At the Intersection of Technology and Real Life

Mastercard Reports Data Breach to German and Belgian DPAs

Michael York Reading, PA Bleeping Computer, Syndicated Stories

Mastercard disclosed a data breach to the German and Belgian Data Protection Authorities (DPA) involving customer data from the company’s Priceless Specials loyalty program. […] Read the full article here

Latest Headlines

Your Body, Your Self, Your Surgeon, His Instagram

19 January 2021

Social media gave the Real Dr. 6ix a stage on which to show off liposuctions and breast lifts. But when cosmetic surgery becomes entertainment, who owns the story? [...]

Covid, Schools, and the High-Stakes Experiment No One Wanted

18 January 2021

Reopening in the fall was a massive gamble. At one high-poverty elementary school, navigating the risks paid off. [...]

I Am Not a Soldier, but I Have Been Trained to Kill

15 January 2021

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being? [...]

The Case for Cannibalism, or: How to Survive the Donner Party

13 January 2021

Don’t be a young, healthy, single man. That’s our first piece of advice. [...]

The Unsettling Truth About the ‘Mostly Harmless’ Hiker

12 January 2021

His emaciated body was discovered in a tent, just a few miles from a major Florida highway. His identity—and troubled past—were discovered by the internet. [...]

How Many Microcovids Would You Spend on a Burrito?

12 January 2021

Six nerdy roommates used public health data to create an online Covid-risk points system for every activity—and protect their pandemic pod. [...]

The Autonomous-Car Chaos of the 2004 Darpa Grand Challenge

6 January 2021

The self-driving vehicles smashed, burned, flipped, and tipped. But the ambitious race through the Mojave launched an industry. [...]

A 25-Year-Old Bet Comes Due: Has Tech Destroyed Society?

5 January 2021

In 1995, a WIRED cofounder challenged a Luddite-loving doomsayer to a prescient wager on tech and civilization’s fate. Now their judge weighs in. [...]

The F-14 and the Secret History of the First Microprocessor

23 December 2020

In a weird way, I’ve known Ray Holt all my life, but I never knew what he had accomplished—or how his inventions wove their way into my own family. [...]

Some of Our Favorite Longreads of 2020

22 December 2020

It was a brutal year. Take a breath and enjoy some of our favorite in-depth stories. [...]

Drupal releases fix for critical vulnerability with known exploits

22 January 2021

Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. [...]

Windows 10 KB4598298 update fixes crashes and restart issues

22 January 2021

Microsoft has released the KB4598298 update for all editions of Windows 10 and Windows Server versions 1809 and 1909, with fixes for unexpected system restart issues, system crashes due to BitLocker, and multiple LSASS issues. [...]

New Windows 10 update leaks info on upcoming 21H1 feature update

22 January 2021

A Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1. [...]

MyFreeCams site hacked to steal info of 2 million paying users

22 January 2021

A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. [...]

Windows Remote Desktop servers now used to amplify DDoS attacks

21 January 2021

Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks. [...]

Microsoft Edge gets a password generator, leaked credentials monitor

21 January 2021

Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version. [...]

UK govt gives malware infected laptops to vulnerable students

21 January 2021

Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC. [...]

CHwapi hospital hit by Windows BitLocker encryption cyberattack

21 January 2021

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. [...]

QNAP warns users to secure NAS devices against Dovecat malware

21 January 2021

QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. [...]

Google threatens to remove search engine from Australia - CNET

22 January 2021

Lke Facebook, Google is fighting back against a proposed code that would require tech giants to share revenue with news publishers. [...]

James Bond: No Time To Die has been delayed once again - CNET

22 January 2021

No Time To Die, likely Daniel Craig's final turn as 007, has been pushed back to later in 2021. [...]

Make better coffee at home with the Sboly burr grinder for $46 - CNET

22 January 2021

Many such machines sell for $100 or more. This bean-blaster gets the job done at less than half the price. [...]

