400 chip flaws can turn 3 billion Android phones into perfect spying toolThese vulnerabilities if exploited can turn am Android phone into a perfect ‘spying tool', that too without the owners' intervention.HackRead Shared .
The Green Goldfish and cyber threat intelligence.Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security.The CyberWire Shared .
Hackers hit Reddit; deface 70+ Subreddits with Pro-Trump messagesBefore Reddit, in June 2020, more than 1,150 Roblox accounts were also hacked and defaced with pro-Donald Trump content.HackRead Shared .
How much does a data breach cost? + How to prevent itBy some estimates, close to 30 percent of businesses in the United States will experience a data breach.HackRead Shared .
Bug Hunter Talks and Init.G for StudentIn December 2019 I was invited by Google to come to London for the Google CTF finals.LiveOverflow Shared .
Satellite Internet connections can easily be intercepted by hackersJames Pavur, the author of the research identified that hackers can target a Satellite with merely a $300 device.HackRead Shared .
Like anything these days, you have to disinfect it first."Cyberbunker" refers to a criminal group that operated a "bulletproof" hosting facility out of an actual military bunker.The CyberWire Shared .
What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find outStart the clock on those patches - they'll be coming any day, week, month soon.The Register Shared .
Introducing the O.MG Keylogger CableSpecial thanks @ the music? That's an unreleased @KANGAkult track! We are working on some more cool stuff that you will see very soon.Hak5 Shared .
Qualcomm Bugs Open 40 Percent of Android Handsets to AttackResearchers identified serious flaws in Qualcomm's Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.Threatpost Shared .
How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellitesBug-hunter details how his team slurped data...The Register Shared .
Online exam tool ProctorU admits breach after hackers leak its databaseProctorU database containing 444,267 accounts was leaked by ShinyHunters hackers on July 27th, 2020. Here's what happened.HackRead Shared .
Attackers Horn in on MFA Bypass Options for Account TakeoversAccording to Abnormal Security, cybercriminals are zeroing in on email clients that don't support modern authentication, such as mobile email clients ; and legacy email protocols, including IMAP, SMTP, MAPI and POP.Threatpost Shared .
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. MagecarPresident Trump issues Executive Orders restricting TikTok and WeChat in the US. A Chinese APT has been active in industrial espionage against Taiwan's semiconductor industry.The CyberWire Shared .
Have I Been Pwned Set to Go Open-SourceFully opening the door to allow people to contribute to - and notably, tinker with - the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.Threatpost Shared .
Hundreds of Uber Eats User records leaked on Dark WebUser records of Uber Eats, an American online food ordering service, have been leaked by a threat actor on Dark Web.HackRead Shared .
At Talkspace, Start-Up Culture Collides With Mental Health ConcernsThe therapy-by-text company made burner phones available for fake reviews and doesn't adequately respect client privacy, former employees say.New York Times Privacy Shared .
A Manual Transmission With No ClutchThis week, it's the Security Weekly Virtual Hacker Summer Camp edition of Paul's Security Weekly!Paul's Security Weekly Shared .
182-How to Disappear: Part OneThis week I debut a multiple-part series about disappearing, created with Javier Leiva from Pretend Podcast, plus the latest privacy news and updates.The Complete Privacy & Security Podcast Shared .
BlueRepli attack lets hackers bypass Bluetooth authentication on AndroidThe findings related to Bluerepli were shared by researchers at the Black Hat USA 2020 virtual event held on 5th August.HackRead Shared .
Hackers Dump 20GB of Intel's Confidential Data OnlineChipmaker investigates a leak of intellectual property from its partner and customer resource center.Threatpost Shared .
Pretexting attacks: What are they and how can you avoid them?Fraudsters targeting individuals and companies often use emails, texts, or phone calls to extract valuable information and gain access to accounts, data, financial info, and networks.Comparitech Shared .
How to get a Costa Rica IP Address from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Evasive Credit Card Skimmers Using Homograph Domains and Infected FaviconNew Evasive Phishing Attacks Leveraging Homoglyph Domains and Infected Copycat Favicon to Skim Payment Data.The Hacker News Shared .
Augmenting AWS Security ControlsAppropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.Threatpost Shared .
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million UsersHackers Planted Secret RCE Backdoor in Popular Webmin Utility for Linux/Unix Servers.The Hacker News Shared .
Business Email Compromise fighting back with machine learningMachine learning models are immune to blandishments, threats, flattery and so on - so why not set them against social engineers?Naked Security Shared .
Android user chucks potential $10bn+ sueball at Google over 'spying', 'harvesting data'… this time to build supposed rival to TikTok called 'Shorts'These are the 'droids lawyers are looking for.The Register Shared .
