A ransomware gang used credentials from the Lapsus leak to sign malware
Group signed a kernel driver that disabled security software
Microsoft's Patch Tuesday squashes 49 bugs to end the year
Two zero-day and six critical vulnerabilities have been patched
Google introduces vulnerability scanner for open-source projects
A community database-backed tool for detecting dependency vulnerabilities
A clever trick turns antivirus software into unstoppable data wiping scourges
What just happened? Antivirus and anti-malware programs are supposed to be the most trusted type of software installed on a PC. Exploiting this well-known status quo, a security researcher created a data-wiping tool potentially capable of erasing all the data present on a system.
How to remove yourself from the internet
You can and should limit the data you put out there through your online activity
Europe's eIDAS 2.0: a threat to modern web security?
Revised European rules for digital certificates would be a downgrade
Cyberattack has kept an entire nation's government offline for over a month
Vanuatu's government won't say whether it was ransomware
TSA is ready for nationwide deployment of its facial recognition system
A hot potato: What started as a limited pilot project to test facial recognition technology could soon become the norm for screening and ID routines in all US airports. At least, that's what the Transportation Security Administration (TSA) is planning for next year.
FBI director: TikTok could be China's best espionage tool
Why it matters: Chris Wray has once again shared Washington's concerns over TikTok, an incredibly popular video app that could pose an unprecedented threat to US security. The issue is in the algorithm, and its permeability to the Communist Party's dystopian techno-control apparatus.
Android security defeated with stolen Platform certificates
Facepalm: Like any other modern operating system, Android's design employs a "privilege" based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow.
Hackers find a way to access your personal information and steal your car at the same time
All they need is your VIN, which is visible through your windshield
Mozilla and Microsoft distrust TrustCor certificates due to suspicions over covert spyware operation
TrustCor allegedly had ties with a company making Android spyware
Open-source antivirus ClamAV finally goes 1.0, some 20 years after launch
The antivirus for Linux-based operating systems keeps improving
Google reports on a company selling spyware for Chrome, Firefox, and Windows Defender
Another company similar to RCS Labs and NSO Group
LastPass user information exposed in data breach
These incidents aren't filling customers with confidence
US bans sales and import of products from five Chinese telecoms
A hot potato: The US / China tech clash is entering an even more heated phase, with the FCC acting as a hammer against Chinese companies making network and telecom devices. They're an unacceptable risk to national security, the FCC claims.
New cybersecurity measures are locking aftermarket tuners out of car systems
Networked vehicle systems require additional hardening and encryption to deter cyber attacks
Beware of fake MSI Afterburner that installs cryptojacking and information-stealing malware
The overclocking tool's popularity is being exploited again
A Roblox Chrome extension downloaded by over 200,000 users contains a backdoor
Users should uninstall the Chrome extension "SearchBlox" immediately
PSA: If you have the popular extension SearchBlox installed on Google Chrome, you should immediately uninstall it, clear your cookies, and change your passwords for Roblox and Rolimons. The extension contained a backdoor designed to steal user credentials. Other websites you may have logged into with the extension installed may also be at risk.
A security firm hacked malware operators, locking them out of their own C&C servers
This'll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
Study shows 50% of repair shops snooped on customer devices
Female customers are most likely to become victims
Facebook may have collected some of your IRS filing data if you used an online tax services
Ain't nothin' sacred anymore!
Users claim Windows iCloud app bug is inserting images and videos from other people into their library
Syncing videos results in a corrupted file that displays random images from unknown sources
Meta fires employees for taking bribes to hijack accounts and helping others recover accounts
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
The FBI warns that tech support scams are still popular
And people are still falling for them