At the Intersection of Technology and Real Life

Researchers release exploit details for Backstage pre-auth RCE bug

Mike York Bleeping Computer, Syndicated Stories

Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems. […] Read the full article here

Latest Headlines

1
2
3
4
Error
6
7
8
9
10
11
12
13

The Trillion-Dollar Auction to Save the World

25 May 2023

Ocean creatures soak up huge amounts of humanity’s carbon mess. Should we value them like financial assets? [...]

Pete Buttigieg Loves God, Beer, and His Electric Mustang

18 May 2023

Sure, the US secretary of transportation has thoughts on building bridges. But infrastructure occupies just a sliver of his voluminous mind. [...]

Doug Rushkoff Is Ready to Renounce the Digital Revolution

11 May 2023

The former techno-optimist has taken a decisive political left turn. He says it’s the only human option. [...]

Reality TV Saved Me

9 May 2023

During the worst year of my life, I needed it more than ever. And I needed to understand why. [...]

Geothermal Everywhere: Finding the Energy to Save the World

4 May 2023

Jamie Beard is pouring everything into a singular vision: Tap into the awesome potential of geothermal power in Texas, and beyond. She has no time to lose. [...]

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

2 May 2023

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation. [...]

My Balls-Out Quest to Achieve the Perfect Scrotum

20 April 2023

A new breed of self-care companies has a salve for fragile masculinity: lavender- and tapioca-scented deodorants and moisturizers for the nutsack. [...]

How Bookshop.org Survives—and Thrives—in Amazon’s World

11 April 2023

Andy Hunter’s ecommerce platform was a pandemic hit. Now he’s on a mission to prove that small businesses can scale up without selling out. [...]

The Arctic’s Permafrost-Obsessed Methane Detectives

6 April 2023

The Far North is thawing, unleashing clouds of planet-heating gas. Scientists rely on an arsenal of tech to sniff out just how nasty the problem is. [...]

A Tiny Blog Took on Big Surveillance in China—and Won

4 April 2023

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war. [...]

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

28 May 2023

A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. [...]

PyPI announces mandatory use of 2FA for all software publishers

28 May 2023

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year. [...]

CISA warns govt agencies of recently patched Barracuda zero-day

27 May 2023

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway (ESG) appliances. [...]

QBot malware abuses Windows WordPad EXE to infect devices

27 May 2023

The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. [...]

Hot Pixels attack checks CPU temp, power changes to steal data

27 May 2023

A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called "Hot Pixels," which can retrieve pixels from the content displayed in the target's browser and infer the navigation history. [...]

The Week in Ransomware - May 26th 2023 - Cities Under Attack

26 May 2023

Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting cities' online services. [...]

Microsoft Defender Antivirus gets ‘performance mode’ for Dev Drives

26 May 2023

Microsoft has introduced a new Microsoft Defender capability named "performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives. [...]

US govt contractor ABB confirms ransomware attack, data theft

26 May 2023

Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "an IT security incident." [...]

Emby shuts down user media servers hacked in recent attack

26 May 2023

Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. [...]

Mozilla stops Firefox fullscreen VPN ads after user outrage

26 May 2023

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. [...]

Video Games Are Finally Waking Up to Climate Change - CNET

28 May 2023

What will games have to give up to help create a sustainable future? [...]

The Avengers Video Game the World Never Got to Play - CNET

28 May 2023

One developer spent years working on an Avengers game. Then it was torn apart. [...]

The Bionic Eye That Could Restore Vision (and Put Humans in the Matrix) - CNET

28 May 2023

We could be able to manipulate our own reality. [...]

What Does a 'Livable Future' for Our Children Look Like? - CNET

28 May 2023

Can we still leave a sustainable future for our children and grandchildren? [...]

Best Samsung Galaxy Z Fold 4 Cases - CNET

28 May 2023

Samsung's latest flagship foldable phone is on sale at many retailers. Here are the best cases for protecting your Galaxy Z Fold 4. [...]

