Undisclosed HomeKit flaw used by Cellebrite to attack Serbian journalists
Apple's HomeKit is under scrutiny, as Serbian authorities are suspected of exploiting it to install Pegasus spyware without any user interaction at all.MalwareReported by Amnesty International, at the center of the spyware campaign are two tools —.....»»
HomeKit Weekly: Kickstart your smart home with MuJoy smart light bulbs featuring Matter and Thread
HomeKit light bulbs offer both functionality and convenience. They’ve come down in cost in recent years while also getting much more reliable thanks to technology like Thread and Matter. These smart lighting solutions integrate seamlessly with Home.....»»
Hotel room key cards everywhere could be at risk from RFID security flaw
Security researchers find flawed contactless cards dating back to late 2007, and urge users to be careful......»»
Deals: M3 MacBook Air with 16GB of RAM now $1,099, HomeKit Secure Video smart cams, Apple Watch bands, more
Your Friday edition of the 9to5Toys Lunch Break is here to help cap off the work week with some serious deals. Today marks the return of $250 price drops on the 15-inch MacBook Air, but we also spotted the 13-inch model with 16GB of RAM starting at $.....»»
This new Android malware can steal your card details via the NFC chip
Security researchers spot a sophisticated attack that steals people's NFC data and can be used to steal money, and more......»»
Journalists and social media users are key drivers behind product recall decisions, says researcher
Canada saw a record 2,330 product recalls in 2023—more than six per day and the highest since the federal government started releasing the data in 2011. A product recall occurs when a manufacturer takes action to remove consumer goods with safety d.....»»
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed o.....»»
GitHub Enterprise Server has a critical security flaw, so patch now
A newly discovered security flaw allows hackers to elevate their privileges and thus take over vulnerable endpoints......»»
Wallarm API Attack Surface Management mitigates API leaks
Wallarm announced its latest innovation: API Attack Surface Management (AASM). This agentless technology transforms how organizations identify, analyze, and secure their entire API attack surface. Designed for effortless deployment, Wallarm AASM empo.....»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
Android malware uses NFC to steal money at ATMs
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals.....»»
GenAI models are easily compromised
95% of cybersecurity experts express low confidence in GenAI security measures while red team data shows anyone can easily hack GenAI models, according to Lakera. Attack methods specific to GenAI, or prompt attacks, are easily used by anyone to manip.....»»
Top architectural firm reveals it was hit by major ransomware attack
CannonDesign starts notifying people a year and a half after the incident......»»
Readers prefer to click on a clear, simple headline—like this one
In an era when people trust news less than ever, how can journalists break through and attract the attention of average people to provide information about their communities, the nation and the world?.....»»
PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access.....»»
Average DDoS attack costs $6,000 per minute
2023 saw a surge in the frequency and duration of DDoS attacks, and in the first half of 2024, it’s clear that surge has become the new normal, according to Zayo. DDoS attack duration increases DDoS attacks surged 106% from H2 2023 to H1 2024. The.....»»
Cybercriminals exploit file sharing services to advance phishing attacks
Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of ph.....»»
Nanoleaf Expo Display Box, SmartMi E1, & Apple"s Robotic iPad on HomeKit Insider
On this episode of the HomeKit Insider Podcast, we break down the news from Google's special event, the launch of the Aqara FP1E presence sensor, and more smart home news.HomeKit Insider PodcastOne of the biggest pieces of news this week was the conf.....»»
Group-IB partners with SecurityHQ to enhance SOC capabilities
Group-IB announced the signing of a global partnership agreement with SecurityHQ, a global independent Managed Security Service Provider (MSSP). With this partnership, SecurityHQ will leverage Group-IB’s Threat Intelligence, Attack Surface Mana.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
HomeKit Weekly: Looking to start a smart home on a budget? The TP-Link 4 pack is an easy place to start
If you’re starting from zero on a smart home, it can look daunting and expensive as you consider upgrading all of the rooms in your house. I’ve found that starting with a few smart outlet adaptors is the best (and most economical way) to start, a.....»»