7 Best VPNs for Costa Rica: Top for Streaming, Speed and PrivacyWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Is Google Drive secure? How to protect your Google DriveWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to get a Serbia IP Address from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
It's A Trap!This week, it's Security Weekly Virtual Hacker Summer Camp! In our first segment, we welcome John Loucaides, VP of Research and Development at Eclypsium, to talk about Putting Zero Trust in Your Devices!Paul's Security Weekly Shared .
How COVID-19 Has Changed Business Cybersecurity Priorities ForeverBusinesses around the world have experienced numerous changes in their technology, operations and cybersecurity priorities.The Hacker News Shared .
So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talkDemirkapi shows how drivers can be misused for deep pwnage.The Register Shared .
Anti-encryption laws yet to be used by Asio or AFP to compel tech firms' help, inquiry toldBoth agencies said on Friday they had so far secured voluntary cooperation from tech and communications companies - even though there had been times when they had come close to issuing a compulsory notice - and they still might need to use the tougher powers in future.Guardian Privacy Shared .
Chrome Web Store slammed again after 295 ad-injecting, spammy extensions downloaded 80 million timesNot exactly the first time this has happened, by a very long chalk.The Register Shared .
Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel AttacksModern CPUs from various hardware vendors like Intel, AMD, ARM, and IBM are susceptible to a new form of Foreshadow speculative execution attack.The Hacker News Shared .
Trump administration labels WeChat, TikTok ‘threats' to national security, bans transactions with bothOn grounds that they can track users, conduct corporate espionage and oppress Chinese-Americans.The Register Shared .
Australia needs to face up to the dangers of facial recognition technologyState and federal governments must follow the lead of cities here and abroad to suspend its use and develop a regulatory framework.Guardian Privacy Shared .
Host a Deep Web IRC Server for More Anonymous Chatting OnlineIRC is a popular internet chat protocol. In this episode of Cyber Weapons Lab, w'll show you how to connect this technology to the Tor network in order to create an anonymous and secure chatroom - without using a public IP address.Null Byte Shared .
Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hackAll that money must be wired to the US Treasury immediately.The Register Shared .
Black Hat 2020: Influence Campaigns Are a Cybersecurity ProblemAn inside look at how nation-states use social media to influence, confuse and divide - and why cybersecurity researchers should be involved.Threatpost Shared .
The Switch: Breaking Into Hacking CareersIf you've ever wondered where hackers come from, or how you might get a job being paid to hack, you might be surprised by the stories of teachers, makeup artists, graphic designers, and veterinarians who all switched to careers in Site → → → → Us → Wire RSS → Wire iTunes → : Kody Kinzie.Hak5 Shared .
Hacker posts 20GB of alleged Intel source code, files onlineDubbed Intel leaks; the data has been leaked by a developer who claims to have received it from an anonymous hacker.HackRead Shared .
Foreshadow returns to the foreground: Boffins find secrets-spilling speculative execution Intel flaw lives onA misunderstanding about the vulnerability means defenses fall short.The Register Shared .
When it comes to hacking societies, Russia remains the master at sowing discord and disinformation onlineChina can't hold a candle to GRU's shenanigans, says expert.The Register Shared .
Black Hat 2020: Mercedes-Benz E-Series Rife with 19 BugsResearchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.Threatpost Shared .
Canon suffers ransomware attack by Maze; reportedly losing 10TB of DataCanon is still investigating the incident but Maze ransomware group is reportedly boasting about breaking into Canon's cyberinfrastructure.HackRead Shared .
Canon Admits Ransomware Attack in Employee Note, ReportThe giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.Threatpost Shared .
Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment ClaimsA group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker,...Krebs on Security Shared .
Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping HackAttackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.Threatpost Shared .
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia's cyberThe US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing.The CyberWire Shared .
Intel NDA blueprintsLeaker only 'a bit concerned' about getting sued.The Register Shared .
New tool detects fake 4G cell phone towersDubbed Crocodile Hunter; the tool works by scanning for 4G signals and determining if there is anything unusual in their nature.HackRead Shared .
High-Severity Cisco DoS Flaw Plagues Small-Business SwitchesCisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.Threatpost Shared .
Think carefully about cyber insurance, says NCSC. But don't worry about buying off ransomware crooksShould your policy cover that? Well that's up to you.The Register Shared .
Google 'accidentally' enabled smart speakers to listen passive soundsLuckily for Brazedowl, he was at home cooking and immediately took notice. But at that moment he realized that he had no idea whether his smart speaker was supposed to detect such sounds.HackRead Shared .
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office MacrosAt Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.Threatpost Shared .
Porn blast disrupts bail hearing of alleged Twitter hackerAn alleged hacker's bail hearing held online via Zoom with screen sharing enabled... what could possibly go wrong?Naked Security Shared .