Best Smart Speakers for 2023: Alexa, Google and More - CNET

28 May 2023

Smart speakers are a great addition to any room. Here are the ones we'd recommend most. [...]

Best Eco-Friendly and Recycled iPhone 13 Cases for 2023 - CNET

28 May 2023

Reduce, reuse, recycle. Check out these environmentally friendly iPhone 13 cases. [...]

Best Android Phone of 2023 - CNET

28 May 2023

The Galaxy S23, Pixel 7 Pro and others made our list. [...]

The Best Sustainable Clothing Brands You've Probably Never Heard Of - CNET

28 May 2023

Shop sustainably this summer with these four underrated clothing brands. [...]

Best Samsung Galaxy Z Flip 4 Cases in 2023 - CNET

28 May 2023

Protect your Galaxy Z Flip 4 from drops, cracks and spills with one of the best cases available. [...]

2 Lenses for Examining the Safety of Open Source Software

26 May 2023

Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people. [...]

130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach

26 May 2023

Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints

26 May 2023

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees. [...]

Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

26 May 2023

Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations. [...]

How Safe Is Your Wearable Device?

26 May 2023

To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices. [...]

Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes

26 May 2023

Ukraine head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism." [...]

'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns

25 May 2023

This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say. [...]

Red Hat Tackles Software Supply Chain Security

25 May 2023

The new Red Hat Trusted Software Supply Chain services help developers take a secure-by-design approach to build, deploy, and monitor software. [...]

CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown

25 May 2023

Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security. [...]

Lazarus Group Striking Vulnerable Windows IIS Web Servers

25 May 2023

The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers. [...]

RSS Error: A feed could not be found at `http://www.infosecisland.com/rss.html`; the status code is `404` and content-type is `text/html; charset=utf-8`

Nvidia unveils new kind of Ethernet for AI, Grace Hopper 'Superchip' in full production

29 May 2023

The Spectrum-X ethernet switch offers "lossless" transmission via a new kind of congestion control, said Nvidia. [...]

This iOS 17 feature may turn your iPhone into the perfect office desk or kitchen companion

28 May 2023

With the upcoming update, the iPhone will reportedly get a feature popularized by Android and Amazon's tablets. [...]

These magical jelly crimps can be lifesavers for your damaged tech

28 May 2023

Jelly crimps sound delightful, but don't eat them. Instead, use them to make quick, weatherproof connections on low-voltage wiring. Here's how. [...]

AI could automate 300 million jobs. Here's which are most (and least) at risk

27 May 2023

In the U.S., 28% of the workforce could be automated. But it's not all bad news. [...]

Will Apple's Reality Pro signal the beginning of the immersive internet?

27 May 2023

We can be sure of one thing: If Apple launches a headset, it thinks it has a product that breaks new ground. [...]

Sharing a Netflix account? Here's how much you may have to start paying

27 May 2023

After the company tested out password-sharing fees in Canada and three other countries worldwide, the ban is finally coming to the U.S. [...]

Traveling soon? Take these 4 tech essentials on your summer trips

27 May 2023

These indispensable little items can mean the difference between staying pleasantly organized and descending into utter chaos. [...]

Google's new AI Search is rolling out to some users. Here's how to get access

26 May 2023

Google announced some major generative AI upgrades to its search engine. Here's how you can access them. [...]

The best TV deals for Memorial Day 2023

26 May 2023

These awesome TV deals make it more affordable than ever to get top brands like Samsung, Sony, LG, and TCL into your home. Shop just in time for Memorial Day weekend to kick off your summer. [...]

The best printers of 2023: Inkjet, photo, and laser

26 May 2023

Looking for a fast printer for your home office? Check out which ones are easy to use, wireless, and have the top features. [...]

Despite Tech Layoffs, Cybersecurity Positions are Hiring

26 May 2023

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals […] The post Despite Tech Layoffs, Cybersecurity Positions are Hiring appeared first on Security Intelligence. [...]

