Cyber Security

All the latest Cyber Security and Privacy News

spinner

Telegram Review: NOT as Safe and Secure as You ThinkIn this Telegram we review, we tested out the secure messaging app on Android and desktop to see how it compares to others.

Restore Privacy Shared .

DNSpooq Flaws Allow DNS Hijacking of Millions of DevicesSeven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution.

Threatpost Shared .

EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arDNS cache poisoning vulnerabilities are described. FBI renews warnings about vishing. Iran's "Enemies of the People" disinformation campaign.

The CyberWire Shared .

FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusionIn an update and white paper released on Tuesday, FireEye warned that the hackers - which intelligence services and computer security outfits have concluded were state-sponsored Russians - had specifically targeted two groups of people: those with access to high-level information, and sysadmins.

The Register Shared .

Rob Joyce to Take Over as NSA Cybersecurity DirectorJoyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration.

Threatpost Shared .

Hackers compromised IObit forum to spread DeroHE ransomwareOver the weekend, Windows utility developer IObit was hacked to facilitate a widespread attack for distributing the DeroHE ransomware to IObit forum members.

HackRead Shared .

New Charges Derail COVID Release for Hacker Who Aided ISISA hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft.

Krebs on Security Shared .

Big Government, FBI, Mimecast, Ubquiti, Cisco, and the German PoliceWelcome to the Security Weekly News Wrap up for the the Week of 10 - Jan 2021.

Paul's Security Weekly Shared .

How to Make Data Privacy RealWe need control over how our data is used. Thanks to California, there's a promising new path.

New York Times Privacy Shared .
Advertisement Google Ad Network

Meghan's letter 'signalled end of our relationship', Thomas Markle tells courtA private letter written by the Duchess of Sussex to her father "actually signalled the end of our relationship, not a reconciliation", Thomas Markle has told the high court as he accused his daughter of showing "no concern" for his health as she allegedly "shut out".

Guardian Privacy Shared .

Ring Adds E2EE, Ubiquiti Suffers a Data BreachRing Adds E2E Encryption, Ubiquiti Suffers A Data Breach, and the EMA Leak Shows Up On the Dark Web!

Hak5 Shared .

SolarWinds Malware Arsenal Widens with RaindropThe post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.

Threatpost Shared .

Best Computer Forensics Degrees Online in 2021We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

X-rated social media app Fleek exposed explicit photos of usersFleek shut down its operation in 2019 but did not secure its server or remove users' data.

HackRead Shared .

Linux Devices Under Attack by New FreakOut MalwareThe FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.

Threatpost Shared .

Ghostery Browser Update: A New DawnHey there, beta testers! We have a brief but important update this week!   We were getting a little bored of the names “Ghostery Browser” and “Ghostery Search” so, in this week’s included a rebranding to these products’ new names.   For the browser, say hello to Ghostery Dawn!

Ghostery Blog Shared .

Attackers Steal E-Mails, Info from OpenWrt ForumUsers of the Linux-based open-source firmware—which include developers from commercial router companies-may be targeted by phishing campaigns, administrators warn.

Threatpost Shared .

Labour Party urges UK data watchdog to update its Code of Employment Practices to tackle workplace snoopingKey doc hasn't been updated since 2018, warn politicos and trade union.

The Register Shared .

Internet Hygiene FAQsBy now, almost a year into COVID-19 life, we all know to take at least 20 seconds when washing our hands.

Ghostery Blog Shared .

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

The Hacker News Shared .

How to Watch NovaTV Online from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Top learning management system software for small businessesA learning management system is broadly a cloud-based platform that makes it easier for managers to create and execute a training session.

HackRead Shared .

New Educational Video Series for CISOs with Small Security Teams

The Hacker News Shared .

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

The Hacker News Shared .

Online scams: How to give scammers a taste of their own medicineInternet users are much more aware of these scams these days, but they do still happen.

HackRead Shared .

Is It OK That My Sister Secretly Records Our Dad for Laughs?The magazine's Ethicist columnist on whether to tell your father your sister is recording him without his knowledge — and more.

New York Times Privacy Shared .
Advertisement Google Ad Network

AnyVan confirms digital break-in, says customer names, emails and hashed passwords exposedAs well as being "very sorry for the inconvenience," the company advised customers who used a password to access their account from April last year to update it immediately and in line with good hygiene to "regularly change your password to accounts that hold your personal data."

The Register Shared .

Livecoin crypto exchange shuts down after losing domain to hackersThe decision comes after Livecoin claims its servers were hacked and taken over by attackers in December 2020.

HackRead Shared .

Top Tips to Upscale Your Netflix Security InstantlyAs of the third quarter of 2020, Netflix had 195.15 million paid subscribers worldwide and that makes it a lucrative target for cybercriminals.

HackRead Shared .

Joker's Stash Carding Market to Call it QuitsJoker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021.

Krebs on Security Shared .

Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data"On Christmas Eve, the Scottish Environmental Protection Agency confirmed that it was responding to a significant cyber-attack affecting its contact centre, internal systems, processes and internal communications," it revealed.

The Register Shared .

Kids breach and bypass Linux Mint screensaver lockAccording to their father, the kids were able to bypass the Linux Mint screensaver lock not once but twice.

HackRead Shared .