HBO Max: Everything to know, before WW84 is gone - CNET

22 January 2021

HBO Max has all of HBO's regular programming, plus extra shows, movies and exclusives -- plus all of Warner Bros. new films as soon as they hit theaters. [...]

Lyft test program offers drivers more rides in exchange for 10% pay cut - CNET

22 January 2021

Lyft calls its feature "priority mode." Drivers call it "poverty mode." [...]

The best showerheads of 2021 - CNET

22 January 2021

A great showerhead can make your morning routine more refreshing. We help you sort through the options to find one that'll help make getting clean feel wonderful. [...]

Apple's plans to bring MagSafe back to Macs can't happen soon enough - CNET

22 January 2021

Commentary: The proprietary magnet connector saved me thousands of dollars in repairs, and I can't imagine owning a laptop without it. [...]

The best portable power stations for 2021 - CNET

22 January 2021

Get power wherever you are with a battery-powered portable generator. [...]

The next thing Apple Watch needs is better battery life - CNET

22 January 2021

Commentary: It's 2021, and it's time for this thing to last longer than a day. [...]

Apple VR, AR glasses leaks and rumors: What we expect - CNET

22 January 2021

Apple's next big product looks to be a VR headset. Or smartglasses. Or both. Here's what to expect, and our guesses as to what else might happen. [...]

DreamBus, FreakOut Botnets Pose New Threat to Linux Systems

21 January 2021

Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes. [...]

Breach Data Shows Attackers Switched Gears in 2020

21 January 2021

Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked. [...]

Attackers Leave Stolen Credentials Searchable on Google

21 January 2021

Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search. [...]

Cloud Jacking: The Bold New World of Enterprise Cybersecurity

21 January 2021

Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers. [...]

7 Steps to Secure a WordPress Site

21 January 2021

Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth. [...]

Hacker Pig Latin: A Base64 Primer for Security Analysts

21 January 2021

The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks. [...]

Rethinking IoT Security: It's Not About the Devices

21 January 2021

Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome. [...]

Microsoft Releases New Info on SolarWinds Attack Chain

21 January 2021

Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says. [...]

SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration

20 January 2021

During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity. [...]

Tips for a Bulletproof War Room Strategy

20 January 2021

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets. [...]

SecurityWeek Names Ryan Naraine as Editor-at-Large

19 January 2021

SecurityWeek has named Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team. [...]

Why Cyber Security Should Be at the Top of Your Christmas List

17 December 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function. [...]

United States Federal Government’s Shift to Identity-Centric Security

17 December 2020

Governments are increasingly facing new legislation, standards, frameworks, and policies to protect critical and sensitive information. [...]

How Extreme Weather Will Create Chaos on Infrastructure

21 October 2020

Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. [...]

BSIMM11 Observes the Cutting Edge of Software Security Initiatives

21 October 2020

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI. [...]

Sustaining Video Collaboration Through End-to-End Encryption

21 October 2020

By infusing end-to-end encryption into any video strategy, it ensures not only the sustainability of the channel, but the businesses that rely on it. [...]

Will Robo-Helpers Help Themselves to Your Data?

8 September 2020

Are you sure that your robo-helpers are secure? [...]

Securing the Hybrid Workforce Begins with Three Crucial Steps

2 September 2020

The global shift to a remote workforce has redefined the way organizations structure their business models. [...]

A New Strategy for DDoS Protection: Log Analysis on Steroids

26 August 2020

Incorporating a data lake philosophy into your security strategy is like putting log analysis on steroids. [...]

COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider

26 August 2020

Despite the COVID-19 pandemic, companies are obligated to comply with many laws governing data security and privacy [...]

Building an RTX3080 gaming PC

22 January 2021

If you manage pick up an Nvidia RTX3080 graphics cards, what other parts do you want to build yourself a great gaming system? [...]

Samsung Galaxy face off: Is the S21 Ultra or Note 20 Ultra best for business?

