News
Prohibition never works, but that didn't stop the UK's Online Safety Act
Opinion You might think, since I write about tech all the time, my degrees are in computer science. Nope. I'm a bona fide, degreed historian, which is why I can say with confidence that the UK's recently passed Online Safety Act is doomed to fail.…
Why blow up satellites when you can just hack them?
Black Hat Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.…
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz
Black Hat Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation.…
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.…
Black Hat's network ops center brings rivals together for a common cause
Black Hat Neil "Grifter" Wyler is spending the week "looking for a needle in a needle stack," a task he'll perform from the network operations center (NOC) that powers the Black Hat security conference in Las Vegas.…
CISA releases malware analysis for Sharepoint Server attack
CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions.…
KLM, Air France latest major organizations looted for customer data
European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers' data stolen by way of a break-in at a third party org.…
Meta training AI on social media posts? Only 7% in Europe think it's OK
Meta's enthusiasm for training its AI on user data is not shared by the users themselves – at least for some Europeans – according a study commissioned by Facebook legal nemesis Max Schrems and his privacy advocacy group Noyb.…
Amnesty slams Elon Musk's X for 'central role' in fueling 2024 UK riots
Amnesty International claims Elon Musk's X platform "played a central role" in pushing the misinformation that stoked racially charged violence following last year's Southport murders.…
Could agentic AI save us from the cybercrisis?
Sponsored feature The cyberthreat landscape is evolving fast, with highly organized bad actors launching ever more devastating and sophisticated attacks against often ill-prepared targets.…
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
Microsoft has rolled out an autonomous AI agent that it claims can detect malware without human assistance.…
Google says the group behind last year's Snowflake attack slurped data from one of its Salesforce instances
Google confirmed that criminals breached one of its Salesforce databases and stole info belonging to some of its small-and-medium-business customers.…
Vibe coding tool Cursor's MCP implementation allows persistent code execution
Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously approved Model Context Protocol (MCP) configuration, silently swapping it for a malicious command without any user prompt.…
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Critical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users' devices, steal passwords, and access sensitive data, including fingerprint information, according to Cisco Talos.…
Study finds humans not completely useless at malware detection
Researchers from the Universities of Guelph and Waterloo have discovered exactly how users decide whether an application is legitimate or malware before installing it – and the good news is they're better than you might expect, at least when primed to expect malware.…
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise
Security researchers have lifted the lid on a chain of high-severity vulnerabilities that could lead to remote code execution (RCE) on Nvidia's Triton Inference Server.…
Hacker summer camp: What to expect from BSides, Black Hat, and DEF CON
The security industry is hitting Vegas hard this week with three conferences in Sin City that bring the world's largest collection of security pros together for the annual summer camp.…
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux backdoor and say antivirus engines do not flag the code as malicious.…
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day
SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces.…
Pages
