At the Intersection of Technology and Real Life

aRTy News Headlines – 2018-12-20

aRTy News Headlines – 2018-12-20

Mike York News for aRTy

Waze CEO, Noam Bardin, Attributes Success to Apple Maps Failure – 9-to-5 Mac

Apple Delivers Bent iPad Pros; Says it’s Normal – The Verge

VR Sex Helmet Concept Will Haunt Your Nightmares – CNET

Square Roots is Bringing More Transparency to its Produce – Techcrunch

aRTy News Headlines – 2018-12-20

aRTy News Headlines – 2018-12-20

Microsoft and Limbitless Solutions Create Halo Themed Prosthetic Arms – The Verge

Google Lens Can Now Recognize a Billion Items – The Verge

Tesla Proves IT and Automotive World Still Dominated by Men – TechCrunch

What is aRTy News?

Security Intelligence, Syndicated Stories

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on […]
The post Third-Party App Stores Could Be a Red Flag for iOS Security appeared first on Security Intelligence. …

Security Intelligence, Syndicated Stories

Synthetic Media Creates New Social Engineering Threats

Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker. Social engineering typically involves tricking an authorized user into taking an action that enables cyber attackers to bypass physical or digital security. One common […]
The post Synthetic Media Creates New Social Engineering Threats appeared first on Security Intelligence. …

Security Intelligence, Syndicated Stories

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but […]
The post Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” appeared first on Security Intelligence. …

Leave a Reply Cancel reply

You must be logged in to post a comment.

Latest Headlines

1
2
3
4
Error
6
7
8
9
10
11
12
13

Life as a 21st-Century Trucker

17 January 2023

Technology, corporate greed, and supply-chain chaos are transforming life behind the wheel of a big rig. I went on the road to find exactly how. [...]

'The Last of Us' Does What No Show Has Done Before

12 January 2023

Video game adaptations are notoriously brain-dead. But the minds behind HBO’s infectious new zombie series turn action into drama—and break the curse. [...]

Unmasking Pedro Pascal, the Complicated New Face of Sci-Fi

9 January 2023

The Last of Us star talks video games, violence, and playing tough guys (Hi, Mando!) when you’re actually a people pleaser. [...]

Would You Sell Your Extra Kidney?

5 January 2023

Each year thousands die because there aren’t enough organs for transplants, and I may be one of them. It’s time to start compensating donors. [...]

The Singularity of Allison Williams

29 December 2022

Girls. Get Out. Now M3GAN. In just a handful of performances, the actress has redefined authenticity—and achieved a new kind of artificial reality. [...]

The Secret Life of Plant Killers

22 December 2022

To take out invasives, the US relies on crews wielding hatchets, chainsaws, and herbicide. It’s a messy, fun job—but it may not be enough to stop the spread. [...]

The Quest to Defuse Guyana’s Carbon Bomb

20 December 2022

A former BP lawyer is going up against Exxon—and her own country—in a bid to stop offshore oil drilling before disaster strikes. [...]

Welcome to Digital Nomadland

16 December 2022

A Portuguese island created a village for remote workers, promising community to the newcomers and prosperity to the locals—then delivered on neither. [...]

Tony Fadell Is Trying to Build the iPod of Crypto

6 December 2022

The product guru made Ledger’s new hardware wallet—a tiny vault for digital cash—flashy and fun. Plus, with this gadget you’ll never get FTX’d. [...]

We’re in Denial About the True Cost of a Twitter Implosion

2 December 2022

Elon Musk’s platform may be hell, but it’s also where huge amounts of reputational and social wealth are invested. All of that is in peril. [...]

The Week in Ransomware - January 27th 2023 - 'We hacked the hackers'

28 January 2023

For the most part, this week has been relatively quiet regarding ransomware attacks and researcher — that is, until the FBI announced the disruption of the Hive ransomware operation. [...]

Massive Microsoft 365 outage caused by WAN router IP change

27 January 2023

Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network (WAN). [...]

Ukraine: Sandworm hackers hit news agency with 5 data wipers

27 January 2023

The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th. [...]

