Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks
The U.S. State Department is offering a reward of up to $10 million for information that could help capture a North Korean military hacker identified as Rim Jong Hyok. Part of the Andariel North Korean hacking group, Hyok and other Andariel operatives were linked to Maui ransomware attacks targeting critical infrastructure and healthcare organizations across the […]
WhatsApp for Windows lets Python, PHP scripts execute with no warning
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be successful, Python needs to be installed, a prerequisite that may limit the targets to software developers, researchers, and power users. The problem […]
X begins training Grok AI with your posts, here’s how to disable
X has quietly begun training its Grok AI chat platform using members’ public posts without first alerting anyone that it is doing it by default. As AI platforms war for dominance, they are constantly seeking data to train their large language models (LLMs). This makes your data very valuable. However, instead of asking for permission, most platforms use […]
Google fixes Chrome Password Manager bug that hides credentials
Google has fixed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily for more than 18 hours. The outage began on Wednesday, affecting users worldwide who rely on Chrome’s built-in tool to store and autofill their passwords. In a Google Workspace incident report, the company says the issue affected approximately 2% of […]
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. The American crypto exchange began sending notices to impacted individuals a month ago, on June 26, 2024 but submitted a sample of the letters yesterday to the Attorney General’s […]
FBCS data breach impact now reaches 4.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. […]
July Windows Server updates break Remote Desktop connections
Microsoft has confirmed that July’s security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. “Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. […]
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot “master key”—also known as Platform Key (PK)—generated by American Megatrends International […]
Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates […]
Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. These new, more detailed warning messages help users quickly learn the nature of the danger presented by each file downloaded from the Internet. For this, Google introduced a two-tier download warning system that uses AI-powered […]