Black Hat 2020: Using Botnets to Manipulate Energy Markets for Big ProfitsBlack Hat 2020 session discusses how high-wattage connected devices like dishwashers and heating systems can be recruited into botnets and used to manipulate energy markets.Threatpost Shared .
The Best Paros Proxy Alternatives for 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
U.S. Offers Reward of $10M for Info Leading to Discovery of Election MeddlingThe U.S. government is concerned about foreign interference in the 2020 election, so much so that it will offer a reward of up to $10 million for anyone providing information that could lead to tracking down potential cybercriminals aiming to sabotage the November vote.Threatpost Shared .
National Crime Agency says Brit teen accused of Twitter hack has not been arrestedBognor Regis man still faces 20 years in clink, though.The Register Shared .
Expert InstinctThis week, it's Security Weekly Virtual Hacker Summer Camp, and we have two interviews! First, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to discuss "How Security Spending Overlooks the Biggest Risk of All"!Paul's Security Weekly Shared .
USA decides to cleanse local networks of anything Chinese under new five-point national data security planClean Network' initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised.The Register Shared .
Canon not firing on all cylinders: Fledgling cloud loses people's pics'n'vids, then 'Maze ransomware' hits'We are investigating the situation'The Register Shared .
US voting hardware maker's shock discovery: Security improves when you actually work with the communityES&S takes the bold step of not ignoring vulnerability reports.The Register Shared .
'I don't care': young TikTokers unfazed by US furor over data collectionTrump has threatened to ban the app amid privacy concerns. But young people say they're used to being tracked.Guardian Privacy Shared .
Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacleMozilla warns more Firefox website breakage to come because devs just aren't checking for SameSite snafus.The Register Shared .
Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTsThe groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo.Threatpost Shared .
Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical HackersVoting machine technology seller Election Systems and Software offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.Threatpost Shared .
Twitter Fixes High-Severity Flaw Affecting Android UsersA vulnerability in Twitter for Android could have allowed attackers to access private direct messages and other data.Threatpost Shared .
America was getting on top of its electronic voting machine security'We need to prepare for a number of scenarios that may not come to fruition' says Prof Blaze.The Register Shared .
Black Hat 2020: Scaling Mail-In Voting Spawns Broad ChallengesVoting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahead of November's election.Threatpost Shared .
Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter HackerPerhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.Krebs on Security Shared .
Sensitive data of 900 Pulse Secure VPN servers leaked on hacker forumThe team behind Pulse Secure VPN had a year to fix the flaw which apparently it didn't and now one of the most notorious hacker forums has leaked its sensitive data.HackRead Shared .
Black Hat 2020: Open-Source AI to Spur Wave of 'Synthetic Media' AttacksThe explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready.Threatpost Shared .
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.NSA, yes, NSA, has some privacy advice. Interpol offers its take on where cybercrime is going during the time of the pandemic.The CyberWire Shared .
Hackers zoom bomb trial of Twitter hack's mastermind with pornographyThe hearing was shut down within 25 minutes after being Zoom bombed. Here's how it looks like and what happened.HackRead Shared .
WireGuard VPN: Secure and Fast, But Bad for Privacy?WireGuard is a new VPN protocol that promises faster speeds and better security. Unfortunately, it also has some drawbacks with privacy.Restore Privacy Shared .
High-Severity Android RCE Flaw Fixed in August Security UpdateGoogle addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.Threatpost Shared .
Chrome extensions with 80 million+ users found engaging in ad fraudAnother day, another large scale ad fraud through Chrome extensions. Here's what's going on in the latest ad fraud scam.HackRead Shared .
Microsoft Teams Patch Bypass Allows RCEAn attacker can hide amidst legitimate traffic in the application's update function.Threatpost Shared .
NSA Warns Smartphones Leak Location DataThe agency known for its own questionable surveillance activity advised how mobile users can limit others' ability to track where they are.Threatpost Shared .
A Cyber 'Vigilante' is Sabotaging Emotet's ReturnDuring Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return - and how a cyber vigilante is attempting to thwart the malware's comeback.Threatpost Shared .
UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of original £183m penaltyCOVID-battered businesses win reprieve from Information Commissioner's Office.The Register Shared .
Fighting and winning for privacy, where was the ICOThe Government admitted their Test and Trace programme is operating unlawfully, but we should never have had to threaten legal action.Open Rights Group Shared .
Case Study: How Incident Response Companies Choose IR ToolsChoosing the best tool is a challenge for many organizations. Lean how to choose best Incident Response tools for cybersecurity.The Hacker News Shared .
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud AccountsThe Hacker News Shared .