Microsoft fixes Windows 11 issue behind Remote Desktop freezes

27 January 2023

Microsoft has addressed a known issue causing Remote Desktop app freezes on Windows 11 systems after installing the Windows 11 2022 Update. [...]

PlugX malware hides on USB devices to infect new Windows hosts

27 January 2023

Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. [...]

Microsoft starts force upgrading Windows 11 21H2 devices

27 January 2023

Microsoft has started the forced rollout of Windows 11 22H2 to systems running Windows 11 21H2 that are approaching their end-of-support (EOS) date on October 10, 2023. [...]

Windows 11 KB5022360 preview update released with 15 improvements

27 January 2023

Microsoft has released the Windows 11 22H2 KB5022360 preview cumulative update with fifteen fixes or improvements. [...]

Microsoft urges admins to patch on-premises Exchange servers

26 January 2023

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update (CU) to have them always ready to deploy an emergency security update. [...]

Bitwarden password vaults targeted in Google ads phishing attack

26 January 2023

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [...]

US offers $10M bounty for Hive ransomware links to foreign governments

26 January 2023

The U.S. Department of State today offered up to $10 million for information that could help link the Hive ransomware group (or other threat actors) with foreign governments. [...]

GoldenEye 007 Hits Nintendo Switch, Xbox: How to Play and Fix Switch Controls - CNET

28 January 2023

The iconic 1997 Nintendo 64 first-person shooter brings classic James Bond action to Nintendo Switch Online and Xbox Game Pass. [...]

Pokemon Scarlet and Violet: Greninja 7-Star Raid Guide - CNET

28 January 2023

Here's how to reliably beat the Greninja raid battle. [...]

An Amazon Tomb Raider TV Series Is Reportedly in the Works - CNET

28 January 2023

Phoebe Waller-Bridge, Emmy-winning showrunner of Fleabag and Killing Eve, is said to be writing the series. [...]

'The Last of Us' Release Schedule: When Does Episode 3 Come Out on HBO Max? - CNET

28 January 2023

HBO's adaptation of the post-apocalyptic PlayStation game runs until March. [...]

Now Is a Very Bad Time to Buy Samsung's Galaxy S22 - CNET

27 January 2023

The Galaxy S23 is likely just days away, meaning the previous model could get a price reduction. [...]

4 Tips to Promote Better Mental Health Without Therapy - CNET

27 January 2023

Therapy is the best treatment for mental health troubles. But it's not always attainable. [...]

Best Banks for Joint Accounts for January 2023 - CNET

27 January 2023

These joint checking accounts make it easy to combine money and manage shared expenses. [...]

Google Street View Has an Extremely Weird Side: How to Find It - CNET

27 January 2023

With a new program, you can peruse hundreds of strange, creepy, cute and artsy Google Street View sights. [...]

FDA to Make Long-Awaited Changes to Blood Donation Rules - CNET

27 January 2023

The new proposals remove restrictions on gay and bisexual men that go back to the 1980s, instead focusing on individual health assessments for giving blood. [...]

Blake Lively to Star in Movie Adaptation of Novel 'It Ends With Us' - CNET

27 January 2023

But not everyone's excited about the casting of Lively for Colleen Hoover's best-selling story. [...]

Enterprises Need to Do More to Assure Consumers About Privacy

27 January 2023

Organizations care about data privacy, but their priorities appear to be different from what their customers think are important. [...]

Why Most Companies Still Don’t Know What’s on Their Network

27 January 2023

Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery. [...]

On Data Privacy Day, Organizations Fail Data Privacy Expectations

27 January 2023

Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure. [...]

Critical RCE Lexmark Printer Bug Has Public Exploit

27 January 2023

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers. [...]

Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign

27 January 2023

Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group. [...]

How Noob Website Hackers Can Become Persistent Threats

27 January 2023

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say. [...]

3 Ways ChatGPT Will Change Infosec in 2023

27 January 2023

OpenAI's chatbot has the promise to revolutionize how security practitioners work. [...]

Riot Games Latest Video-Game Maker to Suffer Breach

26 January 2023

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends. [...]

A Child's Garden of Cybersecurity

26 January 2023

Whether you dream of your child growing into a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery. [...]

Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems

26 January 2023

Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA. [...]