How I Got Started: White Hat Hacker

25 May 2023

White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a […] The post How I Got Started: White Hat Hacker appeared first on Security Intelligence. [...]

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

25 May 2023

More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate […] The post Heads Up CEO! Cyber Risk Influences Company Credit Ratings appeared first on Security Intelligence. [...]

CISA, NSA Issue New IAM Best Practice Guidelines

24 May 2023

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot […] The post CISA, NSA Issue New IAM Best Practice Guidelines appeared first on Security Intelligence. [...]

6 Ways to Mitigate Risk While Expanding Access

23 May 2023

The World Economic Forum recently published a list of trends that are likely to shape the future of cybersecurity by 2030. The article names “progress in cybersecurity, but access must be widened” as a top trend. If these two goals seem contradictory, it’s because they are. Today’s business model requires that systems, people and devices have […] The post 6 Ways to Mitigate Risk While Expanding Access appeared first on Security Intelligence. [...]

Hypervisors and Ransomware: Defending Attractive Targets

23 May 2023

With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.” That is not happening. Increased use of virtualization comes with both operational efficiencies and abilities to […] The post Hypervisors and Ransomware: Defending Attractive Targets appeared first on Security Intelligence. [...]

NIST Launches Cybersecurity Initiative for Small Businesses

22 May 2023

For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a cyberattack. In the face of these challenges, NIST is creating a new initiative to help. To […] The post NIST Launches Cybersecurity Initiative for Small Businesses appeared first on Security Intelligence. [...]

Educating Your Board of Directors on Cybersecurity

19 May 2023

Many, if not the majority of, big decisions at organizations come from the boardroom. Typically, the board of directors focuses on driving the direction of the company. Because most boards approve yearly budgets, they have significant oversight of resources and areas of investment. As cybersecurity attacks continue to increase, organizations must make key budgeting decisions […] The post Educating Your Board of Directors on Cybersecurity appeared first on Security Intelligence. [...]

HEAT and EASM: What to Know About the Top Acronyms at RSA

18 May 2023

The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the dozens of news items and studies released during the conference. The hottest acronym, by far, […] The post HEAT and EASM: What to Know About the Top Acronyms at RSA appeared first on Security Intelligence. [...]

Is Patching the Holy Grail of Cybersecurity?

18 May 2023

A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching a catch-all cybersecurity solution? While patching is an important component of cybersecurity, other security solutions and […] The post Is Patching the Holy Grail of Cybersecurity? appeared first on Security Intelligence. [...]

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

27 May 2023

Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data. The post Industrial Giant ABB Confirms Ransomware Attack, Data Theft appeared first on SecurityWeek. [...]

Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

26 May 2023

The recently identified Buhti operation uses LockBit and Babuk ransomware variants to target Linux and Windows systems. The post Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation appeared first on SecurityWeek. [...]

Google Cloud Users Can Now Automate TLS Certificate Lifecycle

26 May 2023

Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free. The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek. [...]

Zyxel Firewalls Hacked by Mirai Botnet

26 May 2023

A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. The post Zyxel Firewalls Hacked by Mirai Botnet appeared first on SecurityWeek. [...]

Watch Now: Threat Detection and Incident Response Virtual Summit

26 May 2023

Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Login Now) The post Watch Now: Threat Detection and Incident Response Virtual Summit appeared first on SecurityWeek. [...]

NCC Group Releases Open Source Tools for Developers, Pentesters

26 May 2023

NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads. The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek. [...]

Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation

25 May 2023

Website impersonation detection and prevention company Memcyco raises $10 million in seed funding. The post Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation appeared first on SecurityWeek. [...]

New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids

25 May 2023

Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption. The post New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids appeared first on SecurityWeek. [...]

Security Pros: Before You Do Anything, Understand Your Threat Landscape

25 May 2023

Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand Your Threat Landscape appeared first on SecurityWeek. [...]

Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised

25 May 2023

The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised. The post Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised appeared first on SecurityWeek. [...]