How to watch Star Trek: Lower Decks season 1 onlineWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
NSA warns that mobile device location services constantly compromise snoops and soldiersIt might be best not to ask how the NSA knows this and why it advises most mitigations don't help.The Register Shared .
China slams President Trump's TikTok banned-or-be-bought plan in the USBeijing accuses America of working to destroy businesses it doesn't like.The Register Shared .
Chinese debt collectors jailed for cyberbullying under ‘soft violence' lawsThreatening and insulting WeChat messages and worse earn time inside.The Register Shared .
Introduction To The Nmap Scripting EngineIn this video, I explain the importance of the NSE and how it can be used by penetration testers to perform service enumeration.HackerSploit Shared .
Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent'A secure dev lifecycle has a much higher ROI than letting the public do the bug detection work for you'The Register Shared .
NetWalker Ransomware Rakes in $29M Since MarchThe NetWalker ransomware has been around for about a year, but it has really made a name for itself in 2020, racking up around $29 million in extortion gains just since March.Threatpost Shared .
Maximum IsolationThis week, it's Security Weekly Virtual Hacker Summer Camp 2020! In our first segment, we welcome Mike Rothman, President at DisruptOps, to discuss: How Does Sec Live In A DevOps World?Paul's Security Weekly Shared .
As the world descends into madness, it's good to see some things never change: Monthly Android patchesQualcomm bugs among the worst - including a critical hole in wireless networking.The Register Shared .
US attributes Taidoor RAT to China's government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.Sources tell Reuters that documents used in an attempt to influence the last British general election were taken from the compromised email account of the trade minister.The CyberWire Shared .
Newsletter WordPress Plugin Opens Door to Site TakeoverAn XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.Threatpost Shared .
Rite Aid Used Facial Recognition Cameras; BootHole Hits GRUB2Three have been arrested for the twitter hack, the BootHole vulnerability creates bigger problems, and Rite Aid used facial recognition technology in hundreds of stores!Hak5 Shared .
When Taming Big Tech Goes WrongWhat the United States can learn from Europe's efforts to restrain America's tech giants.New York Times Privacy Shared .
They say the tooth will set you free… so Brit dentist trade union tells members: 'Bad news; we've been hacked'Bank account numbers and sort codes may have been accessed by intruders.The Register Shared .
WhatsApp's new fact-check feature lets users identify fake information"Search the Web" feature on WhatsApp lets users perform web searches on viral messages to confirm their authenticity.HackRead Shared .
Twitter Could Face $250M FTC Fine Over Improper Data UseThe potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising.Threatpost Shared .
Democratic Innovations: Polis and the political processOpen Rights Group and Demos yesterday published an exciting new report that provides insight on public attitudes towards data driven campaigning.Open Rights Group Shared .
Uncle Sam blames best pal China as Taidoor crew's dirty RAT takes aim at Western orgs, but others are less sureHello, 2009 called, they said they've got an email for you.The Register Shared .
The Pros and Cons of Education TechnologyEducation technology has changed the way students learn both inside and outside the classroom. However, there are pros and cons to this new way of learning.Ghostery Blog Shared .
Apple Knocked Off Perch as Most Imitated Brand for Phishing AttacksCOVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.Threatpost Shared .
GandCrab ransomware hacker arrested in BelarusSuspect is alleged to have extorted more than 1000 people, mostly in India, US, Ukraine, UK, Germany, France, Italy and Russia.Naked Security Shared .
Fake Zoom meeting invitation phishing scam harvests Microsoft credentialsInitially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. Here's what's going on.HackRead Shared .
Why Parents Should Pause Before Oversharing OnlineAs social media comes of age, will we regret all the information we revealed about our families during its early years?New York Times Privacy Shared .
Sweaty Internet RoomsThis week, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about Gravwell's Big Bang Release!Paul's Security Weekly Shared .
US Government Warns of a New Strain of Chinese 'Taidoor' VirusThe Hacker News Shared .
Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email failFormer trade minister Dr. Liam Fox named as source of leaked trade docs.The Register Shared .
Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secretsAssimilation completed! HPE says it has finished the merger with Cray and unveils combo supercomputing lineup.The Register Shared .
F.T.C. Investigating Twitter for Potential Privacy ViolationsThe social media company said the agency was examining whether it had misused people's personal information to serve ads.New York Times Privacy Shared .
Vilfo VPN Router Review: Fast and Secure, Worth the Price?This Vilfo VPN router review is a summary of our test results and analysis.Restore Privacy Shared .
Robocall Legal Advocate Leaks Customer DataA California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.Krebs on Security Shared .
Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election securityChances of it getting enacted in time for November - slim to almost nil.The Register Shared .
