Skip to content
Accused Chinese hackers abandon techniques after U.S. indictmentsU.S. indictments against individual Chinese soldiers accused of hacking various American targets have deterred those military personnel from conducting the same kinds of hacks again, according to the co-founder of a firm known for investigating nation-state activity. Digital infrastructure associated with alleged hackers charged in 2014, 2017 and 2018 essentially evaporated when charges in each…
New WiFi chip bug affects everything from Amazon's Echo to home routersA large swath of internet-of-things devices are affected by a new vulnerability that could let a criminal or spy decrypt data sent over wireless connections, researchers said Wednesday. The flaw in widely used WiFi chips made by Broadcom and Cypress essentially disables the encryption key used to secure communications over popular wireless standards. Everything from…
Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killingIran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of…
Equifax indictment shows Chinese hackers can't hide, DOJ official saysChinese hackers took pains to cover their fingerprints in allegedly hacking credit monitoring agency Equifax in 2017, but a senior Department of Justice official says an indictment unsealed earlier this month shows the smokescreen didn’t work. “They’re always going to try to make our job harder,” John Demers, the assistant attorney general for national security,…
An FBI unit recovered $300 million of $3.5 billion in reported cybercrime losses last yearA special unit inside the FBI helped victims of cybercrime recover $300 million of the roughly $3.5 billion in reported losses in 2019, according to a top bureau official. Tonya Ugoretz, a deputy assistant director in the cyber division at the FBI, said Monday the Internet Crime Complaint Center (IC3) responded to more than 467,000…
Russian interference in 2016 election prompted better information sharing, top DHS cyber official saysThere was a time when the National Security Agency and the Department of Homeland Security primarily kept to themselves when it came to information sharing. That time is in the past. Two top government cybersecurity officials — Director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, and Anne Neuberger, the director of the…
It’s time to set behavior norms for responsible nationsYears ago, I held senior leadership positions in the U.S. military focused on cyber-operations, policy and strategy. What kept me up at night was the concern that a loosely controlled third-party actor or organization — operating with suspicious motivations or questionable skills at the behest of an adversary — might initiate a cyberattack that could…
Billions of Devices Open to Wi-Fi Eavesdropping AttacksThe Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.
RSAC 2020: Smart Baby Monitor Vulnerable to Remote HackersA popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage.
RSAC 2020: Lack of Machine Learning Laws Open Doors To AttacksWhen it comes to machine learning, research and cybercriminal activity is full speed ahead - but legal policy has not yet caught up.
Hackers Cashing In On Healthcare Industry Security WeaknessesBetween ransomware attacks on healthcare devices, malware-laced “medical” apps, and fraud services available on the dark net, attackers are pushing the boundaries on targeting healthcare.
Iranian APT Targets Govs With New MalwareA new campaign is targeting governments with the ForeLord malware, which steals credentials.
Unpatched Security Flaws Open Connected Vacuum to TakeoverA connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks.
Stalkerware Attacks Increased 50 Percent Last Year, ReportResearch puts the emerging mobile threat—which monitors the whereabouts and device activity of devices users as well as collects personal data—into clearer focus.
RSAC 2020: Blockchain is ‘Garbage In’, Voting Needs Paper BallotsThe annual cryptographer's panel took on issues of privacy and how new crypto-technologies apply to it in today's digital world.
Google Patches Chrome Browser Zero-Day Bug, Under AttackGoogle patches zero-day bug tied to memory corruptions found inside the Chrome browser's open-source JavaScript and Web Assembly engine, called V8.
RSAC 2020 Keynote: Changing the World’s False Perception of CybersecurityThe reality of the cybersecurity industry is starkly different than what's perceived by the rest of the world.
Sen. Schumer Pushes for TSA Employee Ban on TikTok App at WorkThe Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.
Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste DataSoftware developer builds a malicious proof-of-concept iOS app that can read data temporarily saved to the device’s clipboard.
Data Breach Occurs at Agency in Charge of Secure White House CommunicationsA leak at the Defense Information Systems Agency exposed personal information of government employees, including social security numbers.
CreativeMinds WordPress Plugin Curated RSS Aggregator
Zyxel 0day Affects its Firewall Products, TooOn Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.
Zyxel Fixes 0day in Network Storage DevicesNetworking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.…