22 January 2021

Samsung just took the wraps off its latest Galaxy S21 Ultra device and the unique S Pen function in the Note line has been matched. Can the new S series take the crown as best Samsung Galaxy for the enterprise? [...]

President Biden's FCC appointment is a big step toward net neutrality's return

22 January 2021

Opinion: Jessica Rosenworcel, who's been pro-net neutrality for years, has been named the Federal Communications Commission's acting chairwoman. [...]

New website launched to document vulnerabilities in malware strains

22 January 2021

Launched by security researcher John Page, the new MalVuln website lists bugs in malware code. [...]

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

22 January 2021

These nasties mean it's time to update. [...]

Best MagSafe accessories for iPhone 12

22 January 2021

Want to try the iPhone 12's new MagSafe tech but not sure where to start? We'll show you some of our favorite accessories thus far. [...]

Eight Cisco and CompTIA courses that will prep you for a career in cybersecurity

22 January 2021

This bundle features 8 expert-led courses that will help you earn Cisco and CompTIA certifications to jumpstart your cybersecurity career. [...]

Microsoft: Here's how our new password-monitoring system actually works

22 January 2021

Microsoft reveals its approach to watching your passwords without actually viewing them. But you'll need to sign in for it to work. [...]

Apple knows that dropping the iPhone Lightning port would create an 'unprecedented amount of electronic waste'

22 January 2021

It seems likely that Apple is preparing to dump the Lightning port from future iPhones. But what happens to those billions of accessories? [...]

Hackers publish thousands of files after government agency refuses to pay ransom

22 January 2021

Ransomware gang publishes stolen data after Scottish Environment Protection Agency (SEPA) refuses to pay ransom - as agency confirms operations remain disrupted. [...]

For Attackers, Home is Where the Hideout Is

19 January 2021

Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” […] The post For Attackers, Home is Where the Hideout Is appeared first on Security Intelligence. [...]

QR Code Security: What You Need to Know Today

19 January 2021

QR codes are very common today, enough so that attackers are discovering ways of using them for profit. How can QR codes be used this way, and what can you do to boost QR code security and protect against these scams? What Are QR Codes Used For? QR codes — short for “quick response codes” […] The post QR Code Security: What You Need to Know Today appeared first on Security Intelligence. [...]

Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget

15 January 2021

As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are […] The post Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget appeared first on Security Intelligence. [...]

Hybrid Cloud Adoption Brings Security on the Go

15 January 2021

Hybrid cloud environments are a common sight in today’s digital world. IBM’s Assembling Your Cloud Orchestra report found 85% of organizations already utilize a hybrid cloud and 98% anticipate having one in place within three years. This type of cloud environment allows for more agile business processes, a novel infrastructure and produces potential new revenue […] The post Hybrid Cloud Adoption Brings Security on the Go appeared first on Security Intelligence. [...]

Misconfigurations: A Hidden but Preventable Threat to Cloud Data

15 January 2021

Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that […] The post Misconfigurations: A Hidden but Preventable Threat to Cloud Data appeared first on Security Intelligence. [...]

5 Cybersecurity Best Practices For Planning Ahead

14 January 2021

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a […] The post 5 Cybersecurity Best Practices For Planning Ahead appeared first on Security Intelligence. [...]

Preparing a Client Environment for Threat Management

14 January 2021

A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups providing threat management to their internal teams. The challenge has largely been in making sure the proposed program and the suite of solutions find and call […] The post Preparing a Client Environment for Threat Management appeared first on Security Intelligence. [...]

Social Engineering And Social Media: How to Stop Oversharing

13 January 2021

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering. While employees clicking on phishing links still […] The post Social Engineering And Social Media: How to Stop Oversharing appeared first on Security Intelligence. [...]

Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management

12 January 2021

There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can […] The post Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management appeared first on Security Intelligence. [...]

