HackerOne says a staffer stole vulnerability reports submitted through its bug bounty platform and disclosed them to seven companies to claim financial rewards Techmeme · 19 hours ago
Kaspersky researchers discovered malware used in the wild since March 2021 to backdoor Microsoft Exchange servers of government and military orgs worldwide Techmeme · 2 days ago
Firefox now offers a way to strip URLs of certain tracking parameters, like from HubSpot, Marketo, and Meta, following similar functionality in Brave Browser Techmeme · 4 days ago
Brave says its search engine grew ~5,000% since its June 2021 launch to 411.7M queries in May, and launches Goggles, which lets users customize searches Techmeme · 2 weeks ago
Cloudflare says it mitigated a 26M requests per second DDoS attack, the largest HTTPS DDoS attack detected to date, surpassing a 17.2M rps attack in August 2021 Techmeme · 3 weeks ago
In a joint advisory, the NSA, CIA, and FBI detail how China-backed hackers have exploited common vulnerabilities to snoop on network traffic Techmeme · 4 weeks ago
In an operation led by the FBI and IRS, online marketplace SSNDOB, which sold names, SSNs and dates of birth of about 24 million US people, was taken down Techmeme · 4 weeks ago
Scans of MySQL server instances by Shadowserver analysts found 2.3M exposed servers on IPv4 and 1.3M on IPv6 devices Techmeme · 1 month ago
Microsoft researchers find high severity vulnerabilities in mce Systems' framework used by Android apps from carriers including AT&T, Telus, Rogers, and Bell Techmeme · 1 month ago
DuckDuckGo confirms a researcher's findings that its browser allows some Microsoft trackers on third-party sites, citing a Microsoft search content agreement Techmeme · 1 month ago
Researchers discover that a popular Python library "ctx" and PHP package "phpass" have been compromised to steal developers' AWS keys and credentials Techmeme · 1 month ago
AdvIntel: the Conti ransomware group has taken its infrastructure offline and its leaders have partnered with other smaller ransomware groups to conduct attacks Techmeme · 1 month ago
Researchers devise a BLE relay attack that lets a hacker unlock and operate a Tesla outside its BLE range; Tesla said in April that it was a "known limitation" Techmeme · 2 months ago
The DOJ says that Moises Luis Zagala Gonzalez, a 55-year-old cardiologist living in Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals Techmeme · 2 months ago
Researchers detail a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly in attacks Techmeme · 2 months ago
Costa Rica's president declares a state of emergency after the Conti ransomware group published 672GB of data that appears to be from government agencies Techmeme · 2 months ago
Google Play bans "downloading of paid apps and updates to paid apps" in Russia over sanctions, after halting purchases of paid apps and subscriptions in March Techmeme · 2 months ago
UK sanctions Baikal Electronics and MCST, Russia's most important chipmakers, denying them access to the ARM architecture Techmeme · 2 months ago
IC3 says there were 241K+ reports of business email compromise scams globally from June 2016 to July 2019, totaling $43B+ in actual and attempted losses Techmeme · 2 months ago
Cybersecurity authorities of Five Eyes countries warn of Russia-backed hacking groups targeting critical infrastructure organizations in and outside Ukraine Techmeme · 2 months ago
GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from private repositories belonging to npm and other orgs Techmeme · 3 months ago
RaidForums, used by Lapsus$, Babuk, and other extortion gangs, is seized in a US-led international operation; Europol says the hacking forum had 500K+ users Techmeme · 3 months ago
A hacking group called NB65 claims it is using modified versions of Conti's leaked ransomware to attack Russian entities, including the space agency Roscosmos Techmeme · 3 months ago
Microsoft says it obtained a court order to take control of seven domains used by Russia-linked hacking group Strontium, disrupting its attacks on Ukraine Techmeme · 3 months ago
Mailchimp discloses a breach where hackers accessed 319 accounts and stole "audience data" from 102 clients, leading to phishing scams of crypto users Techmeme · 3 months ago
Apple releases iOS 15.4.1, iPadOS 15.4.1, and macOS 12.3.1 to fix two zero-days that "may have been actively exploited"; Apple fixed five zero-days this year Techmeme · 3 months ago
The FBI and its global law enforcement partners announce the arrests of 65 alleged cybercrime gang members specializing in business email compromise schemes Techmeme · 3 months ago
Google releases a Chrome update for Windows, Mac, and Linux to fix a high-severity zero-day exploited in the wild, the second such patch for Chrome in 2022 Techmeme · 3 months ago
An analysis of the encryption speed of ten notorious ransomware strains finds LockBit and Babuk to be the fastest, while Conti, Maze, and PYSA were the slowest Techmeme · 3 months ago
A malicious cartoon rendering Android app that steals Facebook credentials has been downloaded 100K times and is still available on the Google Play Store Techmeme · 3 months ago
FBI and CISA advisory warns that Russia-backed threat actors accessed an unnamed NGO's network by exploiting default MFA protocols and the "PrintNightmare" flaw Techmeme · 4 months ago
Russia has created its own trusted TLS certificate authority as sanctions prevent Russian sites from renewing existing TLS certificates Techmeme · 4 months ago
The Lapsus$ group leaks ~190GB of alleged confidential Samsung files, including a suspected dump of source code and related device security and encryption data Techmeme · 4 months ago
Security researchers say threat actors are using two of Nvidia's code-signing certificates leaked by the Lapsus$ group to sign Windows malware and hacking tools Techmeme · 4 months ago
Threat actors are using NVIDIA's code-signing certificates leaked by the Lapsus$ group to sign Windows malware and hacking tools Techmeme · 4 months ago
Symantec details China-linked backdoor Daxin, a Windows kernel driver that can hijack TCP connections to stealthily connect with command-and-control servers Techmeme · 4 months ago
Ukraine, which this weekend formed an "IT Army" made up of global volunteer hackers, claims to have taken down several Russian government and bank websites Techmeme · 4 months ago
Mozilla warns that Firefox and Chrome 100 versions may break some sites, including HBO Go and Yahoo, due to user-agent strings with three-digit version numbers Techmeme · 5 months ago
Apple releases iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1 to fix a WebKit flaw that may have been actively exploited, its third zero-day patch in 2022 Techmeme · 5 months ago
KP Snacks, a major British snack producer, has been hit by the Conti ransomware, impacting supplies of Skips, Hula Hoops, McCoy's, and others to supermarkets Techmeme · 5 months ago
Researchers find a 12-year-old vulnerability in Polkit that local attackers can use to gain root privileges on all major Linux distributions; an exploit is out Techmeme · 5 months ago
Researchers: 93 themes and plugins for WordPress downloaded from AccessPress had backdoors dating back to September, allowing attackers full admin control Techmeme · 5 months ago