All the Nvidia news announced by Jensen Huang at Computex

29 May 2023

Jensen Huang wants to bring generative AI to every data center, the Nvidia co-founder and CEO said during Computex in Taipei today. During the speech, Huang’s first public speech in almost four years he said, he made a slew of announcements, including chip release dates, its DGX GH200 super computer and partnerships with major companies. […] All the Nvidia news announced by Jensen Huang at Computex by Catherine Shu originally published on TechCrunch [...]

29 May 2023

Krafton’s Battlegrounds Mobile India, the once chart-topping mobile game in the South Asian market, is now available to download on Android nearly a year after being ousted due to national security concerns. The South Korean developer said on Monday that BGMI is returning with version 2.5 update, which features a fresh map, called Nusa, and […] Krafton’s popular Battlegrounds Mobile India, successor to PUBG, returns by Manish Singh originally published on TechCrunch [...]

Ford EVs will have Tesla DNA and Waymo’s robotaxis are coming to Uber

28 May 2023

Welcome back to The Station, your central hub for all past, present and future means of moving people and packages from Point A to Point B. I’m turning the wheel over to Rebecca Bellan next week, and she’s mostly steering things this week (I had to add a few of my thoughts in here cuz […] Ford EVs will have Tesla DNA and Waymo’s robotaxis are coming to Uber by Kirsten Korosec originally published on TechCrunch [...]

Taking the pulse on the Northeast seed market with Techstars’ Kerty Levy

28 May 2023

From 2021 to 2022, overall deal count in the Northeast was down around 25%. It might not be surprising, but it is quite stark. Taking the pulse on the Northeast seed market with Techstars’ Kerty Levy by Haje Jan Kamps originally published on TechCrunch [...]

QED Investors says pace of investing from new funds will be ‘extremely disciplined’

28 May 2023

Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up here so you can receive it directly in the future. Every week, we’ll take a look at the hottest fintech news of the previous week. […] QED Investors says pace of investing from new funds will be ‘extremely disciplined’ by Christine Hall originally published on TechCrunch [...]

3 Views on a16z’s latest reported early-stage effort

28 May 2023

This is not the first time that we’ve seen funds try to go earlier in the investing world. Will the a16z effort pay off? Will it be ultimately good for founders? 3 Views on a16z’s latest reported early-stage effort by Rebecca Szkutak originally published on TechCrunch [...]

Startups should absolutely work with governments to support defense projects

28 May 2023

Startups and active investors are uniquely positioned to support the defense efforts of the West and the mission to keep our societies safe. Startups should absolutely work with governments to support defense projects by Walter Thompson originally published on TechCrunch [...]

Windows adds support for RAR, Netflix cracks down on passwords, and Meta lays off workers

27 May 2023

Welcome, folks, to Week in Review (WiR), TechCrunch’s regular column that rounds up the week in tech news. Dunno about y’all, but it’s felt like a long one — and I’m thankful for the extended weekend. For those observing Memorial Day, do enjoy. Those not, take the time off where you’re able. We all need […] Windows adds support for RAR, Netflix cracks down on passwords, and Meta lays off workers by Kyle Wiggers originally published on TechCrunch [...]

Solving problems is better than fearmongering

27 May 2023

From cybersecurity to SaaS for restaurants, the key to running a successful business is selling a product that solves your clients' real problems. Solving problems is better than fearmongering by Anna Heim originally published on TechCrunch [...]

AI scares the bejesus out of me

27 May 2023

Welcome to this week's edition of Startups Weekly. AI scares the bejesus out of me by Haje Jan Kamps originally published on TechCrunch [...]

Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

29 May 2023

A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate," security researcher mr.d0x disclosed last week. Threat actors, in a [...]

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

29 May 2023

The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year. "Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage," PyPI administrator Donald Stufft said. "In addition [...]

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

27 May 2023

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility," Trend Micro said in a Friday report [...]

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

27 May 2023

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could [...]

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

26 May 2023

A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition [...]

