- UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Databy Maxine Holt Senior Research Director, Cybersecurity, Omdia on September 22, 2021 at 6:45 pm
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
- He Escaped the Dark Web's Biggest Bust. Now He's Backby Andy Greenberg on September 23, 2021 at 11:00 am
DeSnake apparently eluded the DOJ's takedown of AlphaBay. The admin talked to WIRED about his return—and the resurrection of the notorious underground marketplace.
- Indictment, Lawsuits Revive Trump-Alfa Bank Storyby BrianKrebs on September 23, 2021 at 1:53 pm
In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.
- REvil Affiliates Confirm: Leadership Were Cheating Dirtbagsby Lisa Vaas on September 23, 2021 at 11:00 pm
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."
- ROT8000by Bruce Schneier on September 23, 2021 at 1:15 pm
ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).
- Apple warns of arbitrary code execution zero-day being actively exploited on Macsby Simon Sharwood on September 24, 2021 at 5:01 am
Remember iPods? The same bug can bite them, and plenty of older iPhones and iPads too Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.…
- SonicWall fixes critical bug allowing SMA 100 device takeoverby Sergiu Gatlan on September 24, 2021 at 6:19 am
SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. [...]
- A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkitby noreply@blogger.com (Ravie Lakshmanan) on September 24, 2021 at 4:54 am
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers
- 10 top API security testing toolsby John Breeden II on September 23, 2021 at 9:00 am
Application programming interfaces (APIs) are a critical part of most modern programs and applications. In fact, both cloud deployments and mobile applications have come to rely so heavily on APIs that you can’t have either without an API managing components somewhere along the line. Many larger companies, especially those with a big online presence, have hundreds or even thousands of APIs embedded in their infrastructure. The growth of APIs will only continue to increase.The ingenious thing about APIs is that many of them are just tiny snippets of code, and all are designed to be small and unobtrusive in terms of their network resource requirements. Yet they are also flexible and able to keep working and performing their main functions even if the program they are interfacing with or controlling changes, such as when patches are applied.To read this article in full, please click here