Transferring data between smartphones seamlesslyApple is strict on privacy which is a positive thing to do but what if you would like to transfer or backup WhatsApp data from an iPhone to a PC?

HackRead Shared .

Bye bye, said Trump admin to Huawei: You give a cheque-ie to our techies, but there's no licence to plyAnd them good ol' boys revokin' sanction to buy, singin', 'Soon will come the day that we fly'

The Register Shared .

Even Bigger DIY Solar Battery Banks and Power Systems! w/GlytchBluetti AC200: Solar Charge Controller: Battery Meter: Block: Batteries: Twitter: Instagram: Website: Youtube: an Amazon Associate, Glytch earns from qualifying purchases through the links above at no extra cost to in 2005, Hak5's mission is to advance the InfoSec industry.

Hak5 Shared .

Medical Device Security: Diagnosis CriticalMedical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.

Threatpost Shared .

Infamous cybercrime, carding market Joker's Stash is shutting downThe world's largest digital carding marketplace Joker's Stash to shut down its operations from February 15, 2021.

HackRead Shared .

How to Manually Configure a VPN on Windows 10We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

35+ COVID-19 Cybersecurity Statistics: Have threats increased?We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Naked Security Live  Staying safe online at homeEven if you don't have school-age children, or aren't living in a region where schools are currently closed, the video contains a wide range of advice that will help you stay secure at home anyway.

Naked Security Shared .

Hallowed Bugtraq infosec list killed then resurrected over the weekend: We heard your feedback, says AccenturePlus: Watch out for NTFS-corrupting folder, Mimecast hack, and more.

The Register Shared .

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

The Hacker News Shared .

Encore: You will pay for that one way or another.Dave's got the story of a landlord who may run afoul of the Computer Fraud and Abuse Act, Ben wonders if the big tech CEOs could be held liable for contact tracking apps, and later in the show my conversation with Joseph Cox.

The CyberWire Shared .

7 Best VPNs for Lebanon: Top for Privacy, Streaming and SpeedWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Ann Johnson: Trying to make the world safer.Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive.

The CyberWire Shared .

UK Police mistakenly deleted 150,000 arrest records in software glitchReportedly, a software glitch wiped DNA and fingerprint data from the police computer. Here's what else was deleted.

HackRead Shared .

WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months

The Hacker News Shared .

8 Best SmokePing Alternatives for 2021We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

10 Best Splunk Alternatives for 2021We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

End User Experence MonitoringWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

AI and ML in Network Management: How are they integrating in Networks?We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Manufacturing sector is increasingly a target for adversaries.Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive - and potentially destructive - impacts.

The CyberWire Shared .

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' ResolversThe U.S. National Security Agency.

The Hacker News Shared .

Cloud Service Management Guide: IS CSM right for you?We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Real User Monitoring Guide: Everything you need to know about RUMWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Joker's Stash, The Largest Carding Marketplace, Announces ShutdownJoker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations.

The Hacker News Shared .

Active Directory Security GroupsWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Active Directory Service Account: Step-by-Step Set Up Guide and ToolsWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Ultimate SIEM Guide: What is it? How it works? Next-Gen and SIEM ToolsComputers, network and security devices, and the applications that run on them generate records called logs that consist of a series of messages in time-sequence that describe activities going on within the system or network.

Comparitech Shared .

Synthetic Monitoring Vs Real User Monitoring: Comparison, Pros and ConsWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Hacker's Guide to Buying an ESP32 Camera ModuleThe ESP32 is a cheap, powerful microcontroller capable of acting as a Wi-Fi camera module when paired with a camera.

Null Byte Shared .

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in ShowExpert panel awards dubious honors to 2021 Consumer Electronics Show's biggest flops, including security and privacy failures.

Threatpost Shared .

There Was Definitely Harm DoneThis week, we welcome Ryan Noon, Co-Founder and CEO from Material Security, joins us first, to discuss Beyond Phishing Blockers: risks to email, phishing, and beyond!

Paul's Security Weekly Shared .

Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'Starting Feb. 9, Microsoft will enable Domain Controller "enforcement mode" by default to address CVE-2020-1472.

Threatpost Shared .

Charming Kitten's smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patchesRobert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence.

The CyberWire Shared .

Response to the Lords Communications Committee enquiry into freedom of expression onlineOpen Rights Group are a digital rights campaigning organisation. We seek to help build a society where rights to privacy and freedom of speech online are respected, protected and fulfilled.

Open Rights Group Shared .

WhatsApp Delays Privacy Changes Amid User ExodusThe company faced a backlash from users who worried the changes made the messaging service less secure.

New York Times Privacy Shared .

Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, thoughInstall base explodes following WhatsApp 'privacy' update, Musk endorsement.

The Register Shared .

Vaccine passports: what are they and do they pose a danger to privacy?Race to build app for people to demonstrate Covid jab or a negative test, but rights groups worry about ‘identity checks'

Guardian Privacy Shared .

Facebook sues developer of data scraping extensions for ChromeThe developer is a Portuguese company that Facebook claims developed malicious Chrome extensions allowing data scraping.

HackRead Shared .

Apple Kills MacOS Feature Allowing Apps to Bypass FirewallsSecurity researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.

Threatpost Shared .

