Malicious packages sneaked into NPM repository stole Discord tokens
People's trust in repositories make them the perfect vectors for malware. Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spr.....»»
Backdoor found in widely used Linux utility targets encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month. Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdo.....»»
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream. Enlarge / Malware Detected Warning Screen with abstract binary code 3d digital concept (credit: Getty Images) On Friday, researcher.....»»
If you have an iPhone with AT&T, there"s a good chance your info has been stolen
AT&T is finally resetting passcodes for current customers after hackers stole a trove of customer data more than two years ago.The vast majority of the compromised passcodes belong to some 65.4 million current and former AT&T customers. However, the.....»»
If you have an iPhone with AT&T, your info has probably been stolen
AT&T is finally resetting passcodes for current customers after hackers stole a trove of customer data more than two years ago.The vast majority of the compromised passcodes belong to some 65.4 million current and former AT&T customers. However, the.....»»
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,”.....»»
Backdoor found in widely used Linux utility breaks encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month. Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdo.....»»
Here’s how to protect against iPhone password reset attacks
One of the latest attacks on iPhone sees malicious parties abuse the Apple ID password reset system to inundate users with iOS prompts to take over their accounts. Here’s how you can protect against iPhone password reset attacks (often called “MF.....»»
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight. Enlarge / Supply-chain attacks, like the latest PyPI discovery, insert malicious code into seemingly functional software packages used by developers......»»
Thousands of Asus routers taken over by malware to form new proxy service
Outdated Asus routers are being assimilated into a malicious botnet used by hackers to hide their traces.....»»
Vercara UltraAPI offers protection against malicious bots and fraudulent activity
Vercara has launched UltraAPI, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance. Powered by Cequence Security UltraAPI helps organizations protect applications an.....»»
How to appear offline on Discord on desktop and mobile
Would you prefer a little privacy but still want to keep using Discord? It's all about updating your status. Here's how to look like you're offline to others......»»
This ‘unpatchable’ Mac flaw is keeping me up at night
A newly discovered vulnerability could leave Apple Silicon Macs wide open to malicious hacker attacks -- and it looks like the flaw can’t even be patched......»»
Former UPS worker allegedly stole $1.3M worth of Apple products
A former United Parcel Service (UPS) worker has been accused of stealing $1.3 million worth of Apple products over the course of a decade. He has been charged with stealing the products from a UPS warehouse in Winnipeg, Canada, and reselling them.....»»
UPS worker charged after $1.3M Apple product theft spree
A former worker for UPS allegedly stole and resold approximately $1.3 million in Apple merchandise from a warehouse in Winnipeg over the course of six months.UPS logoOrville Martirez Beltrano was arrested by police in January 22 over allegations that.....»»
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC.....»»
BSAM: Open-source methodology for Bluetooth security assessment
Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many.....»»
Image-scraping Midjourney bans rival AI firm for scraping images
Midjourney pins blame for 24-hour outage on "bot-net like" activity from Stability AI employee. Enlarge / A burglar with a flashlight and papers in a business office—exactly like scraping files from Discord. (credit: Getty Imag.....»»
Microsoft says Kremlin-backed hackers accessed its source and internal systems
Midnight Blizzard is now using stolen secrets in follow-on attacks against customers. Enlarge (credit: Getty Images) Microsoft said that Kremlin-backed hackers stole its proprietary source code during a January breach of.....»»
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML a.....»»
Immediate AI risks and tomorrow’s dangers
“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing im.....»»