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

26 May 2023

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means [...]

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits

26 May 2023

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a critical part of all infrastructure layers between the end user and the end service; these networks transmit sensitive data that can be vital for governments and [...]

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

26 May 2023

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to the VirusTotal public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild [...]

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

26 May 2023

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006. The California-headquartered firm [...]

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

25 May 2023

A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. Targets include [...]

Researcher: malicious packages lurked on npm for months

18 May 2023

Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat. The post Researcher: malicious packages lurked on npm for months appeared first on The Security Ledger with Paul F. Roberts. Related StoriesThe surveys speak: supply chain threats are freaking people outMalicious Automation is driving API Security BreachesEpisode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security [...]

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

13 May 2023

In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for secure development and deployment of IoT devices. The post Episode 250: Window Snyder of Thistle on...Read the whole entry... »Click the icon below to listen. Related StoriesSpotlight: Traceable CSO Richard Bird on Securing the API EconomyEpisode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain SecurityForget the IoT. Meet the IoZ: our Internet of Zombie things [...]

The surveys speak: supply chain threats are freaking people out

10 May 2023

A bunch of recent surveys of IT and security pros send a clear message: threats and risks from vulnerable software supply chains are real, and they’re starting to freak people out. The post The surveys speak: supply chain threats are freaking people out appeared first on The Security Ledger with Paul F. Roberts. Related StoriesResearcher finds malicious packages lurked on npm for monthsForget the IoT. Meet the IoZ: our Internet of Zombie thingsEpisode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security [...]

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

5 April 2023

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing the API Economy appeared first...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 250: Window Snyder of Thistle on Making IoT Security EasyEpisode 247: Into the AppSec Trenches with Robinhood CSO Caleb SimaEpisode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security [...]

Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security

23 March 2023

Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. The post Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security appeared first on The Security Ledger with Paul F....Read the whole entry... »Click the icon below to listen. Related StoriesThe surveys speak: supply chain threats are freaking people outEpisode 250: Window Snyder of Thistle on Making IoT Security EasyForget the IoT. Meet the IoZ: our Internet of Zombie things [...]

Malicious Automation is driving API Security Breaches

6 March 2023

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API Security Breaches appeared first on The Security Ledger with Paul F. Roberts. Related StoriesThe surveys speak: supply chain threats are freaking people outForget the IoT. Meet the IoZ: our Internet of Zombie things2023 Technologies to Secure Your Hybrid Workspace [...]

Spotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of KELA

16 February 2023

In this Spotlight episode of the Security Ledger podcast, I interview Itsik Kesler, the CTO of the threat intelligence firm Kela about the evolution of threat intelligence and findings from the company’s latest State of Cybercrime Threat Intelligence report. The post Spotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of...Read the whole entry... »Click the icon below to listen. Related StoriesIoCs vs. EoCs: What’s the difference and why should you care?Cyberattacks on Industrial Control Systems Jumped in 2022Forget the IoT. Meet the IoZ: our Internet of Zombie things [...]

Cyberattacks on Industrial Control Systems Jumped in 2022

14 February 2023

Cyberattacks on industrial control systems (ICS) jumped in 2022, with an 87% jump in ransomware attacks and a 35% increase in the number of ransomware groups targeting industrial control and operational technology (OT) systems, according to a report by Dragos Security. The post Cyberattacks on Industrial Control Systems Jumped in 2022 appeared...Read the whole entry... »Related StoriesThe surveys speak: supply chain threats are freaking people outForget the IoT. Meet the IoZ: our Internet of Zombie thingsBeware: Images, Video Shared on Signal Hang Around [...]

Forget the IoT. Meet the IoZ: our Internet of Zombie things

5 February 2023

A school that never sleeps? Cameras that go dark? A dead company hacked back to life? Welcome to the growing Internet of Zombie devices that threatens the security of the Internet. The post Forget the IoT. Meet the IoZ: our Internet of Zombie things appeared first on The Security Ledger with Paul F. Roberts. Related StoriesCES Overlooks New Report That Finds Auto Cyber Is A Dumpster FireThe surveys speak: supply chain threats are freaking people outIoCs vs. EoCs: What’s the difference and why should you care? [...]