Google Boots 164 Apps from Play Marketplace for Shady Ad PracticesThe tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.

Threatpost Shared .

202-Parler: Privacy, Security, and OSINTThis week I offer no politics and no buzzwords, but only factual discoveries about the Parler incident which could be of interest to listeners on both the Privacy and OSINT sides, plus the latest updates and a new OSINT tip.

The Complete Privacy & Security Podcast Shared .

What is VPN Tunneling? A complete guide to VPN TunnelingWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

What is CSV Injection? CSV Injection attacks explainedWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

25+ Cyber Security Vulnerability Statistics and Facts of 2021We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

The Hacker News Shared .

Shut You DownThis week, in the Enterprise Security News, Beyond Security partners with Vicarius, Amazon's Parler removal and what it means for cloud confidence, Kount sold to Equifax, McAfee vs Crowdstrike, Jumpcloud raises some funds, Red Hat Acquires StackRox, and SolarWinds warnings of weak security and more.

Paul's Security Weekly Shared .

Facebook: Malicious Chrome Extension Developers Scraped Profile DataFacebook has filed legal action against two Chrome extension developers that the company said was scraping user profile data - including names and profile IDs - as well as other browser-related information.

Threatpost Shared .

Europol announces bust of "world's biggest" dark web marketplaceUsing a special anonymising protocol, Tor arranges for the "other end" of your anonymised connection into Tor to be paired up with the "other end" of the relevant onion site's connection into Tor, after which you can talk to each other.

Naked Security Shared .

SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA's advice for cloud security. Classiscam in the market. SolarLeakThere are other things going on besides Solorigate and deplatforming. There's news about the SideWinder threat actor and its interest in South Asian cyberespionage targets.

The CyberWire Shared .

Signal Messenger Review: Secure Messaging with DrawbacksSignal is a secure messenger that is widely touted as one of the best options.

Restore Privacy Shared .

Warning as hackers breach MFA to target cloud servicesAccording to CISA, it has verified one of the users had their account breached even though they were using proper multi-factor authentication.

HackRead Shared .

Wire Secure Messenger Review 2021Wire messenger is a secure messaging service that is open source and audited. But this Wire review uncovered some problem areas.

Restore Privacy Shared .

Florida Ethics Officer Charged with CyberstalkingJudge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.

Threatpost Shared .

Coming in at number 5, it's a blast from the past! Tenable's 2020 security flaw chart show features hits of yesteryearWhile Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there.

The Register Shared .

Telegram Bots at Heart of Classiscam Scam-as-a-ServiceThe scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate cybergangs - which altogether made at least $6.5 million using the service in 2020.

Threatpost Shared .

Cyber criminals leak Pfizer, BioNTech COVID-19 vaccine dataThe leaked vaccine data is now circulating on hacker forums including Russian-speaking ones. Here's what was leaked and some exclusive screenshots.

HackRead Shared .

Cloud Attacks Are Bypassing MFA, Feds WarnCISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.

Threatpost Shared .

How to become a Penetration Tester: Pen Tester Career GuideWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

S3 Ep15: Titan keys, Mimecast certs and SolarwindsWe explain how two French researchers hacked the Google Titan security key product , and dig into the Mimecast certificate compromise story to see what we can all learn from it.

Naked Security Shared .

Best Cyber Security Master's Degrees Online in 2021We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Ministry of Defence's cyber warfare drive is helping burn a hole through its budget, warns UK's National Audit OfficeDefence officials managed, said the NAO, to spend "£2.1bn of additional costs in Strategic Command's equipment programme, reflecting £1.1bn of new investments to fill capability gaps." On top of that, the MoD's desire to "strengthen cyber capabilities" combined with plans to enhance "global connectivity" resulted in "£1.1bn of cost growth".

The Register Shared .

Ring Adds End-to-End Encryption to Quell Security UproarThe optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.

Threatpost Shared .

How to watch Discovery Plus Online from AnywhereWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Experts Uncover Malware Attacks Against Colombian Government and Companies

The Hacker News Shared .

Is a remote workforce making your organisation less secure?Now many companies are wondering: will we ever need those big glass buildings again? Research shows more than half of companies are going to cut back on office space in 2021, and that means work-from-home is becoming a permanent feature of professional life.

The Register Shared .

Millions Flock to Telegram and Signal as Fears Grow Over Big TechThe encrypted messaging services have become the world's hottest apps over the last week, driven by growing anxiety over the power of the biggest tech companies and privacy concerns.

New York Times Privacy Shared .

Massive ProblemsThis week, we welcome Jim McKee, Founder and CEO at Red Sky Alliance for an interview!

Paul's Security Weekly Shared .

TikTok Takes Teen Accounts PrivateThe company announced accounts for ages 13-15 will default to privacy setting, among other safety measures.

Threatpost Shared .

Google reveals high-profile attack targeting Android, Windows usersAccording to Google's Project Zero team, threat actors exploited 0-day vulnerabilities to successfully carry on their attack.

HackRead Shared .

Looking for that threat actor "likely based in Russia." SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor.

The CyberWire Shared .

High-Severity Cisco Flaw Found in CMX Software For RetailersCisco fixed high-severity flaws tied to 67 CVEs overall, including ones found in its AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.

Threatpost Shared .