RSS Error: A feed could not be found at `http://www.infosecisland.com/rss.html`; the status code is `404` and content-type is `text/html; charset=utf-8`

Gen Z embraces dumb flip phones, a smarter life hack than you'd think

28 January 2023

Are flip phones really a relic of the past or a future tool to protect mental health? For Gen Z, it's currently a content-coping device. [...]

The 5 best 50-inch TVs of 2023

27 January 2023

This year, skip the pub and host a Super Bowl watch party at your home. Shop our favorite picks for the best 50-inch TVs. [...]

The 5 best portable power stations of 2023

27 January 2023

A portable power station is a great way to keep your devices charged and essential medical equipment running during an outage. Since you don't need to use dangerous fuels like kerosene or diesel, you can keep them inside to protect them from extreme weather conditions and keep them in top working order. [...]

The 5 best hotspots of 2023

27 January 2023

When you are on the go, it is important to stay connected, but not all hotspots work the same. These are the best hotspots you can buy today based on performance, price, and durability. [...]

The 6 best live TV streaming services of 2023

27 January 2023

If you're interested in going cable-free, you may want to switch to a live TV streaming service, which you can cancel at any time. There are even packages out there that let you stream sports and news online. That's great for anyone who wants to keep up with post-season NFL action and catch the Super Bowl without an expensive contract. [...]

This iPad Air just dropped to $800 on Amazon

27 January 2023

Apple products typically don't see too many deals, especially the newest models. But, this iPad Air can be secured for $800 on Amazon -- a $100 discount. [...]

The 5 best plant subscription boxes of 2023

27 January 2023

You can get the perfect plants delivered right to your door. The best plant subscription boxes offer different price points and plant types to fill your home with greenery. [...]

How to use DALL•E 2 to turn your wildest imaginations into AI-generated art

27 January 2023

AI art platform, DALL•E 2, creates images from text descriptions in seconds. In this article, we show you how to get the results you desire. [...]

The 6 best record players of 2023

27 January 2023

Looking for something to spin your vinyl collection? The best record players have modern features like Bluetooth while still providing that crisp record crackle sound you know and love. [...]

The best AI writers of 2023: ChatGPT and alternatives

27 January 2023

AI writing tools can help lighten your workload by writing emails and essays and even doing math. They use artificial intelligence to generate text or answer queries based on user input. ChatGPT is one popular example, but there are other noteworthy AI writers. [...]

Data Privacy: How the Growing Field of Regulations Impacts Businesses

27 January 2023

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to […] The post Data Privacy: How the Growing Field of Regulations Impacts Businesses appeared first on Security Intelligence. [...]

Why Zero Trust Works When Everything Else Doesn’t

27 January 2023

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a “default deny” security posture. All people and devices must prove explicit permission to use each network resource […] The post Why Zero Trust Works When Everything Else Doesn’t appeared first on Security Intelligence. [...]

5 Golden Rules of Threat Hunting

27 January 2023

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late. Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for […] The post 5 Golden Rules of Threat Hunting appeared first on Security Intelligence. [...]

Third-Party App Stores Could Be a Red Flag for iOS Security

26 January 2023

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on […] The post Third-Party App Stores Could Be a Red Flag for iOS Security appeared first on Security Intelligence. [...]

Defensive Driving: The Need for EV Cybersecurity Roadmaps

26 January 2023

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise […] The post Defensive Driving: The Need for EV Cybersecurity Roadmaps appeared first on Security Intelligence. [...]

Who Will Be the Next National Cyber Director?

25 January 2023

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the […] The post Who Will Be the Next National Cyber Director? appeared first on Security Intelligence. [...]

Kronos Malware Reemerges with Increased Functionality

25 January 2023

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […] The post Kronos Malware Reemerges with Increased Functionality appeared first on Security Intelligence. [...]

Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery

24 January 2023

Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking. Sounds like a typical Software-as-a-Service (SaaS) operation, right? Well, this time, it’s Caffeine, the latest Phishing-as-a-Service (PhaaS) platform. A basic […] The post Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery appeared first on Security Intelligence. [...]

Everyone Wants to Build a Cyber Range: Should You?

