Google updates Chrome to address an actively exploited high-severity zero-day vulnerability in Mojo, its sixth patch for zero-day vulnerabilities in 2022 Techmeme · 3 months ago
Kaspersky details how the North Korean Kimsuky threat actors use a multi-stage validation scheme to ensure their malware is only downloaded by specific targets Techmeme · 3 months ago
LastPass says a hacker stole portions of its source code and "proprietary LastPass technical information" two weeks ago, but users' master passwords are safe Techmeme · 3 months ago
LockBit ransomware's leak sites suffer a DDoS attack after it claimed responsibility for breaching Entrust in June; LockBit blames Entrust for the DDoS attack Techmeme · 3 months ago
Microsoft and CISA warn users about DogWalk, a now-patched actively exploited RCE vulnerability in Windows 7, 10, 11, and Server 2008 through 2022 Techmeme · 4 months ago
Cisco says it was hacked by the Yanluowang ransomware group in May 2022; Yanluowang claims 2.75GB of data consisting of ~3.1K files, including NDAs, was stolen Techmeme · 4 months ago
Researchers detail Dark Utilities, a new service that provides an inexpensive way for cybercriminals to set up a command and control center for their operations Techmeme · 4 months ago
Twitter confirms that a now-patched bug was used to link phone numbers and emails to user accounts; a threat actor offered to sell 5.4M records in December 2021 Techmeme · 4 months ago
CloudSEK researchers find 3,207 mobile apps exposing Twitter API keys to the public, potentially letting hackers take over associated users' Twitter accounts Techmeme · 4 months ago
Unit 42: hackers typically scan for vulnerabilities within 15 minutes of a new CVE disclosure with the first active exploitation attempts observed within hours Techmeme · 4 months ago
Microsoft resumes rolling out an update to block VBA macros by default in downloaded Office documents, after rolling it back earlier in July over user feedback Techmeme · 4 months ago
The Dutch Ministry of Education suspends the use of Chrome OS and Chrome until August 2023 over concerns Google services collect student data and violate GDPR Techmeme · 4 months ago
Entrust, an ID management company used by US Treasury, DHS, and others, confirms it was breached by a ransomware gang in June which stole internal data Techmeme · 4 months ago
Russia fines Google $358M for not censoring topics, such as Russia's invasion of Ukraine, after Google's Russian subsidiary filed for bankruptcy earlier in 2022 Techmeme · 4 months ago
Microsoft rolls back blocking VBA macro scripts by default in Excel, PowerPoint, Access, Visio, and Word, "based on feedback" and "to make improvements" Techmeme · 5 months ago
In a joint advisory, the FBI, CISA, and the US Treasury Department warn North Korea-backed hackers are using Maui ransomware to attack healthcare organizations Techmeme · 5 months ago
Google releases a Chrome update for Windows to address a high-severity zero-day vulnerability exploited in the wild, its fourth Chrome zero-day patch in 2022 Techmeme · 5 months ago
HackerOne says a staffer stole vulnerability reports submitted through its bug bounty platform and disclosed them to seven companies to claim financial rewards Techmeme · 5 months ago
Kaspersky researchers discovered malware used in the wild since March 2021 to backdoor Microsoft Exchange servers of government and military orgs worldwide Techmeme · 5 months ago
Firefox now offers a way to strip URLs of certain tracking parameters, like from HubSpot, Marketo, and Meta, following similar functionality in Brave Browser Techmeme · 5 months ago
Brave says its search engine grew ~5,000% since its June 2021 launch to 411.7M queries in May, and launches Goggles, which lets users customize searches Techmeme · 5 months ago
Cloudflare says it mitigated a 26M requests per second DDoS attack, the largest HTTPS DDoS attack detected to date, surpassing a 17.2M rps attack in August 2021 Techmeme · 5 months ago
In a joint advisory, the NSA, CIA, and FBI detail how China-backed hackers have exploited common vulnerabilities to snoop on network traffic Techmeme · 6 months ago
In an operation led by the FBI and IRS, online marketplace SSNDOB, which sold names, SSNs and dates of birth of about 24 million US people, was taken down Techmeme · 6 months ago
Scans of MySQL server instances by Shadowserver analysts found 2.3M exposed servers on IPv4 and 1.3M on IPv6 devices Techmeme · 6 months ago
Microsoft researchers find high severity vulnerabilities in mce Systems' framework used by Android apps from carriers including AT&T, Telus, Rogers, and Bell Techmeme · 6 months ago
DuckDuckGo confirms a researcher's findings that its browser allows some Microsoft trackers on third-party sites, citing a Microsoft search content agreement Techmeme · 6 months ago
Researchers discover that a popular Python library "ctx" and PHP package "phpass" have been compromised to steal developers' AWS keys and credentials Techmeme · 6 months ago
AdvIntel: the Conti ransomware group has taken its infrastructure offline and its leaders have partnered with other smaller ransomware groups to conduct attacks Techmeme · 6 months ago
Researchers devise a BLE relay attack that lets a hacker unlock and operate a Tesla outside its BLE range; Tesla said in April that it was a "known limitation" Techmeme · 6 months ago
The DOJ says that Moises Luis Zagala Gonzalez, a 55-year-old cardiologist living in Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals Techmeme · 6 months ago
Researchers detail a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly in attacks Techmeme · 7 months ago
Costa Rica's president declares a state of emergency after the Conti ransomware group published 672GB of data that appears to be from government agencies Techmeme · 7 months ago
Google Play bans "downloading of paid apps and updates to paid apps" in Russia over sanctions, after halting purchases of paid apps and subscriptions in March Techmeme · 7 months ago
UK sanctions Baikal Electronics and MCST, Russia's most important chipmakers, denying them access to the ARM architecture Techmeme · 7 months ago
IC3 says there were 241K+ reports of business email compromise scams globally from June 2016 to July 2019, totaling $43B+ in actual and attempted losses Techmeme · 7 months ago
Cybersecurity authorities of Five Eyes countries warn of Russia-backed hacking groups targeting critical infrastructure organizations in and outside Ukraine Techmeme · 7 months ago
GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from private repositories belonging to npm and other orgs Techmeme · 7 months ago
RaidForums, used by Lapsus$, Babuk, and other extortion gangs, is seized in a US-led international operation; Europol says the hacking forum had 500K+ users Techmeme · 8 months ago
A hacking group called NB65 claims it is using modified versions of Conti's leaked ransomware to attack Russian entities, including the space agency Roscosmos Techmeme · 8 months ago
Microsoft says it obtained a court order to take control of seven domains used by Russia-linked hacking group Strontium, disrupting its attacks on Ukraine Techmeme · 8 months ago
Mailchimp discloses a breach where hackers accessed 319 accounts and stole "audience data" from 102 clients, leading to phishing scams of crypto users Techmeme · 8 months ago
Apple releases iOS 15.4.1, iPadOS 15.4.1, and macOS 12.3.1 to fix two zero-days that "may have been actively exploited"; Apple fixed five zero-days this year Techmeme · 8 months ago
The FBI and its global law enforcement partners announce the arrests of 65 alleged cybercrime gang members specializing in business email compromise schemes Techmeme · 8 months ago
Google releases a Chrome update for Windows, Mac, and Linux to fix a high-severity zero-day exploited in the wild, the second such patch for Chrome in 2022 Techmeme · 8 months ago
An analysis of the encryption speed of ten notorious ransomware strains finds LockBit and Babuk to be the fastest, while Conti, Maze, and PYSA were the slowest Techmeme · 8 months ago