Beware: Images, Video Shared on Signal Hang Around

25 January 2023

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal Hang Around appeared first on The Security Ledger with Paul F. Roberts. Related StoriesForget the IoT. Meet the IoZ: our Internet of Zombie thingsThe surveys speak: supply chain threats are freaking people outCyberattacks on Industrial Control Systems Jumped in 2022 [...]

Watch this Nvidia demo and imagine actually speaking to AI game characters

29 May 2023

Image: Nvidia At Computex 2023 in Taipei, Nvidia CEO Jensen Huang just gave the world a glimpse of what it might be like when gaming and AI collide — with a graphically breathtaking rendering of a cyberpunk ramen shop where you can actually talk to the proprietor. Seriously, instead of clicking on dialogue options, it imagines you could hold down a button, just say something with your own voice, and get an answer from a video game character. Nvidia’s calling it a “peek at the future of games.” Unfortunately, the actual dialogue leaves a lot to be desired — maybe… [...]

Dolphin says Nintendo blocked a Steam release of its Wii and GameCube emulator

29 May 2023

Image: The Verge The Steam launch of Dolphin, an open-source emulator for the Wii and the GameCube, has been delayed indefinitely (via PC Gamer). A blog post by the developers says that’s due to a Nintendo “cease and desist citing the DMCA” (an earlier version of the blog post simply said “issued a DMCA” but it has since been updated) after they’d announced plans for a Steam launch in March. Dolphin Emulator Project: It is with much disappointment that we have to announce that the Dolphin on Steam release has been indefinitely postponed. We were notified by Valve that Nintendo… [...]

Quest 3 hands-on confirms Meta’s building a ‘far thinner and lighter’ headset

28 May 2023

The Quest 3 will improve on the Quest 2 (pictured above) in many important ways. | Photo by Owen Grove / The Verge A hands-on look at the Meta Quest 3 reveals a massive set of improvements to the Meta mixed reality headset, as detailed in Mark Gurman’s Power On newsletter for Bloomberg this morning. Gurman says the Quest 3, now codenamed Eureka, is “far lighter and thinner” than the original Quest 2, which bodes well for its comfort during extended usage. A lot of the features he mentioned are similar to what we expect to learn about the Apple… [...]

Right to repair: all the latest news and updates

28 May 2023

Image: The Verge The right-to-repair movement is picking up momentum across the US and the rest of the globe. Here’s the story so far. Continue reading… [...]

LG’s 48-inch 4K OLED gaming monitor is over $600 off right now

28 May 2023

LG 48GQ900 48-inch OLED gaming monitor | Image: LG The 48-inch LG UltraGear 48GQ900 is on sale at Amazon for an incredible 43 percent off from its typical $1,499.99 price right now, putting it at $852.14 before taxes for Amazon Prime members (or $896.99 for those without Prime), for nearly its lowest price ever. If you’d rather go to the source (or just not Amazon), LG is selling it for $899.99, as is Newegg. This price is as good as it gets for this giant LG OLED gaming display. If you take this deal, you can expect the usual inky… [...]

Walmart’s 4K Google TV box is the best $20 deal in streaming

28 May 2023

Most big-name competitors can’t match this new Onn box when it comes to value and what you’re getting for the money. But Dolby Vision might be missed by some. Continue reading… [...]

The odd appeal of absurdly long YouTube videos that play nothing on purpose

28 May 2023

Illustration: Alex Castro / The Verge The video’s title is, for once on YouTube, pretty straightforward: “24 hours + of pure black screen in HD!” Leaving aside the questions about the difference between standard- and high-def pure black screens, the video does what it says on the tin. Hit play, and you get more than 24 hours — 24 hours, one minute, 27 seconds, to be exact — of black screen and silence. It’s like turning off your computer, without turning off your computer. This video has 40.2 million views. The first time I watched it, I assumed there was… [...]