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site TakeoverTwo security vulnerabilities - one a problem and the other a stored XSS bug - afflict a WordPress plugin with 40,000 installs.

Threatpost Shared .

Flo settles F.T.C. charges of misleading users on privacy.Federal regulators said the app shared sensitive health details on millions of users for years with numerous third parties — including Facebook's and Google's analytics units.

New York Times Privacy Shared .

Venomous Bear, Parler, Section 230, SolarWinds, UFOs, and Jason WoodHappy New Year! This week, Dr. Doug talks Parler, Section 230, Venomous Bear, Solarwinds continued, Carl Busch, Chris Krebs, Alex Stamos, Parler, all that and the Expert Commentary with Jason Wood!

Paul's Security Weekly Shared .

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine DataOn the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.

Threatpost Shared .

The Truth About Your WhatsApp DataWhy there was a backlash this week to WhatsApp, and what, if anything, has changed.

New York Times Privacy Shared .

Sophisticated Hacks Against Android, Windows Reveal Zero-Day TroveWatering-hole attacks executed by ‘experts' exploited Chrome, Windows and Android flaws and were carried out on two servers.

Threatpost Shared .

Owner forgets password to digital wallet with $240m of Bitcoin insideAccording to Chainalysis, 20% of all existing 18.5 million Bitcoin, which is roughly $140 billion, are currently locked in wallets.

HackRead Shared .

Home schooling a€“ how to stay secureWhether you’re new to home schooling, going back to it after a break, or an old hand, it’s worth taking a moment to ensure you’re doing it securely.

Naked Security Shared .

Speech offences: what's illegal offline should be illegal onlineOpen Rights Group has worked with David Allen Green of Preiskel and Co., who litigated the "Twitter joke trial" case on section 127 of the Communications Act 2003, to respond to the Law Commission's review on the reform of the online communications offences.

Open Rights Group Shared .

Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips

The Hacker News Shared .

Basic HygieneThis week, we welcome Patrick Orzechowski, VP of R&D at deepwatch, to help us learn why deepwatch chose Splunk as it's one and only SIEM solution to deliver its Managed Detection and Response services to Fortune 2000 customers.

Paul's Security Weekly Shared .

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

The Hacker News Shared .

World's largest dark-web marketplace shuttered after Euro cybercops cuff AussieEuropol said the investigation had been led by a specialist cybercrime unit based in Koblenz, in the west of the country, with the cops in Oldenburg - in the north-west of Germany - carrying out the arrest, even though the city is some distance from the Danish border.

The Register Shared .

Authorities Take Down World's Largest Illegal Dark Web Marketplace

The Hacker News Shared .

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

The Hacker News Shared .

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

The Hacker News Shared .

SN 801: Out With The OldSteve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Security Now Shared .

Microsoft Patch Tuesday, January 2021 EditionMicrosoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today.

Krebs on Security Shared .

Malware vendor returns with yet another nasty Android malwareTriangulum, a previously known threat actor is back with new Android malware which is now being sold on dark web hacking forums.

HackRead Shared .

Breaking JohnThis week, we welcome Andrei Serban, Co-Founder at Fuzzbuzz, to discuss Fuzz Testing! Fuzzing can be successful AppSec strategy for finding software bugs.

Paul's Security Weekly Shared .

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 FixesThe first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.

Threatpost Shared .

Microsoft emits 83 security fixes in first Patch Tuesday of 2021Redmond keeps us hanging with on-premises Exchange flaw still to be fixed.

The Register Shared .

Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset A cyberespionage campaign, so far not attributed to any threat actor, continues to prospect government and industry targets in Colombia.

The CyberWire Shared .

SolarWinds: What Hit Us Could Hit OthersNew research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers.

Krebs on Security Shared .

5 Best Alternatives to WhatsApp in 2021In this guide we examine the 5 best alternatives to WhatsApp that value the privacy and security of their users.

Restore Privacy Shared .

SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was thereCrowdstrike tech analysts explain how they think it slipped under the radar.

The Register Shared .

Data Breach at 'Resident Evil' Gaming Company WidensCapcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Threatpost Shared .

Mimecast Certificate Hacked in Microsoft Email Supply-Chain AttackA sophisticated threat actor has hijacked email security connections to spy on targets.

Threatpost Shared .

BumbleBee Opens Exchange Servers in xHunt Spy CampaignThe BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.

Threatpost Shared .

Pakistani Android users hit by spyware campaign with malicious appsThe spyware campaign is sophisticated considering the use of fake yet convincing apps and domains.

HackRead Shared .

Adobe Fixes 7 Critical Flaws, Blocks Flash Player ContentAdobe issued patches for seven critical flaws plaguing Windows and MacOS users.

Threatpost Shared .

Best VPNs for PS5 in 2021: How to setup a VPN on PlayStation5We are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Europol Reveals Dismantling of 'Largest' Underground MarketplaceEuropol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.

Threatpost Shared .

Ethical Hackers Breach U.N., Access 100,000 Private RecordsResearchers informed organization of a flaw that exposed GitHub credentials through the organization's vulnerability disclosure program.

Threatpost Shared .

Chinese firm leaked 200m Facebook, Instagram, LinkedIn users' dataThe 400GB worth of data was exposed due to a misconfigured Elasticsearch database. Here's what was leaked and who owned the database.