24 January 2023

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. […] The post Everyone Wants to Build a Cyber Range: Should You? appeared first on Security Intelligence. [...]

An IBM Hacker Breaks Down High-Profile Attacks

24 January 2023

On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of […] The post An IBM Hacker Breaks Down High-Profile Attacks appeared first on Security Intelligence. [...]

Critical Vulnerability Impacts Over 120 Lexmark Printers

27 January 2023

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published. The post Critical Vulnerability Impacts Over 120 Lexmark Printers appeared first on SecurityWeek. [...]

BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws

27 January 2023

The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). The post BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws appeared first on SecurityWeek. [...]

Industry Reactions to Hive Ransomware Takedown: Feedback Friday

27 January 2023

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement. The post Industry Reactions to Hive Ransomware Takedown: Feedback Friday appeared first on SecurityWeek. [...]

Microsoft Urges Customers to Patch Exchange Servers

27 January 2023

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks. The post Microsoft Urges Customers to Patch Exchange Servers appeared first on SecurityWeek. [...]

Iranian APT Leaks Data From Saudi Arabia Government Under New Persona

27 January 2023

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona The post Iranian APT Leaks Data From Saudi Arabia Government Under New Persona appeared first on SecurityWeek. [...]

US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware

27 January 2023

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive operation. The post US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware appeared first on SecurityWeek. [...]

Cyberattacks Target Websites of German Airports, Admin

26 January 2023

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet The post Cyberattacks Target Websites of German Airports, Admin appeared first on SecurityWeek. [...]

US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’

26 January 2023

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation. The post US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’ appeared first on SecurityWeek. [...]

Tenable Launches $25 Million Early-Stage Venture Fund

26 January 2023

Tenable has launched a $25 million venture fund to place bets on early-stage startups in the exposure management space. The post Tenable Launches $25 Million Early-Stage Venture Fund appeared first on SecurityWeek. [...]

820k Impacted by Data Breach at Zacks Investment Research

26 January 2023

Zacks Investment Research is informing 820,000 individuals that their personal data was compromised in a data breach. The post 820k Impacted by Data Breach at Zacks Investment Research appeared first on SecurityWeek. [...]

Fifth Wall, focused on real estate tech and managing $3.2B, looks to eat up even more of its market

28 January 2023

Brendan Wallace’s ambition is beginning to seem almost limitless. The venture firm that Wallace and cofounder Brad Greiwe launched less than seven years ago already has $3.2 billion in assets under management. But that firm, Fifth Wall, which argues there are massive financial returns at the intersection of real estate and tech, isn’t worried about […] Fifth Wall, focused on real estate tech and managing $3.2B, looks to eat up even more of its market by Connie Loizos originally published on TechCrunch [...]

NASA’s ‘Mega Moon Rocket’ aced first flight and is ready for crewed Artemis II launch

27 January 2023

The enormous Space Launch System passed its first test with flying colors, NASA’s preliminary analysis concludes, and the rocket and Orion capsule are good to go for their next mission: Artemis II, which will carry a crew to lunar orbit. After numerous delays and enormous cost overruns, some worried that the SLS (nicknamed the “Mega […] NASA’s ‘Mega Moon Rocket’ aced first flight and is ready for crewed Artemis II launch by Devin Coldewey originally published on TechCrunch [...]

Daily Crunch: Stripe responds to report that it seeks to raise $2B with a terse ‘no comment’

27 January 2023

Hello, friends, and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package. Daily Crunch: Stripe responds to report that it seeks to raise $2B with a terse ‘no comment’ by Christine Hall originally published on TechCrunch [...]

The 403-page Dungeons & Dragons game system is now licensed under Creative Commons

27 January 2023

It’s now official: Dungeons & Dragons is licensed under the Creative Commons. This makes the popular tabletop roleplaying game “freely available for any use,” Dungeons & Dragons executive producer Kyle Brink wrote in a blog post today. Just weeks ago, this outcome would have seemed impossible. About a month ago, Wizards of the Coast (WoTC) […] The 403-page Dungeons & Dragons game system is now licensed under Creative Commons by Amanda Silberling originally published on TechCrunch [...]