Automate Recon with Your Own Bash ScriptTo graduate to the big leagues and learn more about networking, you need to learn how to write your own hacking scripts.Null Byte Shared .
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns oMicrosoft is in talks to acquire TikTok as the US hints that it may be considering action against other Chinese software companies.The CyberWire Shared .
Google Updates Ad Policies to Counter Influence Campaigns, ExtortionStarting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content.Threatpost Shared .
How hackers behind Twitter Bitcoin scam were caughtThe Twitter Bitcoin scam allowed hackers to rake in over £80,000/$100,000. Here's how they got arrested in the US and the UK.HackRead Shared .
Netgear Won't Patch 45 Router Models Vulnerable to Serious FlawAlmost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models.Threatpost Shared .
UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?Chinese-owned vid app reportedly moving HQ to London.The Register Shared .
Transmission of Pakistani news channel interrupted to display Indian flagProminent Pakistani news channel Dawn had its transmission hacked amid commercial break on Sunday. Here's what happened.HackRead Shared .
Garmin Pays Up to Evil Corp After Ransomware Attack — ReportsThe ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.Threatpost Shared .
Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulnsOpenSSF to take projects from CII and OSSC under its umbrella.The Register Shared .
‘We Are Living Every Parent's Worst Nightmare,' Judge Salas SaysEsther Salas, the federal judge whose son was killed by a misogynistic lawyer two weeks ago, released a videotaped statement.New York Times Privacy Shared .
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec HolesWith Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers.Threatpost Shared .
'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked.The Register Shared .
Meetup Critical Flaws Allow 'Group' Takeover, Payment TheftResearchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."Threatpost Shared .
Judge Whose Son Was Killed by Misogynistic Lawyer Speaks Out"Two weeks ago, my life as I knew it changed in an instant, and my family will never be the same," Judge Esther Salas said in a video statement.New York Times Privacy Shared .
WhatsApp spyware attack: senior clergymen in Togo among activists targetedBishop from Togo among 1,400 individuals alerted by WhatsApp to malware attack.Guardian Privacy Shared .
Monday review a our recent stories revisitedGet yourself up to date with everything we've written in the last seven days - it's weekly roundup time.Naked Security Shared .
This Tool Could Protect Your Photos From Facial RecognitionResearchers at the University of Chicago want you to be able to post selfies without worrying that the next Clearview AI will use them to identify you.New York Times Privacy Shared .
Oh cool, more Cisco patches to apply. Happy MondayMeanwhile, Linux KDE desktops can be pwned by evil archives.The Register Shared .
Rely on your strengths in the areas of the unknown.Director of Security Engineering at Marketa and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability.The CyberWire Shared .
Best VPN for China: Only These 4 Work WellMany VPNs that claim to work in China are actually getting blocked. After testing all the popular providers, I only recommend these 4 VPNs for China.Restore Privacy Shared .
Best VPN for Netflix: Only These 5 Work WellAs an overseas Netflix user, I've tested numerous VPN services to find the best VPN for Netflix that always works with excellent streaming quality.Restore Privacy Shared .
ExpressVPN vs NordVPN: ONE Clear WinnerNordVPN and ExpressVPN are both large, popular VPN services. In this ExpressVPN vs NordVPN comparison there is a clear winner for 2020.Restore Privacy Shared .
181-B-Four More Minutes Please…Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at to ALL episodes at.The Complete Privacy & Security Podcast Shared .
Detecting Twitter bots in real time.NortonLifeLock Research Group released a prototype browser extension called BotSight that leverages machine learning to detect Twitter bots in real-time.The CyberWire Shared .
Twitter hack three suspects charged in the USThree people have been fingered for the recent Twitter hack in which 45 high-profle accounts were taken over.Naked Security Shared .
Namecheap VPN ReviewNamecheap VPN is an affordable VPN service with apps for most devices. Unfortunately, we uncovered some problems in this Namecheap VPN review.Restore Privacy Shared .
Intercept LAN Traffic with a Packet SquirrelA hacker and pentester has many tools in their arsenal. When a hack sometimes requires physical access to a device, one such tool that is particularly handy is the Hak5 Packet Squirrel.Null Byte Shared .
Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutorsAlleged 17-year-old mastermind among trio charged over account mass hijackings.The Register Shared .
4 including a juvenile charged over July 15th Twitter hackThe Twitter hack allowed hackers to rake in over £80,000/$100,000. Here's who has been arrested and from where.HackRead Shared .
Three Charged in July 15 Twitter CompromiseThree individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam.Â.Krebs on Security Shared .
Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demandUS travel company CWT has reportedly coughed up $4.5m to ransomware crooks who stole data and scrambled files.Naked Security Shared .
4 Unpatched Bugs Plague Grandstream ATAs for VoIP UsersThe flaws have been confirmed by Grandstream, but no firmware update has yet been issued.Threatpost Shared .