What is STRIDE and How Does It Anticipate Cyberattacks?

11 January 2021

STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] The post What is STRIDE and How Does It Anticipate Cyberattacks? appeared first on Security Intelligence. [...]

QNAP Warns NAS Users of 'dovecat' Malware Attacks

22 January 2021

QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.” read more [...]

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks

22 January 2021

Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week. read more [...]

Enterprise Credentials Publicly Exposed by Cybercriminals

21 January 2021

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point. read more [...]

Drupal Updates Patch Another Vulnerability Related to Archive Files

21 January 2021

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library. read more [...]

Multi-Cloud Network Security Provider Valtix Raises $12.5 Million

21 January 2021

Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding. read more [...]

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

21 January 2021

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC). read more [...]

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

21 January 2021

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS). read more [...]

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

21 January 2021

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address. read more [...]

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw

21 January 2021

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. read more [...]

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

20 January 2021

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. read more [...]

How VCs invested in Asia and Europe in 2020

22 January 2021

Falling seed volume, lots of big rounds. That's 2020 VC around the world in a nutshell. [...]

MotoRefi raises $10M to keep pedal on auto refinancing growth

22 January 2021

A month before the COVID-19 pandemic had spread to North America, auto fintech startup MotoRefi — newly armed with nearly $9 million in venture capital — was preparing to bring its refinancing platform to the masses. CEO Kevin Bennett, and the investors behind the company, saw the opportunity to service Americans who collectively hold $1.2 […] [...]

Dashlane taps JD Sherman, ex-Hubspot COO, as new CEO, as co-founder Emmanuel Schalit steps aside

22 January 2021

Our reliance on internet-based services is at an all-time high these days, and that’s brought a new focus on how well we are protected when we go online. Today comes some news from one of the bigger companies working in the area of password security, which points how business is shifting for the companies providing […] [...]

Blobr, the ‘no-code’ company turning APIs into products, raises €1.2M pre-seed

22 January 2021

Blobr, a Paris-based startup operating in the no-code space with tech to make it easier for companies to expose and monetise their existing APIs, has raised €1.2 million in pre-seed funding. The round is led by pan-European pre-seed and seed investor Seedcamp, with participation from New Wave, Kima, and various angel investors. Blobr is also […] [...]

Google threatens to close its search engine in Australia as it lobbies against digital news code

22 January 2021

Google has threatened to close its search engine in Australia — as it dials up its lobbying against draft legislation that is intended to force it to pay news publishers for reuse of their content. Facebook would also be subject to the law. And has previously said it would ban news from being shared on […] [...]

‘Slow dating’ app Once is acquired by Dating Group for $18M as it seeks to expand its portfolio

22 January 2021

Five-year-old ‘slow dating’ app Once has been acquired by the Dating Group, one of the largest companies in the dating world, for $18 million in cash and stock. Dating Group has 73 million registered users across a range of portfolio fatting apps including Dating.com. Clémentine Lalande, co-founder and CEO of Once, will continue leading the company […] [...]

Cloudflare introduces free digital waiting rooms for any organizations distributing COVID-19 vaccines

22 January 2021

Web infrastructure company Cloudflare is releasing a new tool today that aims to provide a way for health agencies and organizations globally tasked with rolling out COVID-19 vaccines to maintain a fair, equitable and transparent digital queue – completely free of charge. The company’s ‘Project Fair Shot’ initiative will make its new Cloudflare Waiting Room […] [...]

UK resumes privacy oversight of adtech, warns platform audits are coming

22 January 2021

The UK’s data watchdog has restarted an investigation of adtech practices that, since 2018, have been subject to scores of complaints across Europe under the bloc’s General Data Protection Regulation (GDPR). The high velocity trading of Internet users’ personal data can’t possibly be compliant with GDPR’s requirement that such information is adequately secured, the complaints […] [...]