HackRead Shared .

What Makes Up Your Digital Self?The definition of your digital self is constantly evolving. Nonstop connectedness has real-world consequences to our digital identity as we use more apps, pay more bills online, order meals and groceries online, share personal details on social media, reuse old passwords, post stories about our daily activities, and so on.

Ghostery Blog Shared .

Warning — 5 New Trojanized Android Apps Spying On Users In PakistanCybersecurity researchers took the wraps off 5 new trojanized Android apps spying on Pakistani users.

The Hacker News Shared .

How to get an IP Address for the BahamasWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Microsoft's beefed-up take on Linux server security has hit general availabilityEndpoint Detection and Response added. For servers, not standalone Linux desktops, mind.

The Register Shared .

Experts Sound Alarm On New Android Malware Sold On Hacking ForumsCybersecurity Experts Document An Indian Android Malware Author Operating from Darknet Forums.

The Hacker News Shared .

California legislation targets police use of license plate readersCalifornia state senator Scott Wiener on Tuesday will introduce the License Plate Privacy act, which would require regular audits of police department's use of such technology, ban the retention of data that is not relevant to police's needs and restrict the sharing of any retained data.

Guardian Privacy Shared .

Post-Backlash, WhatsApp Spells Out Privacy Policy UpdatesWhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves.

Threatpost Shared .

Open Rights Group: Response to the Law Commission Reform of the Communications OffencesJoint submission of the Open Rights Group and Preiskel and Co LLP Harmful Online CommunicationsJoint submission of the Open Rights Group and Preiskel and Co LLP This is a short joint submission to the Law Commission’s Harmful Online Offences consultation.

Open Rights Group Shared .

In case you hadn't heard, SolarWinds was hacked by Moscow, says Kaspersky LabBrave move for Russian firm to finger its own govt over cyber badness.

The Register Shared .

How I found a bug in YouTube that let me watch private videos I wasn't allowed to, says compsci studentOn Monday, Schütz published his account of how he found the bug, which resided in a system called Moments that was intended to allow advertisers to mark a specific frame in the video, such as the appearance of a brand-relevant image.

The Register Shared .

Privacy ToolsUpdated for 2021, here are the top privacy and security tools you should be using to keep your data safe and secure.

Restore Privacy Shared .

Ubiquiti iniquity: Wi-Fi box slinger warns hackers may have peeked at customers' personal informationSalted password hashes, addresses, phone numbers may have been exposed in cloud security snafu.

The Register Shared .

That's it. It's over. It's really over. From today, Adobe Flash Player no longer works. We're free. We can just leavePost-Flashpocalypse, we stumble outside, hoping no one ever creates software as insecure as that ever again.

The Register Shared .

The Floppy TangentThis week, Clayton Fields and Michael Assraf from Vicarius join us to discuss The Good, The Bad and The Ugly sides of Automated Vulnerability Remediation!

Paul's Security Weekly Shared .

Aliens and UFOs: A Final Frontier for Social EngineersThe release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.

Threatpost Shared .

Millions of Social Profiles Leaked by Chinese Data-ScrapersA cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.

Threatpost Shared .

Ubiquiti: Change Your Password, Enable 2FAUbiquiti, a major vendor of cloud-enabled Internet of Things devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication.

Krebs on Security Shared .

More evidence for attribution of Solorigate. CISA expands incident response advice. Inspiration, investigation, and deplatforming: notes from the CapiCourts revert to paper... and USB drives. More members of the US Congress report devices stolen during last week's riot.

The CyberWire Shared .

Researcher Builds Parler Archive Amid Amazon SuspensionA researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.

Threatpost Shared .

Security researchers download, leak 70TB of sensitive Parler dataParler has been booted off by Amazon from its AWS cloud platform while Apple and Google have already suspended its apps from their respective app stores.

HackRead Shared .

SolarWinds Hack Potentially Linked to Turla APTResearchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.

Threatpost Shared .

Thou shalt not hack indiscriminately, High Court of England tells Britain's spy agenciesChoke chain tightened on 'general warrants' after Privacy International wins judicial review.

The Register Shared .

Trump takedowns need accountabilityLate last week, in response to the insurrection at the Capitol, Twitter and Facebook removed Donald Trump's accounts.

Open Rights Group Shared .

UN hacked for good as 100K+ employee records accessedUN's Vulnerability Disclosure Program Leads to Startling Discovery as Researchers Accessed Private Data of 100,000 UNEP Employees.

HackRead Shared .

Unauthorised RAC staffer harvested customer details then sold them to accident claims management company8-month suspended sentence for conspiracy to secure unauthorised access to computer data.

The Register Shared .

Google Titan security keys hacked by French researchersResearchers can now made software copies of Google's "unclonable" Titan security keys - but not yet undetectably.

Naked Security Shared .

Researchers Find Links Between Sunburst and Russian Kazuar Malware

The Hacker News Shared .

Open Rights Group: Response to the Consultation on the Digital Strategy for ScotlandOpen Rights Group welcomes the publication of the discussion document, and is grateful for the Scottish Government's continuing engagement with us as the strategy has developed.

Open Rights Group Shared .