17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack ArrestedThe Hacker News Shared .
Authorities Arrest Alleged 17-Year-Old 'Mastermind' Behind Twitter HackThree have been charged in alleged connection with the recent high-profile Twitter hack - including a 17-year-old teen from Florida who is the reported "mastermind" behind the attack.Threatpost Shared .
GRU Fancy Bear, Garmin Ransomware, and Doki Docker Backdoor AttacksThis week, 'Boothole' vulnerability basically affects everything, Garmin Pays Ransomware but the implications are scary, Doki, Fancy Bear, GRU, Fancy Bear is hitting lots of US targets in an escalating campaign ,and someone who does like Assange doesn't like Idaho very much!Paul's Security Weekly Shared .
TikTok: Trump reportedly to order parent company to sell Chinese-owned appMicrosoft is reported to be looking into buying the TikTok's US operations as the app's data privacy practices have come under fire.Guardian Privacy Shared .
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. AnA quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns.The CyberWire Shared .
Hackers used phone phishing on Twitter employee to access internal toolsOne of the Twitter employees was tricked into a phone phishing attack allowing hackers to access the company's internal support tool.HackRead Shared .
CWT Travel Agency Faces $4.5M Ransom in Cyberattack, ReportIn a media statement to Threatpost, CWT confirmed the cyberattack, which it said took place this past weekend: "We can confirm that after temporarily shutting down our systems as a precautionary measure, our systems are back online and the incident has now ceased."Threatpost Shared .
Anti-NATO Disinformation Campaign Leveraged CMS CompromisesResearchers uncovered a disinformation campaign aiming to discredit NATO via fake news content on compromised news websites.Threatpost Shared .
How to Live Stream Arsenal vs Chelsea OnlineWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
EU sanctions hackers from China, Russia, North Korea who're wanted by the FBIEuropean Union imposes sanctions on China, Russia, and North Korean hackers who are wanted by the FBI for various cyber-attacks.The Hacker News Shared .
181-Four Updates in Ten MinutesSupport for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at to ALL episodes at.The Complete Privacy & Security Podcast Shared .
Twitter: Epic Account Hack Caused by Mobile Spearphishing ScamHackers "mislead certain employees" to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.Threatpost Shared .
First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty.The Register Shared .
Pwn20wn hackathon to be held online in November 2020Similar to their spring event, the Pwn2Own hackathon is happening virtually in November 2020.Â The Zero Day initiative with their expert team of researchers has decided to go live from their Toronto office, unlike previous years wherein, the event used to be held at the PacSec Applied Security Conference in Tokyo, Japan.HackRead Shared .
7 Best VPNs for Finland in 2020 for Speed, Streaming and PrivacyWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to tell if your phone or computer has been hackedWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machinesInflammatory findings from deadly serious investigation.The Register Shared .
In the market for a second-hand phone? Check it's still supported by the vendorThat means no security updates, which puts users at risk of compromise.The Register Shared .
EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crewsRussian, Chinese, Nork groups named in bank asset freeze.The Register Shared .
Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking holeStory behind a hasty teardown, fixing of a brute-force vulnerability.The Register Shared .
Twitter says spear-phishing attack hooked its staff and led to celebrity account hijackAttack came in waves that probed for staff with access to the creds crims craved.The Register Shared .
ABC drawn into row over naming Brisbane women accused of Covid-19 quarantine deceptionAunty comes under fire from within own ranks for following Courier-Mail's lead. Plus, Ben English defends tabloid attacks on Dan Andrews.Guardian Privacy Shared .
Best Data Science Tools in 2020In Data Science, researchers use different scientific methods, algorithms, and tools to extract useful information from structural and unstructured data.HackRead Shared .
Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is rightWarnings either not new or need more study, reckons open-source dev team.The Register Shared .
Zoom Flaw Could Have Allowed Hackers To Crack Meeting PasscodesZoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.Threatpost Shared .
Zoom web client flaw could've let hackers crack meetings passcodeThe vulnerability, if exploited, would have affected millions of Zoom users worldwide - There are more than 13 million Zoom users worldwide.HackRead Shared .
OpinionCongress was once filled with "Atari Democrats." This week's hearings showed their transformation into trust busters.New York Times Privacy Shared .
A quick look at Big Tech's antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage aYesterday's antitrust hearings in the US House of Representatives focus on Big Tech's big data as something open to use in restraint of trade.The CyberWire Shared .
Flaws in OkCupid app could have exposed millions of user data to hackersOkCupid app known as a popular dating platform has over 50 million registered users. Here's the video demonstration.HackRead Shared .
