Google, Apple, and Microsoft step hand in hand into a passwordless future
While we recently “celebrated” World Password Day, almost every security outlet keeps telling us that passwords alone are not enough....
How COVID-19 fuelled a surge in malware
2021 saw a massive surge in detections of malware, adware, and Potentially Unwanted Programs (PUPs). It didn’t matter what the...
Massive increase in XorDDoS Linux malware in last six months
Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. XorDDoS, a Linux...
General Motors suffers credential stuffing attack
American car manufacturer General Motors (GM) says it experienced a credential stuffing attack last month. During the attack customer information...
More than a quarter of Americans fell for robocall scam calls in past year
More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller...
Rotten apples banned from the App store
Apple’s App Review process may have received ill wishes from many benevolent developers, but Apple has now revealed how effective...
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it...
It’s official, today you can say goodbye to Internet Explorer. Or can you?
Today, the Internet Explorer (IE) 11 desktop application goes out of support and will be retired for certain versions of...
Twitter fined $150M after using 2FA phone numbers for marketing
The Federal Trade Commission (FTC) and the Department of Justice (DOJ) have ordered Twitter to pay a $150M penalty for...
Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware
The Google Threat Analysis Group (TAG) has revealed that of the nine zero-day vulnerabilities affecting Chrome, Android, Apple and Microsoft...
FBI warns of education sector credentials on dark web forums
The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and...
SSNDOB stolen data marketplace shut down by global law enforcement operation
The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information...
Coffee app in hot water for constant tracking of user location
A mobile app violated Canada’s privacy laws via some pretty significant overreach with its tracking of device owners. The violation...
Apple’s passkeys attempt to solve the password problem
The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of...
Internet Safety Month: Parental controls—what they can and can’t do for you
Parental controls can be useful to limit the risks your children run into online, but you should know up front...
TrustPid is another worrying, imperfect attempt to replace tracking cookies
German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which...
Apple’s passkeys attempt to solve the password problem
The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of...
A critical flaw in Citrix Application Delivery Management allows resetting admin passwords
Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset...
HackerOne Bug Bounty Disclosure: golang-:-add-query-to-detect-pam-authorization-bugsbyporcupineyhairs
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Golang : Add Query To Detect PAM...
HackerOne Bug Bounty Disclosure: golang-:-hardcoded-secret-used-for-signing-jwtbyporcupineyhairs
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Golang : Hardcoded secret used for signing...
HackerOne Bug Bounty Disclosure: cpp:-add-query-for-cwe-243-creation-of-chroot-jail-without-changing-working-directorybyihsinme
Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by ihsinme ihsinme Report CPP: Add query for CWE-243 Creation of...
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it...
Record breaking HTTPS DDoS attack
Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second...
Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign
Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022....