SolarWinds takes a leaf out of Zoom's book, hires A-Team of Stamos and Krebs to sort out its security woesOn Friday the news broke that Chris Krebs, formerly the head of the US government's Cybersecurity and Infrastructure Security Agency until he was fired by presidential tweet for saying the American election wasn't hacked, has started a consultancy with former Facebook and Yahoo! security chief Alex Stamos.

The Register Shared .

Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase HackRussian Hacker Gets 12 Years in Prison For Stealing 80 million J.P. Morgan Chase Customers' Data.

The Hacker News Shared .

Now WhatsApp users are really Facebook customers nowThe app is updating its privacy policy. Its part of an integration thats only moving in only one direction, says Guardian UK technology editor Alex Hern.

Guardian Privacy Shared .

Ghostery Browser January UpdateHey there, beta testers! Happy New Year! We hope you had a relaxing holiday and are ready to do great things in 2021.

Ghostery Blog Shared .

Kernel Root Exploit via a ptrace and execve Race ConditionT-Shirt Series: - Introduction 00:15 - Exploit PoC 00:39 - main 00:52 - prepare_shellcode 02:39 - mmap shared memory to signal "ready" state 03:07 - fork into and 03:44 - wait for the child 04:00 - unveil loop 05:03 - ptrace ATTACH and POKE child 05:58 - - PEEK entrypoint of child in loop 07:34 - child entrypoint changes!

LiveOverflow Shared .

He Created the Web. Now He's Out to Remake the Digital World.Tim Berners-Lee wants to put people in control of their personal data. He has technology and a start-up pursuing that goal.

New York Times Privacy Shared .

Tom Gorup: Fail fast and fail forward.Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls.

The CyberWire Shared .

Cloning Google's Titan Key to bypass 2FAThe attack requires the attacker to have physical access to the victim's Titan Key, hours of time, and side-channel setup equipment worth €10,000.

HackRead Shared .

How to watch American Gods season 3 online with a VPNWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Emotet reemerges and becomes one of most prolific threat groups out there.Deep Instinct's Shimon Oren joins us to talk about his team's research on "Why Emotet's latest wave is harder to catch than ever before - Part 2." Emotet appears to have reemerged more evasive than before, this time with a payload delivered from a loader that security tools aren't equipped to handle.

The CyberWire Shared .

Theft of two computers during Capitol attack raises information security concernsNancy Pelosi's office confirms laptop was stolen when Trump supporters, incited by the president, invaded the building.

Guardian Privacy Shared .

The Easy ButtonThis week in the Enterprise security News, Two data security companies merge, Veracode's products are now available in the AWS Marketplace, Zscaler launches a program for organizations dealing with the SolarWinds attack, SolarWinds is being sued in a class action lawsuit, funding announcements from Weaveworks, iBoss and Venafi.

Paul's Security Weekly Shared .

The Solorigate cyberespionage campaign and sensitive corporate data. The cybersecurity implications of physical access during the Capitol Hill riot. RSolorigate and its effect on sensitive corporate information. The DC riots show the cybersecurity consequences of brute physical access to systems.

The CyberWire Shared .

Malicious Software Infrastructure Easier to Get and Deploy Than EverResearchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.

Threatpost Shared .

SolarWinds, FBI Warnings, JetBrains, Government News, and 5GShow summaries, JetBrains, FBI Warnings, Some Government news, and Bill Gates is about to take control of your brain and install Windows 3.0 Beta on your medula oblongata!

Paul's Security Weekly Shared .

Russian hacker jailed in US over $19M fraud, 100M users' data theftThe 37-year-old hacker Andrei Tyurin was extradited to the US from Georgia in September 2018 after being charged with $19 million fraud and stealing 100 million users' data.

HackRead Shared .

Ryuk Rakes in $150M in Ransom PaymentsAn examination of the malware gang's payments reveals insights into its economic operations.

Threatpost Shared .

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

The Hacker News Shared .

US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documentsProblems for charging spies in future? Probably not, says ex-NCSC chief.

The Register Shared .

Coronavirus Vaccine Demand Has Health Officials Turning to EventbritePublic health officials are using Eventbrite's online ticketing platform to schedule shots. But appointments are still hard to find, and not everyone knows how to use the website.

New York Times Privacy Shared .

Nissan source code leaked after it used "admin" as username, passwordThe collection is 20 GB large and includes source code of a range of Nissan services including NissanConnect.

HackRead Shared .

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of HackFormer CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.

Threatpost Shared .

Red Hat snaps up Kubernetes security specialist StackRoxIBM closed the buy of Red Hat back in 2019 for a dizzying $34bn. In an interview with The Register last year, new CEO Paul Cormier said : "In terms of IBM and our strategy, we do our own things." Those things clearly include bolstering the company's enterprise Kubernetes platform with StackRox's security.

The Register Shared .

201-New OSINT Online Investigation TechniquesDirect support for this podcast comes from sales of my books and the new online OSINT video training.

The Complete Privacy & Security Podcast Shared .

FBI Warns of Egregor Attacks on Businesses WorldwideThe agency said the malware has already compromised more than 150 organizations and provided insight into its behavior.

Threatpost Shared .

ALERT: North Korean hackers targeting South Korea with RokRat Trojan

The Hacker News Shared .

How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill surveyReal-world CVSS figures are a little variable, or so these folks reckon.