Apple reportedly planning thinner and lighter MacBook Air with MagSafe charging

22 January 2021

Apple is said to be working on a new version of the MacBook Air with a brand new physical case design that’s both thinner and lighter than its current offering, which was updated with Apple’s M1 chip late last year, per a new Bloomberg report. The plan is to release it as early as late […] [...]

Privacy complaint targets European parliament’s COVID-19 test-booking site

22 January 2021

The European Parliament is being investigated by the EU’s lead data regulator over a complaint that a website it set up for MEPs to book coronavirus tests may have violated data protection laws. The complaint, which has been filed by six MEPs and is being supported by the privacy campaign group noyb, alleges third party […] [...]

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

22 January 2021

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary [...]

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!

22 January 2021

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that [...]

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

21 January 2021

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the [...]

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

22 January 2021

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow [...]

Importance of Application Security and Customer Data Protection to a Startup

21 January 2021

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large [...]

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

21 January 2021

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point [...]

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

20 January 2021

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group [...]

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

20 January 2021

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications [...]

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

19 January 2021

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that [...]

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

19 January 2021

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in [...]

Researchers Test UN’s Cybersecurity, Find Data on 100k

11 January 2021

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday. The post Researchers Test UN’s Cybersecurity, Find Data on 100k appeared first...Read the whole entry... »Related StoriesPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan HuntEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Episode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity

8 January 2021

In this episode of the podcast (#199), sponsored by LastPass, we talk with Shareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. In our second segment, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security LessonsEpisode 194: What Happened To All The Election Hacks? [...]

Episode 198: Must Hear Interviews from 2020

31 December 2020

Trying times have a way of peeling back the curtains and seeing our world with new eyes. We The post Episode 198: Must Hear Interviews from 2020 appeared first on The Security Ledger. Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Update: Neopets Is Still A Thing And Its Exposing Sensitive Data

28 December 2020

Neopets, the virtual pets website has exposed a wide range of sensitive data online including information that might be used to identify site users, security researchers report. The post Update: Neopets Is Still A Thing And Its Exposing Sensitive Data appeared first on The Security Ledger. Related StoriesAmid Security Concerns: to Zoom or not to Zoom?Researchers Test UN’s Cybersecurity, Find Data on 100kEpisode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT [...]

Update: DHS Looking Into Cyber Risk from TCL Smart TVs

22 December 2020

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post Update: DHS Looking Into Cyber Risk from TCL Smart TVs appeared first on The Security...Read the whole entry... »Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVs [...]

Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

18 December 2020

In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! appeared first on The Security Ledger. Related StoriesEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 194: What Happened To All The Election Hacks?Episode 196: Building the Case Against Sandworm with Cisco Talos [...]

Episode 196: Building the Case Against Sandworm with Cisco Talos

10 December 2020

Cisco's Matt Olney, the Director of Talos Threat Intelligence and Interdiction and Craig Williams, the Talos Director of Outreach about the case against The post Episode 196: Building the Case Against Sandworm with Cisco Talos appeared first on The Security Ledger. Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 194: What Happened To All The Election Hacks?Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons [...]

Episode 195: Cyber Monday Super Deals Carry Cyber Risk

3 December 2020

While many organizations think the notion of keyboards, monitors and other hardware "spying" on them as the stuff of "James Bond" movies, Yossi Appleboum of Sepio Systems says that the threat is real - and much more common that either companies or consumers are aware. The post Episode 195: Cyber Monday Super Deals Carry Cyber Risk appeared first...Read the whole entry... » Related StoriesDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 198: Must Hear Interviews from 2020TV Maker TCL Denies Back Door, Promises Better Process [...]

Containers Complicate Compliance (And What To Do About It)

30 November 2020

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose....Read the whole entry... »Related StoriesResearchers Test UN’s Cybersecurity, Find Data on 100kEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Exploitable Flaw in NPM Private IP App Lurks Everywhere, Anywhere

25 November 2020

A serious security flaw in a commonly used npm security module, private-ip, may affect hundreds of thousands of private and public applications. The post Exploitable Flaw in NPM Private IP App Lurks Everywhere, Anywhere appeared first on The Security Ledger. Related StoriesTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVsEpisode 198: Must Hear Interviews from 2020 [...]