Apple’s $50 million butterfly keyboard settlement is finally approved

27 May 2023

People who owned MacBooks with butterfly keyboards will now get paid. | Photo by Vjeran Pavic / The Verge The $50 million settlement over Apple’s bad butterfly keyboard design got final approval by a federal court judge in California, Reuters reported yesterday. US District Court Judge Edward Davila denied an attempt to amend the agreement, writing in his ruling that 86,000 people filed claims. That finally puts a figure on the number of people affected who will get compensation for repairs they’d paid for. Or at least the number who heard about the lawsuit and followed it to the settlement… [...]

A lawyer used ChatGPT and now has to answer for its ‘bogus’ citations

27 May 2023

OpenAI’s ChatGPT is a lot of things, but a lawyer it is not. | Illustration: The Verge Lawyers suing the Colombian airline Avianca submitted a brief full of previous cases that were just made up by ChatGPT, The New York Times reported today. After opposing counsel pointed out the nonexistent cases, US District Judge Kevin Castel confirmed, “Six of the submitted cases appear to be bogus judicial decisions with bogus quotes and bogus internal citations,” and set up a hearing as he considers sanctions for the plaintiff’s lawyers. Lawyer Steven A. Schwartz admitted in an affidavit that he had used… [...]

The best Memorial Day sales you can shop this weekend

27 May 2023

We found some great discounts on Apple’s latest smartwatch and other gadgets. | Image: Will Joel / The Verge Memorial Day isn’t just the unofficial start of summer — it’s also a good time to save money on everything from outdoor furniture to the latest tech accessories. And with many sales now in full swing, it’s a great time to save on streaming devices, noise-canceling earbuds, video doorbells, gaming headsets, and a range of other popular tech. Below, we’ve rounded up some of the top Memorial Day deals you can get in the run-up to the holiday on Monday, May… [...]

45 Best Memorial Day Outdoor Deals: Tents, Camp Chairs, and More

28 May 2023

The sun is out, the flowers are budding, and it's time to revel in your new running shoes and sleeping pads. [...]

How to Control Amazon Kids+ Content Settings (2023)

28 May 2023

Everyone’s definition of what’s appropriate for kids to read or watch is different. But we can offer some advice for managing settings. [...]

The Quest to Use Quantum Mechanics to Pull Energy out of Nothing

28 May 2023

The quantum energy teleportation protocol was proposed in 2008 and largely ignored. Now two independent experiments have shown that it works. [...]

How to Text From Your PC Through Your Phone

28 May 2023

Your messages, on your PC, in seconds. [...]

Remembering GitHub's Office, a Monument to Tech Culture

28 May 2023

The code-hosting platform's headquarters was a living testament to tech values and one of its first disputed territories. [...]

Turtle Beach Stealth Pro Review: Go Anywhere, Play Anything

28 May 2023

These wireless gaming headphones aim to do it all, and they’re pretty darn close to perfect. [...]

9 Best Electric Kettles (2023): Gooseneck, Temperature Control, Cheap

27 May 2023

We made tons of coffee, tea, and ramen to test these gadgets—and boiled it down to these top picks. [...]

Netflix’s Password-Sharing Crackdown Has Hit the US

27 May 2023

TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption. [...]

7 Best Heart Rate Monitors (2023): Chest Straps, EKG, Watches

27 May 2023

These chest straps and watches can help keep your finger on the pulse of your wellness. [...]

Bring Back the Seabirds, Save the Climate

27 May 2023

The number of ocean going birds has declined 70 percent since the 1950s, but restoring their populations can bolster marine ecosystems that sequester carbon. [...]

Researchers release exploit details for Backstage pre-auth RCE bug

Related Posts

The Week in Ransomware – May 26th 2023 – Cities Under Attack

Solving problems is better than fearmongering

US govt contractor ABB confirms ransomware attack, data theft