The Register Shared .

Bugs in Firefox, Chrome, Edge Allow Remote System HijackingMajor browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Threatpost Shared .

Hack the US Army for good with 'Hack The Army' bug bounty programFor now, only those with invitation can join the new bug bounty program. Here's what we know so far and what to expect.

HackRead Shared .

Sealed U.S. Court Records Exposed in SolarWinds BreachThe ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office of the U.S. Courts.

Krebs on Security Shared .

One Way Hackers Can Perform Keystroke Injection Over Wi-Fi from a SmartphoneUsing a smartphone and Spacehuhn's Wi-Fi Duck, a hacker or pentester can preform keystroke injections over Wi-Fi on any unattended computer.

Null Byte Shared .

Biden to Appoint Cybersecurity Advisor to NSCAnne Neuberger, a more than 10-year veteran of the NSA and its cyber-chief since 2019, will become the country's deputy national security adviser for cybersecurity, according to Politico.

Threatpost Shared .

Nvidia Warns Windows Gamers of High-Severity Graphics Driver FlawsIn all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Threatpost Shared .

CISA updates its alerts and directives concerning Solorigate as the investigation expands. Rioting, social media, and cybersecurity.CISA updates its guidance on Solorigate, and issues an alert that the threat actor may have used attack vectors other than the much-discussed SolarWinds backdoor.

The CyberWire Shared .

All Aboard the Pequod!Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation's capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol.

Krebs on Security Shared .

Juspay data breach 35 million customers' card data sold on dark webThe Indian startup Juspay handles payments for online marketplaces, including Amazon. Here's what happened and what we know so far.

HackRead Shared .

Fired Healthcare Exec Stalls Critical PPE Shipment for MonthsA fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.

Threatpost Shared .

Threatpost Poll: Weigh in on Ransomware SecurityProvide your views on ransomware and how to deal with it in our anonymous Threatpost poll.

Threatpost Shared .

New Year, New Ransomware: Babuk Locker Targets Large CorporationsDespite being a mostly run-of-the-mill ransomware strain, Babuk Locker's encryption mechanisms and abuse of Windows Restart Manager sets it apart.

Threatpost Shared .

Burn-in Test PayloadsHak5 - Cyber Security Education, Inspiration, News and Community since Site → → → → Us → Wire RSS → Wire iTunes → : Shannon Morse → : Darren Kitchen → : Mubix → in 2005, Hak5's mission is to advance the InfoSec industry.

Hak5 Shared .

Fake Trump's scandle video campaign spreading QNode RATHackers are benefitting from the unrest after the US Presidential elections and spreading QNode malware but this time it tricks users into believing that they are about to watch an x-rated video of Donald Trump.

HackRead Shared .

Intel wheels out new face authentication product that works a lot like Apple's FaceIDIn terms of implementation, RealSense is similar to the approach taken by Apple with FaceID, which sees the heavy computational legwork performed on-device with dedicated hardware.

The Register Shared .

Facebook's Mandatory Data-Sharing Rules for WhatsApp Spark IreThe messaging platform will update its privacy platform on Feb. 8 to integrate further with its parent company, prompting users to cry foul over privacy issues.

Threatpost Shared .

How to watch A Discovery of Witches season 2 online with a VPNWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Creating A Strong Password Policy With Specops and NIST Guidelines

The Hacker News Shared .

Dumpster FireThis week, we start the new year off with a roundtable discussion amongst the hosts looking back on the highs and lows of 2020!

Paul's Security Weekly Shared .

What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find outHowever, the concerns raised haven't really been resolved because the software community hasn't figured out how to transfer trust when a project like this widely used extension is transferred to a new owner.

The Register Shared .

SolarWinds Hackers Also Accessed U.S. Justice Department's Email ServerThe U.S. Department of Justice admit its Microsoft Office 365 email server was compromised as part of the SolarWinds supply chain attack.

The Hacker News Shared .

JetBrains' build automation software eyed as possible enabler of SolarWinds hackMaker of developer tools says it played no role in the attack, hasn't heard from investigators.

The Register Shared .

Alternatives to Google ProductsNew and updated for 2021, this guide gives you alternatives to every Google product.

Restore Privacy Shared .

NSA Urges SysAdmins to Replace Obsolete TLS ProtocolsThe NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.

Threatpost Shared .

Not Even CloseThis week, we welcome Todd Fitzgerald, Vice President, Cybersecurity Strategy at Cybersecurity Collaborative, to talk about CISO Stories!

Paul's Security Weekly Shared .

United States Congress stormed by violent followers of defeated president, Biden win confirmation haltedImages of evacuated and invaded offices, Senate PCs still left switched on shared online.

The Register Shared .

It's Not the Trump Sex Tape, It's a RATCriminals are using the end of the Trump presidency to deliver a new Remote Access Trojan variant disguised as a sex video of the outgoing POTUS, researchers report.

Threatpost Shared .

Who worked through SolarWinds? An APT "likely Russian in origin," says the US. Rattling backdoors, rifling cryptowallets, and asking victims if they'rThe US Cyber Unified Coordination Group says the Solorigate APT is "likely Russian in origin." Threat actors are scanning for systems potentially vulnerable to exploitation through a Zyxel backdoor.

The CyberWire Shared .