Microsoft is increasing the price of Xbox Live Gold

22 January 2021

Microsoft is increasing the prices of its Xbox Live Gold subscription soon. The software giant has started notifying existing Xbox Live Gold members of the changes in certain markets, and it will see the price rise by a dollar to $10.99 per month in the US and $5 for a three-month membership. Twelve-month and six-month pricing is also going up, but the increase won’t affect existing subscribers here. Three months will now be priced at $29.99, with six months at $59.99. Microsoft is also allowing Xbox Live Gold members to convert their remaining Gold time into Xbox Game Pass Ultimate… [...]

The business of influence with YouTuber MKBHD

22 January 2021

Photo Illustration by The Verge Marques Brownlee on how he is scaling his brand Continue reading… [...]

‘Pro Tools proficiency’ may be keeping us from diversifying audio

22 January 2021

Photo by Andrew Marino / The Verge It’s been nearly eight years since Radiotopia executive producer Julie Shapiro noticed that 70 percent of the most popular podcasts were hosted by men. It’s been six years since journalist and audio editor Charley Locke argued that podcasting’s biggest problem isn’t discovery but diversity. And it’s approaching three years since podcast producer Phoebe Wang’s infamous Third Coast call out of audio companies’ lack of diversity, which led, in part, to the POC in Audio directory. Despite the no-doubt earnest efforts of many well-meaning individuals, podcasting, it would seem, has had — and continues… [...]

In WandaVision’s third episode, the devil really is in the details

22 January 2021

It’s just a jump to the left and a step to the right for Wanda and Vision, who have time warped from the ‘50s and ‘60s to the 1970s. The third episode picks up right where the last ended: Wanda is pregnant, but she and Vision are still trying to figure out how they ended up in their perfect suburban life together with no past memories. It’s a wackier installment than the first two episodes, but it’s also key to piecing together what might play out over the next six weeks — including what it could possibly mean for Doctor… [...]

It sure sounds like Valve’s Gabe Newell is having a lovely time in New Zealand

22 January 2021

Newell during a rare interview. | Image: 1 News Valve co-founder and president Gabe Newell has given one of his famously rare interviews with New Zealand’s 1 News. In it, he discusses his admiration for the island country, where he recently applied for residency after having sheltered there during the COVID-19 pandemic. He also used the interview to confirm that Valve does indeed have new games in development (though he declined to offer more details) and addressed rumors that the company plans to set up an office in New Zealand. Mostly it just seems like Newell is having an absolutely… [...]

YouTube finally enables HDR support on Xbox consoles

22 January 2021

Photo by Vjeran Pavic / The Verge YouTube is finally enabling HDR support on Microsoft’s Xbox consoles. The HDR support works across existing Xbox One S / X devices and new consoles like the Xbox Series X and Series S. As long as you have a TV or monitor capable of displaying HDR videos, the YouTube app will now automatically switch to output HDR content. The YouTube app on Xbox has never supported HDR previously, despite HDR being available on the PlayStation 4 since 2019. Both the PS5 and Xbox Series X launched in November without YouTube HDR support, and… [...]

Apple reportedly planning new MacBook Air design with MagSafe charging

22 January 2021

The new MacBook Air with the M1 chip. | Photo by Vjeran Pavic / The Verge Apple is reportedly working on a new design for its MacBook Air that will include the return of MagSafe charging. Bloomberg News reports that the updated MacBook Air may appear later this year or in 2022, and is designed to be thinner and lighter than the existing model. Apple may make the MacBook Air smaller thanks to reduced bezels on the 13-inch screen, and will reportedly include two USB 4 ports on the laptop. Apple is also likely to include the next generation of… [...]

