March 25, 2024 at 11:35AM The Communication Workers Union (CWU) is dealing with a cyberattack, originally mistaken for just an IT outage. Member data may have been targeted, prompting involvement of cybersecurity experts. The union is working to assess the extent of the attack, inform members, and restore its IT systems. The Information Commissioner’s Office … Read more
March 22, 2024 at 01:13AM Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 by demonstrating 29 zero-day vulnerabilities across various categories, including web browsers, cloud-native/container, virtualization, enterprise applications, and automotive products. Notably, Manfred Paul and Team Synacktiv emerged as top performers by exploiting various software and winning cash prizes and a Tesla Model 3. … Read more
March 4, 2024 at 02:35PM The Predator mobile spyware operation, previously exposed by Amnesty International, has expanded its reach to Botswana and the Philippines, bringing the total number of countries it operates in to 11. The updated infrastructure includes delivery servers and IP addresses in these nations. The operation is recognized for its consistent delivery … Read more
February 26, 2024 at 04:39PM The White House ONCD urges tech companies to adopt memory-safe programming languages like Rust to enhance software security by reducing memory safety vulnerabilities. Such vulnerabilities can lead to security risks and unauthorized access to data, posing a threat to the digital ecosystem. This initiative aligns with President Biden’s National Cybersecurity … Read more
February 19, 2024 at 08:51AM Meta Platforms curtailed malicious activity from firms in Italy, Spain, and the U.A.E. operating in surveillance-for-hire. Spyware targeted iOS, Android, and Windows devices, collecting device info, media, and enabling camera and microphone. Accounts in Italy and Spain were involved in social engineering. Meta also acted on coordinated inauthentic behavior from … Read more
February 13, 2024 at 02:08PM The document details a list of vulnerabilities, including CVE IDs, titles, and severity ratings for various Microsoft products and services, such as .NET, Azure Active Directory, Azure DevOps, Microsoft Edge, and others. It also covers Windows-related vulnerabilities in areas like Hyper-V, Internet Connection Sharing, Kernel, LDAP, and Message Queuing. Based … Read more
February 12, 2024 at 08:55PM Researchers have developed a recovery tool for victims of the Rhysida ransomware, offering a solution to unlock encrypted documents. The ransomware targets various sectors and uses a flawed random number generator, making it possible for the tool to decrypt the data. This tool is distributed by the Korea Internet and … Read more
February 12, 2024 at 03:30PM The State Department’s move aligns with international law enforcement’s Hive infrastructure takedown. Based on the meeting notes, it appears that the State Department’s action is meant to align with and support a coordinated effort by international law enforcement to dismantle a Hive infrastructure. Full Article
February 7, 2024 at 03:39AM The commercial spyware economy is thriving despite government and big tech crackdowns. Google’s Threat Analysis Group discovered numerous smaller surveillance vendors in addition to major players like NSO Group and Intellexa. Western governments are taking steps to curb the $12-billion-a-year industry, but the spyware business continues to grow. The lack … Read more
January 14, 2024 at 10:05PM In June 2023, China announced that operators of short-distance ad hoc networks must adhere to socialist principles and require users to disclose their real-world identities. The focus was on technologies like Wi-Fi hotspots and AirDrop, which were used by protestors during COVID-19 lockdowns. Chinese authorities acknowledged AirDrop’s vulnerability to surveillance … Read more