Elon Musk is being investigated by the SEC for Tesla self-driving claims, report says

27 January 2023

Tesla CEO Elon Musk is facing scrutiny by the U.S. Securities and Exchange Commission (SEC) regarding his specific comments and efforts to promote the automaker’s claims regarding its “self-driving” capabilities, Bloomberg reports. The SEC investigation into Musk is part of its overall efforts to determine whether Tesla has run afoul of its rules in promoting […] Elon Musk is being investigated by the SEC for Tesla self-driving claims, report says by Darrell Etherington originally published on TechCrunch [...]

What does selling to platform engineering teams mean for developer relations?

27 January 2023

How should dev-centric startups sell their product to platform engineering teams? What does selling to platform engineering teams mean for developer relations? by Anna Heim originally published on TechCrunch [...]

How US police use digital data to prosecute abortions

27 January 2023

In late April, police in Nebraska received a tip saying 17-year-old Celeste Burgess had given birth to a stillborn baby and buried the body. Officers soon learned that her mother, Jessica Burgess, and a friend had helped her with transportation and burial. The police issued citations for concealing the death of another person and false […] How US police use digital data to prosecute abortions by Zack Whittaker originally published on TechCrunch [...]

The best Twitter alternatives worth checking out

27 January 2023

We’ll be straight with you. There’s no 1:1 Twitter replacement — not yet, and possibly not ever. Still, there are plenty of social apps that might be worth substituting into your obsessive timeline-checking routines if you’re done with Twitter for whatever reason (we can think of plenty). Twitter’s current situation — advertisers leaving, Nazis logging […] The best Twitter alternatives worth checking out by Taylor Hatmaker originally published on TechCrunch [...]

Atomos tows a $16M load of funding to create tugboats in space

27 January 2023

You may not have known that space needs tugboats, but now you do — and Atomos Space just closed a $16.2 million Series A investment, which will enable the company to complete its demonstration mission where it will show off its docking and towing capabilities. The company is building a series of Orbital Transfer Vehicles […] Atomos tows a $16M load of funding to create tugboats in space by Haje Jan Kamps originally published on TechCrunch [...]

Warner Bros. swiped our Harry Potter wand IP, says Kano

27 January 2023

Kano, the venture-backed U.K. startup known for its build-your-own computer kits and software for teaching coding and associated STEM skills, has accused Warner Bros. of copying one of its products and infringing on its intellectual property (IP). The product in question is the Harry Potter: Magic Caster Wand that Warner Bros. announced back in October, and which […] Warner Bros. swiped our Harry Potter wand IP, says Kano by Paul Sawers originally published on TechCrunch [...]

Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack

28 January 2023

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow [...]

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

27 January 2023

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The [...]

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

27 January 2023

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn [...]

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

27 January 2023

Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN’s top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus [...]

British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries

27 January 2023

The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists," the [...]

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

26 January 2023

In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals," Europol [...]

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

26 January 2023

Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News. "However, a [...]

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

26 January 2023

Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in [...]

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group

26 January 2023

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU) said [...]

Is Once-Yearly Pen Testing Enough for Your Organization?

26 January 2023

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security: Web applications are constantly evolving, and new [...]

Beware: Images, Video Shared on Signal Hang Around

25 January 2023

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal Hang Around appeared first on The Security Ledger with Paul F. Roberts. Related StoriesIoCs vs. EoCs: What’s the difference and why should you care?CES Overlooks New Report That Finds Auto Cyber Is A Dumpster FireEpisode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats [...]

T-Mobile: Leaky API Exposes Data on 37 Million

20 January 2023

U.S. Telecommunications giant T-Mobile disclosed on Thursday that hackers obtained data on 37 million customers through a vulnerable API (application program interface). The disclosure was included in an 8-K filing with the U.S. Securities and Exchange Commission. The post T-Mobile: Leaky API Exposes Data on 37 Million appeared first on The...Read the whole entry... »Related Stories2023 Technologies to Secure Your Hybrid WorkspaceCES Overlooks New Report That Finds Auto Cyber Is A Dumpster FireIoCs vs. EoCs: What’s the difference and why should you care? [...]