Doki Backdoor Infiltrates Docker Servers in the CloudThe malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.Threatpost Shared .
Servers at risk from BootHole bug what you need to knowWe explain the "BootHole" vulnerablity - as usual, in plain English and without hype. Find if you're affected, and what to do.Naked Security Shared .
Is Your Chip Card Secure? Much Depends on Where You BankChip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe.Krebs on Security Shared .
How to get a Finland IP Address from anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Best VPNs for Serbia in 2020: Top for privacy, speed and streamingWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to watch Romanian TV online from anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Critical, High-Severity Cisco Flaws Fixed in Data Center Network ManagerThe flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.Threatpost Shared .
Vermont Taxpayers Warned of Data Leak Over the Past Three YearsA vulnerability in the state's system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online.Threatpost Shared .
An Intern's Perspective: Why Do I Need Ghostery MidnightA refreshing perspective from a Ghostery Intern on why internet users need Ghostery Midnight as a privacy tool and how it works.Ghostery Blog Shared .
NmapIn this video, I demonstrate how to optimize, speed up, and slow down your Nmap scans based on the type of network environment or target you are dealing with.HackerSploit Shared .
If you own one of these 45 Netgear devices, replace it: Firm won't patch vulnerable gear despite live proof-of-concept codeThat's one way of speeding up the tech refresh cycle.The Register Shared .
Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in MinutesA new vulnerability in Zoom video conferencing software could have let attackers re-enable 'Zoom-Bombing' attacks by cracking Zoom meeting passwords in minutes.The Hacker News Shared .
Argentina health officials expose personal data on 115,000 COVID-19 quarantine exemption applicantsHealth officials in Argentina exposed a database on the web containing personal information from people who applied for COVID-19 circulation permits, which exempt recipients from quarantine restrictions.Comparitech Shared .
DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratchNo data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer.The Register Shared .
Rainbow HandsThis week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen...Paul's Security Weekly Shared .
Critical Magento Flaws Allow Code ExecutionAdobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.Threatpost Shared .
YOU… SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, appsBecause no one likes to install spoof system files.The Register Shared .
9,517 unsecured databases identified with 10 billion records globallyA research conducted by NordVPN's NordPass password manager reveals more than nine thousand unsecured databases across 20 countries can be attacked effortlessly.HackRead Shared .
Billions of Devices Impacted by Secure Boot BypassThe "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks.Threatpost Shared .
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows SystemsThe Hacker News Shared .
Here's Why Credit Card Fraud is Still a ThingMost of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud.Krebs on Security Shared .
Alleged Russian disinformation campaigns. Beijing's cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech's day with CongAlleged Russian influence operations described by US intelligence services. "Ghostwriter" targets the Baltic region with anti-NATO false narratives.The CyberWire Shared .
Critical Bugs in Utilities VPNs Could Cause Physical DamageGear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.Threatpost Shared .
GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a systemWe're gonna keeping punning this until someone pays us $5m.The Register Shared .
Critical Security Flaw in WordPress Plugin Allows RCEWordPress plugin Comments - wpDiscuz, which is installed on over 70,000 sites, has issued a patch.Threatpost Shared .
US tax service says, "2FA is a must! "We know it's an old drum, but we're not tired of beating it yet: 2FA is your friend.Naked Security Shared .
Digital advertising market study: the good, the bad and the uglyThe Competition and Markets Authority recently released their market study on online platforms and digital advertising.Open Rights Group Shared .
Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!The Hacker News Shared .
Chinese ambassador to UK threatens to withdraw Huawei, £3bn investment if comms giant banned from building 5GSurprise pledge catches company on the hop: 'We have announced no change to our strategy'The Register Shared .
Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security SystemsAlgorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.Threatpost Shared .
Crypto wallet Ledger data breach; hackers steal 1m emails and other dataLedger has acknowledged that hackers also gained access to 9500 Phone numbers among other data.HackRead Shared .
Industrial VPN Flaws Could Let Attackers Target Critical InfrastructuresThe Hacker News Shared .
OkCupid Dating App Flaws Could've Let Hackers Read Your Private MessagesNew vulnerabilities in OkCupid, popular online dating platform, could have let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts.The Hacker News Shared .
OkCupid Security Flaw Threatens Intimate Dater DetailsAttackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.Threatpost Shared .
No wonder Brit universities report hacks so often: Half of staff have had zero infosec training, apparentlyPlus: Don't worry, students. The attackers told us they destroyed your data.The Register Shared .
Japan starts work on global quantum crypto networkToshiba leads effort that aspires to run 100 quantum cryptographic devices for 10,000 users by 2024.The Register Shared .
