News

Somebody went after crypto-centric companies’ outsourced email but the damage was felt in the cloud

Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.…

Let alone the ones with 123456 to login. How sophisticated do attackers really need to be?

Thousands of machines on the public internet can be remotely controlled via VNC without any authentication, a cybersecurity vendor has reminded us this month.…

Corn-y demo heralded as right-to-repair win

At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom.…

Lawyers, journalists sue super-snoop agency and Spanish security biz

The CIA illegally spied on US citizens while they visited WikiLeaks publisher Julian Assange inside the Ecuadorian embassy in London, a lawsuit filed today has claimed.…

The arrest comes days after US Treasury levies sanctions against the crypto mixing service

Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.…

Local startup can make it happen over 150km

India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distribution (QKD)technology that can operate across distances of 150km.…

COVID, flood surfing, crowds – what to pick?

Black Hat  As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering.…

PLUS Vietnam's massive infosec push; Philippines telco fight; Australia dumps COVID app; and more

Asia in Brief  Elon Musk has written an article for the Cyberspace Administration of China's flagship magazine.…

Tl;DR - the news isn't good

Black Hat In Brief  Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.…

Six years on web devs finally settle on sensor privacy defenses

Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.…

There goes the weekend...

A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.…

Once the modchip plans are live, you can, too

Black Hat  A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip.…

Fashion Police chipping in on the bounty related to costliest strain of ransomware on record

The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.…

Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces

Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.…

Repurposes logic originally used for spotting variations in voltage, timing in older circuits to help performance

Black Hat  Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age.…

Advanced's infrastructure still down and out, recovery to take weeks or more

Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.…

Time to call in the legal team

Black Hat  Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it. …

Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says

Black Hat  Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.…

'Until someone has to go to jail for doing it wrong the teeth are not going to be the same'

Black Hat video  The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.…

The inside scoop on the Ukrainian IT army, and what could happen next

Black Hat  The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms — and infrastructure security, according to journalist and author Kim Zetter.…