Feds Issue Recommendations for Maritime CybersecurityReport outlines deep cybersecurity challenges for the public / private seagoing sector.

Threatpost Shared .

Are security and connectivity on your 2021 to do list, yes? Here's what to do firstFor a start, you probably didn't have "support a rapid relocation of the workforce to home working and then work out how to secure it after the fact" on there, all while dealing with a pandemic, economic dislocation, and everything else that surprised us in 2020.

The Register Shared .

Zyxel hardcoded admin password found  patch now!Hardcoded passwords are always wrong - they are equivalent to implanting a global backdoor and hoping no one will find it.

Naked Security Shared .

WhatsApp wants you to accept its new terms or call it quitsWhatsApp Updates its Privacy Policy - You must agree to WhatsApp's new terms if you want to keep using it!

HackRead Shared .

Cybercriminals Ramp Up Exploits Against Serious Zyxel FlawMore than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability potentially allowing cybercriminal device takeover.

Threatpost Shared .

Feds Pinpoint Russia as 'Likely' Culprit Behind SolarWinds Attack"This work indicates that an advanced persistent threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," according to the statement, which did not provide the technical details behind the attribution.

Threatpost Shared .

The 3 P's of Post ExploitationHak5 - Cyber Security Education, Inspiration, News and Community since Rob @mubix Fuller for Practical Exploitation - the breakdown on breaking in: an ethical hacking educational series for pentesters and aspiring cyber security - The 3/4 P's of Post Exploitation - Presence - Persistence - Privilege Escalation / → : Mubix → : → Gear →...

Hak5 Shared .

WhatsApp Will Delete Your Account If You Don't Agree Sharing Data With Facebook

The Hacker News Shared .

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber AttackU.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack.

The Hacker News Shared .

Trump administration bans eight Chinese appsAlipay, WeChat and friends ‘threaten national security, foreign policy, and economy of the United States'

The Register Shared .

ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devicesThe undetected ElectroRat malware is capable of stealing private keys to access victims' wallets and also run keylogger on a targeted device.

HackRead Shared .

Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholdersLast month, it emerged the update server used by SolarWinds to distribute its Orion software had been subverted by miscreants to secretly inject a backdoor into the code so that hackers could infiltrate the computers of customers who installed the product.

The Register Shared .

Ticketmaster, ElectroRAT, Zyxel Vulnerability, and Section 230This week Dr. Doug talks Bill Gates Mind control, Section 230, Threatpost 2021 Predictions, Zyxel, California Privacy Law, Ticketmaster Hacking Rivals, and Jason Wood returns for Expert Commentary!

Paul's Security Weekly Shared .

RCE 'Bug' Found and Disputed in Popular PHP Scripting FrameworkImpacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.

Threatpost Shared .

Cyberattacks on Healthcare Spike 45% Since NovemberThe relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.

Threatpost Shared .

Blackberry Cylance's consumer antivirus product won't work with macOS Big Sur until end of JanuaryOther antivirus vendors were too shy to comment on Cylance's woes but forlorn Redditors looking for hope instead discovered a Cylance support statement dated 25 November, which baldly stated: "If users have Cylance Smart Antivirus installed on devices that are running macOS 10.15 or earlier, they should not upgrade their devices to macOS 11.0...

The Register Shared .

It's not Kates and Vals over Ford Island, but it's not just a tourist under diplomatic cover taking pictures of Battleship Row, either. Another APT siMore assessments of the Solorigate affair, with an excursus on Pearl Harbor. Shareholders open a class action suit against SolarWinds, but no signs of an enforcement action for speculated insider trading.

The CyberWire Shared .

Telegram Triangulation Pinpoints Users' Exact LocationsThe "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said.

Threatpost Shared .

Google Warns of Critical Android Remote Code Execution BugGoogle's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.

Threatpost Shared .

Hamas May Be Threat to 8chan, QAnon OnlineIn October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas.

Krebs on Security Shared .

Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.

The Register Shared .

SolarWinds supply chain attack affected 250 organizationsAccording to a report, the SolarWinds attack has impacted over 250 organizations, including government agencies and private businesses.

HackRead Shared .

A Plan Made to Shield Big Tobacco From Facts Is Now E.P.A. PolicyThe E.P.A. has finalized a so-called transparency plan that it says will improve the credibility of science.

New York Times Privacy Shared .

Major Gaming Companies Hit with Ransomware Linked to APT27Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.

Threatpost Shared .

ElectroRAT Drains Cryptocurrency Wallet Funds of ThousandsAt least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.

Threatpost Shared .

Clean Up Your Digital Footprint in 2021Well, we made it  2021 is finally here! If you're like most people, you may have considered making a resolution to lead a healthier, happier life in January and beyond.

Ghostery Blog Shared .

How to Remove Photo MetadataWe are reader supported and may earn a commission when you buy through links on our site.

Comparitech Shared .

Data from August Breach of Amazon Partner Juspay Dumped OnlineResearcher discovered info of 35 million credit-card users from an attack on the Indian startup, which handles payments for numerous online marketplaces.

Threatpost Shared .

Facebook bug exposed identity of page admin using group doc featureThe bug was reported to Facebook under its bug bounty program after which the researcher was awarded $5,000.

HackRead Shared .