fresh gangs are linked to previous ops, though?
Research06 Feb 2024 | 1
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
The closest thing we may ever get to a real-life Die Hard 2 scenario
Research03 Feb 2024 | 17
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Evidence mounts of an exploit gatekept within Russia's borders
Research31 Jan 2024 |
COVID-19 test lab accused of exposing 1.3 million patient records to open internet
Now that's a Dutch crunch
Research24 Jan 2024 | 2
IT consultant fined for daring to expose shoddy security
Spotting a plaintext password and using it in research without authorization deemed a crime
Research19 Jan 2024 | 94
Google TAG: Kremlin cyber spies move into malware with a custom backdoor
The threat hunters believe COLDRIVER has used SPICA since at least November 2022
Research18 Jan 2024 | 5
Vast botnet hijacks smart TVs for prime-time cybercrime
Updated 8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material
Research18 Jan 2024 | 7
Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats
So much for isolation
Research17 Jan 2024 | 1
What's worse than paying an extortion bot that auto-pwned your database?
Paying one that lied to you and only saved the first 20 rows of each table
Research17 Jan 2024 | 17
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs
Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022
Research16 Jan 2024 | 8
So, are we going to talk about how GitHub is an absolute boon for malware, or nah?
Microsoft says it's doing its best to crack down on crims
Research12 Jan 2024 | 23
Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks
CES Now that's a smart move
Research12 Jan 2024 | 193
And that's a wrap for Babuk Tortilla ransomware as free decryptor released
Experts' job made 'straightforward' by crooks failing to update encryption schema after three years
Research09 Jan 2024 | 3
Google password resets not enough to stop these info-stealing malware strains
Updated Now every miscreant is jumping on Big G's OAuth account security hole
Research02 Jan 2024 | 12
NKabuse backdoor harnesses blockchain brawn to hit several architectures
Novel malware adapts delivers DDoS attacks and provides RAT functionality
Research15 Dec 2023 | 3
Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware
Latest offensive cyber group to switch to atypical programming for payloads
Research11 Dec 2023 | 10
Two years on, 1 in 4 apps still vulnerable to Log4Shell
Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time
Research11 Dec 2023 | 11
Exposed Hugging Face API tokens offered full access to Meta's Llama 2
Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML
Research04 Dec 2023 | 6
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Exploits bypass most secure boot solutions from the biggest chip vendors
Research01 Dec 2023 | 33
Weak session keys let snoops take a byte out of your Bluetooth traffic
BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets
Research30 Nov 2023 | 12
How to give Windows Hello the finger and login as someone on their stolen laptop
Not that we're encouraging anyone to defeat this fingerprint authentication
Research22 Nov 2023 | 90
BlackCat plays with malvertising traps to lure corporate victims
Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware
Research16 Nov 2023 | 1
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
Ransomware more efficient than ever, and baddies are still after your logs
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean
Research15 Nov 2023 | 3
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling
Let's do the CacheWarp again
Research14 Nov 2023 | 7
Passive SSH server private key compromise is real ... for some vulnerable gear
OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out
Research14 Nov 2023 | 12
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims
Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain
Research09 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware
Months of work reveals how this tricky malware family targets... the financial services sector
Research07 Nov 2023 | 4
Cybercrooks amp up attacks via macro-enabled XLL files
Neither Excel nor PowerPoint safe as baddies continue to find ways around protections
Research01 Nov 2023 | 6
Cryptojackers steal AWS credentials from GitHub in 5 minutes
Researchers just scratching surface of their understanding of campaign dating back to 2020
Research30 Oct 2023 | 3
F5 hurriedly squashes BIG-IP remote code execution bug
Fixes came earlier than scheduled as vulnerability became known to outsiders
Research27 Oct 2023 | 3
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit
Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence
Research27 Oct 2023 | 1
Side channel attacks take bite out of Apple silicon with iLeakage exploit
Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts
Research26 Oct 2023 | 10
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
Researcher who publicized issue brands company’s communication 'appalling'
Research26 Oct 2023 | 3
British boffins say aircraft could fly on trash, cutting pollution debt by 80%
Domestic jets can use 'municipal solid waste' to fly the friendly skies
Research17 Oct 2023 | 115
BLOODALCHEMY provides backdoor to southeast Asian nations' secrets
Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers
Research16 Oct 2023 | 1
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit
Two years on and Microsoft refuses to address the issue
Research13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public
We'd like to say don't panic … but maybe?
Research13 Oct 2023 | 10
Everest cybercriminals offer corporate insiders cold, hard cash for remote access
The ransomware gang changes identities more than Jason Bourne
Research12 Oct 2023 | 9
Mirai reloads exploit arsenal as botnet embarks on another expansion drive
With 13 new payloads it's the biggest update to the botnet in months
Research10 Oct 2023 |
Researcher bags two-for-one deal on Linux bugs while probing GNOME component
One-click exploit could potentially affect most major distros
Research10 Oct 2023 | 12
Ransomware attacks register record speeds thanks to success of infosec industry
Dwell times drop to hours rather than days for the first time
Research10 Oct 2023 | 3
ROBOT crypto attack on RSA is back as Marvin arrives
More precise timing tests find many implementations vulnerable
Research26 Sep 2023 | 9
Marvell disputes claim Cavium backdoored chips for Uncle Sam
Allegations date back a decade to leaked Snowden docs
Research19 Sep 2023 | 8
Cryptojackers spread their nets to capture more than just EC2
AMBERSQUID operation takes AWS's paths less travelled in search of compute
Research18 Sep 2023 | 3
Probe reveals previously secret Israeli spyware that infects targets via ads
Oh s#!t, Sherlock
Research16 Sep 2023 | 73
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop
Cut and shut is so last century, now it's copy and clone
Research13 Sep 2023 | 9
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)
Fun technique – but how practical is it?
Research13 Sep 2023 | 20
Biting the hand that feeds IT