Charging company EVgo is going public via SPAC merger

22 January 2021

Photo by Sean O’Kane / The Verge Another company in the electric vehicle industry is going public by merging with a so-called SPAC, or special purpose acquisition company. This time, it’s EVgo, one of the leading providers of electric vehicle charging stations in the US. The deal is expected to bring in $575 million for EVgo. When it closes, EVgo will become a publicly-traded company on the New York Stock Exchange. In something of a poetic twist, the investment fund that’s merging with EVgo to take it public is one started by climate investor David Crane. Crane was once the… [...]

Samsung will reportedly make 3nm processors at expanded Texas plant

22 January 2021

Illustration by Alex Castro / The Verge Samsung is considering spending over $10 billion to build an advanced new logic chipmaking plant in Austin, Texas, Bloomberg is reporting. The plant may be capable of making processors as advanced as 3nm, and would be Samsung’s third worldwide to use extreme ultraviolet lithography technology in its chip production. If the plans go ahead, construction at the plant could begin this year, with operations commencing as soon as 2023. An advanced US-based Samsung fabrication plant could provide Samsung a foothold in getting new contracts from US customers amidst ongoing trade tensions between the… [...]

Honor announces its first post-Huawei phone

22 January 2021

Honor has announced the new V40 5G flagship phone, its first since Huawei sold the company off to a Shenzhen-based consortium of Chinese partners. The phone is exclusive to China for now, but Honor’s V-series usually makes its way to the rest of the world under “View” branding. The V40 has a 6.72-inch OLED screen with a 120Hz refresh rate and is powered by a MediaTek Dimensity 1000+ processor. The primary camera has a 1/1.56-inch 50-megapixel sensor. The 4,000mAh battery can be charged wirelessly at 50W or at 66W with a cable. Huawei announced that it was selling off Honor… [...]

The Bernie Sanders Meme Proves the Internet Is Resetting

22 January 2021

Well, that and the fact that @POTUS now follows Chrissy Teigen. [...]

Janet Yellen Will Consider Limiting the Use of Cryptocurrency

22 January 2021

During her confirmation hearing, the Treasury nominee said that blockchain-based financial networks are “a particular concern.” [...]

How to Reboot Your Burnt-Out Brain

22 January 2021

This week, we round up tips for staying organized, energized, and mostly sane as we all ride out the rest of the pandemic. [...]

President Biden, Please Don't Get Into Carbon Farming

22 January 2021

This is not the solution to our climate problems; it's a sweetheart deal for Big Ag. [...]

The Swashbuckling Escapism of Sid Meier’s Pirates!

22 January 2021

The legendary developer’s new memoir brought back poignant memories of one of his most famous games—and of the hours I played with my dad. [...]

An Internet Without Trump

22 January 2021

With Donald Trump no longer the heart of online discourse, there's room for a powerful shift. [...]

The Art and Science of Boarding an Airplane in a Pandemic

22 January 2021

Researchers and airlines that obsessed over efficiency have spent the past year worrying about safety too. [...]

Alphabet Is Grounding Loon—but Won't Call It a Failure

22 January 2021

Plus: The moonshot’s launch, health care for the maskless, and a new era’s inaugural meme. [...]

He Made a Viral Bernie Meme Site. Now He Has to Keep It Going

21 January 2021

Nick Sawhney's “Bernie Sits" puts Sanders anywhere on Google Street View. [...]

Facebook’s Oversight Board to Decide on Trump Ban

21 January 2021

Facebook has to decide whether to give the ex-president his bullhorn back. It won’t make that call itself. [...]

Mastercard Reports Data Breach to German and Belgian DPAs

Related Posts

Windows Remote Desktop servers now used to amplify DDoS attacks

Microsoft shares how SolarWinds hackers evaded detection

Bugs in Signal, Facebook, Google chat apps let attackers spy on users