City Praises Contact-Tracing Program. Workers Call Rollout a ‘Disaster.'The contact tracers said the program was confusing and disorganized in its first six weeks, leaving them fearful that their work would not have an impact on the virus.New York Times Privacy Shared .
Lazarus Group Brings APT Tactics to RansomwareA new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.Threatpost Shared .
Get Off My Discord Server!This week, John Snyder will lead the discussion about the legal implications of Security and Compliance!Paul's Security Weekly Shared .
How to get a Portugal IP address from anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to get a Luxembourg IP address from abroadWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hCloudflare says that reported Ukrainian breaches aren't its issue. Trend Micro describes a new and unusually capable strain of malware.The CyberWire Shared .
We're suing Google for harvesting our personal info even though we opted out of Chrome syncBrowser quitters say they'll return if web goliath lives up to privacy promises.The Register Shared .
ShinyHunters, QSnatch Malware, and DEF CON Safe ModeThis week, QSnatch, dave.com, ShinyHunters, a quantum internet, government tyranny, and DEFCON! Jason Wood returns with Expert Commentary on A Cyberattack on Garmin Disrupted More Than Workouts!Paul's Security Weekly Shared .
Cosmetic giant Natura leaks data again; this time 19 million Avon recordsAvon Products, Inc. is owned Brazil's Natura and Co. which itself leaked over 192 million records in May 2020.HackRead Shared .
MPs may have been misled over BAME voter ID claimsElectoral Commission says data that proves voter ID doesn't discriminate against BAME people doesn't exist.Guardian Privacy Shared .
A Seat at the TableThis week, we welcome Drew Cohen, President and CEO at MasterPeace Solutions Ltd., to discuss Cybersecurity Challenges in a Teleworking World!Paul's Security Weekly Shared .
DJI's Android App: Ripe for a Hack or Legitimate Usage?Or is it nothing to worry about?, Twitter shares more info about the hack, and Garmin is hit with ransomware!Hak5 Shared .
Firefox 79 is out its a double-update month so patch now!It's a Blue Moon month for Firefox - the second full update in July!Naked Security Shared .
Hacker disrupts Emotet botnet operation by replacing payload with GIFsEmotet is one of the most commonly used botnets nowadays, which is distributed via wireless networks and can load different types of malware.HackRead Shared .
Practical Privacy: Basic Principles and Default SettingsThere are practical privacy standards that can and should be used as a foundation upon which we build our digital world - privacy by design.Ghostery Blog Shared .
Researchers Warn of High-Severity Dell PowerEdge Server FlawA path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.Threatpost Shared .
MI6 tried to intervene in independent court by stopping judge seeing legal papersIt must have been love, but it's over now: Rockset tries to break up storage and compute, meet transactional, data-warehouse systems in middle.The Register Shared .
Find out this week: How to build a cyber threat intelligence program while cutting through the noiseTune in online to get a handle on separating good data from clutter.The Register Shared .
QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS DevicesQSnatch data-stealing malware has compromised 62,000 devices since reports emerged last October.The Hacker News Shared .
Tune in this week to learn all about an identity-centric approach to zero-trust securityIt's time to think beyond simple perimeter defenses.The Register Shared .
Business ID Theft Soars Amid COVID ClosuresIdentity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned.Krebs on Security Shared .
Create Brute-Force Wordlists from Leaked Password DatabasesBrute-force attacks are a common way that hackers crack passwords. However, it also tends to be slow and inefficient.Null Byte Shared .
It Makes No SenseThis week, we welcome John Matherly, Founder of Shodan, to talk about Fixing Vulnerabilities Effectively and Efficiently!Paul's Security Weekly Shared .
Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infectionsIf you're still using a vulnerable box, you ought to factory reset it before patching.The Register Shared .
Microsoft Revamps Windows Insider Preview Bug Bounty ProgramResearchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.Threatpost Shared .
Source code of over 50 high profile organizations leaked onlineSource code leak took place due to a misconfiguration error. Here's what happened and which companies were involved.HackRead Shared .
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.A vigilante appears to be interfering with Emotet's payloads. A fintech breach is blamed on a third-party service provider.The CyberWire Shared .
Attackers Exploiting High-Severity Network Security Flaw, Cisco WarnsAttackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.Threatpost Shared .
Cloudflare suffered data leak; exposing 3 million IP addresses: UkraineThe National Security and Defense Council of Ukraine claims the data leak has exposed millions of top websites to cyber attacks.HackRead Shared .
Encryption Under 'Full-Frontal Nuclear Assault' By U.S. BillsThe U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.Threatpost Shared .
7 Best VPNs for Luxembourg in 2020: Top for Speed and PrivacyWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's whySAP takes a punch to its software licensing revenue but Ellison's promise of customer exodus to Oracle seemingly fails to materialise.The Register Shared .