2023 Technologies to Secure Your Hybrid Workspace

11 January 2023

For businesses looking to invest in the creation of a safer and more productive modern office environment, here’s a rundown of the top 2023 technologies to secure your hybrid workspace. The post 2023 Technologies to Secure Your Hybrid Workspace appeared first on The Security Ledger with Paul F. Roberts. Related StoriesWhat’s the Future of Detection Teams? Five Predictions for What Lies Ahead Why digital certificates are critical to 5G securityCES Overlooks New Report That Finds Auto Cyber Is A Dumpster Fire [...]

New Report Finds Auto Cyber Is A Dumpster Fire

10 January 2023

Automakers swear that the security of their connected vehicles is their top priority. So how come researchers just found dozens of software flaws that could give hackers access to millions of cars? The post New Report Finds Auto Cyber Is A Dumpster Fire appeared first on The Security Ledger with Paul F. Roberts. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko HyppönenDEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, CompetitionEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko Hyppönen [...]

IoCs vs. EoCs: What’s the difference and why should you care?

9 January 2023

Security analysts and threat hunters know the importance of IOCs – indicators of compromise. But EOCs - enablers of compromise - are just as important. The post IoCs vs. EoCs: What’s the difference and why should you care? appeared first on The Security Ledger with Paul F. Roberts. Related StoriesWhat’s the Future of Detection Teams? Five Predictions for What Lies Ahead The Future of Attack Surface Management: How to PrepareBeware: Images, Video Shared on Signal Hang Around [...]

Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats

5 January 2023

In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space - first at product security at Apple and now at GitHub, a massive development...Read the whole entry... »Click the icon below to listen. Related StoriesIoCs vs. EoCs: What’s the difference and why should you care?Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPassEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen [...]

What’s the Future of Detection Teams? Five Predictions for What Lies Ahead

22 December 2022

Cyber threats are rampant, but security teams lack the tools, resources, and support to do their jobs effectively today — much less prepare them for tomorrow. In this Expert Insight, Jack Naglieri, the CEO of Panther, writes about where the state of security is currently, and where I see it headed. The post What’s the Future of Detection...Read the whole entry... »Related StoriesIoCs vs. EoCs: What’s the difference and why should you care?2023 Technologies to Secure Your Hybrid WorkspaceEpisode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats [...]

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

21 December 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. The post Episode 247: Into the AppSec Trenches with Robinhood...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPassEpisode 245: How AI is remaking knowledge-based authenticationEpisode 244: ZuoRAT brings APT Tactics to Home Networks [...]

Why digital certificates are critical to 5G security

20 December 2022

As 5G gains traction, service providers need to be able to trust their networks’ security to truly take advantage of 5G’s capabilities. Digital certificates are critical to that, writes Alexa Tahan of Nokia. The post Why digital certificates are critical to 5G security appeared first on The Security Ledger with Paul F. Roberts. Related StoriesThe Future of IoT Security Standards2023 Technologies to Secure Your Hybrid WorkspaceIoCs vs. EoCs: What’s the difference and why should you care? [...]

Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups

13 December 2022

Humanitarian groups, local governments and non-profits will be able to use Cloudflare’s Zero Trust One suite of security tools at no cost, the company announced. The post Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups appeared first on The Security Ledger with Paul F. Roberts. Related StoriesBeware: Images, Video Shared on Signal Hang AroundIoCs vs. EoCs: What’s the difference and why should you care?Episode 244: ZuoRAT brings APT Tactics to Home Networks [...]

Twitter vows to take ‘less severe actions’ against rule-breaking accounts

28 January 2023

Suppression, not suspension. | Illustration by Alex Castro / The Verge Twitter is promising that it’ll take “less severe actions” when disciplining accounts that break its rules; it’ll only suspend Twitter accounts that engage in “severe or ongoing, repeat violations” of its rules. The company also says it’ll be letting anyone appeal suspensions starting February 1st, and that those doing so will be judged using updated standards. What will Twitter do instead of suspending your account? The “less severe actions” are things that Twitter has been doing for years, such as limiting visibility of a tweet, or telling a user… [...]

