Malicious packages sneaked into NPM repository stole Discord tokens
People's trust in repositories make them the perfect vectors for malware. Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spr.....»»
Spotify comment on Apple’s $2B antitrust fine hints at possible malicious compliance
We noted yesterday that Spotify welcomed Apple being fined $2B for antitrust offences relating to streaming music services. The tone of the company’s response, however, strongly suggests that it believes the iPhone maker will repeat what some ha.....»»
Discord leaker Jack Teixeira pleads guilty, seeks light 11-year sentence
Jack Teixeira avoids spy charges, reduces sentence from up to 60 years. Enlarge / This photo illustration created on April 13, 2023, shows the Discord logo and the suspect, national guardsman Jack Teixeira, reflected in an image.....»»
Securing software repositories leads to better OSS security
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the p.....»»
GitHub push protection now on by default for public repositories
GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported s.....»»
Crime blotter: Apple Store thefts in New York, California, Las Vegas
In the latest Apple Crime Blotter, Apple Store kicks out a reporter, a tech company exec stole and sold MacBooks, and details of an iPhone scam in Iran.The Apple Store in Nanuet The latest in an occasional AppleInsider series, looking at the world of.....»»
Pirate Sites With Malicious Ads Face Restrictions Under New Initiative
The Trustworthy Accountability Group aims to increase trust in the digital advertising industry, in part by limiting pirate sites' access to advertising. A new initiative will see the development of a new blocklist containing pirate site domains to b.....»»
Hugging Face, the GitHub of AI, hosted code that backdoored user devices
Malicious submissions have been a fact of life for code repositories. AI is no different. Enlarge (credit: Getty Images) Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of.....»»
GitHub besieged by millions of malicious repositories in ongoing attack
GitHub keeps removing malware-laced repositories, but thousands remain. Enlarge (credit: Getty Images) GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. Thes.....»»
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns
Six years on, routers remain a favorite post for concealing malicious activities. Enlarge (credit: Getty Images) The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear.....»»
Microbial comics: RNA as a common language, presented in extracellular speech-bubbles
Single-celled organisms, such as bacteria and archaea, have developed many ways to communicate with each other. For example, they might use tiny so-called extracellular vesicles (EVs)—membrane-enveloped packages smaller than 200 nm in diameter (0.0.....»»
Bitdefender Cryptomining Protection detects malicious cryptojacking attempts
Bitdefender announced Cryptomining Protection, a cryptomining management feature that allows users to both protect against malicious cryptojacking and manage their own legitimate cyptomining initiatives on their Windows PCs. According to a 2023 repor.....»»
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect.....»»
India’s plan to let 1998 digital trade deal expire may worsen chip shortage
Taxing exports of digital movies and games may not be worth sowing discord. Enlarge (credit: Narumon Bowonkitwanchai | Moment) India's plan to let a moratorium on imposing customs duties on cross-border digital e-commerc.....»»
Secure email gateways struggle to keep pace with sophisticated phishing campaigns
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers’ SEGs, signaling a 37% incr.....»»
What does a physicist see when looking at the NFT market?
The market for collectible digital assets, or non-fungible tokens, is an interesting example of a physical system with a large scale of complexity, non-trivial dynamics, and an original logic of financial transactions. At the Institute of Nuclear Phy.....»»
A critical Shortcuts vulnerability was fixed in iOS 17.3
According to research performed by Bitdefender, prior to the iOS 17.3 update, a malicious Shortcut could capture sensitive data like photos and send it to an attacker.Apple's Shortcuts appShortcuts are built into iOS, iPadOS, and macOS to provide use.....»»
Sports streamer Fubo is suing Disney, FOX, and Warner Bros.
Fubo files an antitrust lawsuit against major Disney, FOX, Warner Bros over anti-competitive practices in joint sports streaming. Some streaming services are slowly consolidating, creating packages, and, inevitably, turning into cable televisio.....»»
Meta, Microsoft take on Apple and lobby EU to reject new App Store terms
Apple will be challenged by the EU over its App Store changes if Microsoft and Meta have their way. Meta and Microsoft are not about to just let Apple get away with "malicious compliance."According to a new report from the Financial Times, two.....»»
Meta and Microsoft ask EU to reject Apple’s new app store terms
Apple’s new app store terms have come under fire for what many are describing as ‘malicious compliance’ with the EU’s Digital Markets Act – that is, technically complying with the antitrust law while completely negating its intent. A new.....»»
CampusGuard introduces new online training courses
CampusGuard announced latest online Security Awareness and Compliance Training packages, offering expanded choices for our valued customers. The Information Security Awareness package includes access to over 20 security awareness modules, providing u.....»»