Twitch downplays last week's hack, says it had minimal impact and user login credentials, full credit card numbers, or bank information were not exposed Techmeme · 2 days ago
Coinbase says a threat actor stole cryptocurrency from 6,000 customers between March and May 20 using a vulnerability in its SMS multi-factor authentication Techmeme · 2 weeks ago
Apple releases iOS 12.5.5 and a macOS Catalina security update to fix zero-day vulnerabilities in CoreGraphics, WebKit, and XNU Techmeme · 3 weeks ago
macOS is susceptible to running arbitrary code when a user opens a malicious .inetloc file, and Apple's first attempt to silently fix the issue failed Techmeme · 4 weeks ago
Hackers leak a list of ~500K Fortinet VPN login names and passwords; a source in the IT security industry says at least some of the leaked credentials are valid Techmeme · 1 month ago
US Cyber Command and CISA urge US organizations to immediately patch a critical Atlassian Confluence remote code execution flaw that is under mass exploitation Techmeme · 1 month ago
Bangkok Airways confirms LockBit ransomware has leaked 200GB+ of data including passenger details; LockBit has also published stolen data of Ethiopian Airlines Techmeme · 2 months ago
A bug in Razer's Synapse software, which Windows fetches and installs when a Razer accessory is plugged in, lets anyone with a Razer mouse gain admin privileges Techmeme · 2 months ago
AT&T says it did not suffer a data breach after a threat actor started selling a database purportedly containing the personal info of 70M AT&T customers Techmeme · 2 months ago
Researcher finds a terrorist watchlist of 1.9M people, including "no-fly" records, on an unsecured Elasticsearch cluster; DHS later took the server offline Techmeme · 2 months ago
Microsoft fixes 44 vulnerabilities, including seven flaws that are classified as critical and three zero-day flaws, with one actively exploited in the wild Techmeme · 2 months ago
Researchers: Google Play Protect, Android's built-in malware detection tool, identified only 68.8% of 20K+ malicious apps, ranking last out of 15 security apps Techmeme · 3 months ago
Twitter transparency report: only 2.3% of active accounts have enabled 2FA between July and December 2020; 79.6% of those who did used SMS-based 2FA Techmeme · 3 months ago
1TB of data belonging to Saudi Aramco is for sale on the dark web, with some files dating back to 1993; the company blames the leak on 3rd-party contractors Techmeme · 3 months ago
REvil's infrastructure and websites are offline, including its data leak sites, less than two weeks after attacking 1,500+ businesses with ransomware via Kaseya Techmeme · 3 months ago
SolarWinds patches a remote code execution flaw in its Serv-U product, after Microsoft notified the company that the flaw was being exploited in the wild Techmeme · 3 months ago
REvil ransomware gang is using a malicious update for IT management software from Kaseya to deploy ransomware, with at least eight large MSPs affected Techmeme · 4 months ago
Western Digital says some My Book Live devices are being compromised by malware leading to a factory reset erasing all data, believes its servers weren't hacked Techmeme · 4 months ago
Researchers discover four major vulnerabilities in Dell SupportAssist's BIOSConnect feature, letting hackers remotely execute code, affecting 129 Dell models Techmeme · 4 months ago
Researcher finds iPhone bug that disables wireless functionality after joining a WiFi network called "%p%s%s%s%s%n"; resetting network settings fixes the issue Techmeme · 4 months ago
In a week-long operation, Interpol took down ~113K web links to fake pharmacies, and in another recent operation it recovered ~$83M for victims of online crime Techmeme · 4 months ago
Avaddon ransomware gang releases decryption keys for 2,934 of its victims and is likely shutting down due to increased scrutiny by governments around the world Techmeme · 4 months ago
In its June batch of patches, Microsoft announced fixes for 50 flaws, including seven zero-days, six of which have been exploited in the wild Techmeme · 4 months ago
Air India, a member of Star Alliance, says data of 4.5M passengers, including names, passport info, and credit card data, was stolen in a February breach Techmeme · 5 months ago
Insurer AXA is suffering ransomware and DDoS attacks on its Asia-based branches, a week after saying it would no longer reimburse ransoms paid by French clients Techmeme · 5 months ago
Chemical distributor Brenntag paid a $4.4M ransom in bitcoin to the DarkSide ransomware gang, who claimed to have stolen more than 150 GB of sensitive data Techmeme · 5 months ago
Microsoft says Microsoft Defender for Endpoint now blocks cryptojacking malware using Intel's silicon-based Threat Detection Technology Techmeme · 6 months ago
WordPress announces that it will treat Google's FLoC as a "security concern", and will automatically disable the technology in its upcoming July release Techmeme · 6 months ago
In its April batch of patches, Microsoft fixes 108 flaws, including 19 "critical" flaws, five 0-days, and four NSA-discovered critical Exchange flaws Techmeme · 6 months ago
Researchers: 538K Huawei Android devices have Joker malware, via ten apps in Huawei's AppGallery, after Play Store's similar issues with Joker-infected apps Techmeme · 6 months ago
The official PHP Git repository was hacked, adding a backdoor RCE to the PHP source code; PHP maintainer says the changes were reverted within a few hours Techmeme · 7 months ago
Microsoft releases one-click Exchange On-Premises Mitigation Tool to help businesses, who don't have expertise, easily patch recently disclosed vulnerabilities Techmeme · 7 months ago
Data center operator OVH says a fire destroyed some of its sites in France, affecting cyber threat intelligence company Bad Packets, game maker Rust, and others Techmeme · 7 months ago