FBI says it ‘hacked the hackers’ of a ransomware service, saving victims $130 million

27 January 2023

Photo by Amelia Holowaty Krales / The Verge The Department of Justice announced this week that FBI agents successfully disrupted Hive, a notorious ransomware group, and prevented $130 million worth of ransom campaigns that targets no longer need to consider paying. While claiming the Hive group has been responsible for targeting over 1,500 victims in over 80 countries worldwide, the department now reveals it had infiltrated the group’s network for months before working with German and Netherlands officials to shut down Hive servers and websites this week. “Simply put, using lawful means, we hacked the hackers,” Deputy Attorney General Lisa… [...]

Jonathan Majors is a bodybuilder yearning to be truly seen in Magazine Dreams

27 January 2023

Jonathan Majors as Killian Maddox in Magazine Dreams. | Tall Street Productions When Jonathan Majors takes to the bodybuilding competition stage in writer / director Elijah Bynum’s arresting new drama Magazine Dreams, it’s impossible not to feel as if the movie’s in direct conversation with the way that its lead star’s fame has become wrapped up in the public’s fascination with his body. Magazine Dreams’ deep dive into the life of an obsessive, aspiring pro lifter longing for a shot at fitness fame is one of the most difficult pieces of cinema to debut at this year’s Sundance Film Festival.… [...]

What matters about Matter, the new smart home protocol

27 January 2023

The Verge How Matter works, when it’s coming, what you’ll need to use it, and how it integrates with Alexa, Apple Home, Google Home, and Samsung SmartThings. Continue reading… [...]

Matter products are coming — here’s everything that’s been announced

27 January 2023

The Verge All the Matter-compatible devices you can buy now, plus what’s coming soon to the new Apple, Amazon, Google, and Samsung-backed smart home standard. Continue reading… [...]

Amazon is reportedly making a Tomb Raider TV show and movie written by Phoebe Waller-Bridge

27 January 2023

She apparently won’t be the star of the show. | Photo by Dominique Charriau / WireImage Earlier Friday, The Hollywood Reporter said that Amazon is developing a TV series based on the Tomb Raider video game franchise with scripts written by Phoebe Waller-Bridge. But that’s apparently not all: later in the day, Deadline corroborated the report about the TV series and added that a new Tomb Raider movie is in the works at Amazon Studios, too. Details are light on these new Tomb Raider adaptations, but THR says that while Waller-Bridge will serve as a writer and executive producer on… [...]

'Menswear Guy' Marks a Shift in Twitter's Main Characters

27 January 2023

It used to be someone who stepped into the fray. Now, it can be anyone. [...]

Gene Wolfe Was Sci-Fi's Most Enigmatic Writer

27 January 2023

Fans have spent years trying to comprehend his books, and many still don't have answers. [...]

The 25 Best Amazon Prime Shows Right Now

27 January 2023

From The Underground Railroad to Rings of Power, these are our picks for what you should be watching on the streamer. [...]

The 10 Best Amazon Prime Films Right Now

27 January 2023

From One Night in Miami … to Licorice Pizza, these are the best films available on the streamer. [...]

Climate Reparations Won’t Work

27 January 2023

For Tonga and other nations disproportionately impacted by the environmental crisis, cash is only a band-aid for a spiraling disaster. [...]

M&M’s Are the Best Trolls on the Internet

27 January 2023

After a long crusade by Fox News’ Tucker Carlson, the brand put its spokescandies on hiatus. It’s a savvy move that seems designed for social media. [...]

Samsung Galaxy A14 5G Review: A Phenomenal $200 Phone

27 January 2023

The Galaxy A14 5G is easily the best phone you can buy for $200. [...]

Alphabet’s Layoffs Aren’t Very Googley

27 January 2023

The company’s founders pioneered putting employees first and said they’d never bow down to Wall Street. How things have changed. [...]

4 Best Webcams (2023): Razer, Logitech, and More

27 January 2023

Bring a little light (and proper color contrast) into your life with these cameras. [...]

Crispr Wants to Feed the World

27 January 2023

The power to fight human diseases put genome editing on the map. But similar technology could help crops withstand the stress of climate change. [...]