Australia is considering a ban on ransom payments to hackers
But would it cause more problems than it fixes?
Security researchers foil NASA docking procedure with novel attack on Ethernet network
Device disrupts real network switches long enough for fake ones to send in signals
US Army and CDC remove code from apps after finding out it was Russian-made
The Siberian company "misled" government bodies into thinking it was an American firm
Google pays researcher $70,000 for discovering simple Android lock screen bypass bug
Make sure your Android device is up to date
Meet Worok, the cyber espionage group hiding malware within PNG image files
In a nutshell: Security researchers have discovered a new malware threat designed to abuse steganography techniques. Worok appears to be a complex cyber-espionage operation whose individual stages are still in part a mystery. The operation's final target, however, has been confirmed by two security firms.
Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
The latest patchfest from Redmond is a much needed one
Password-based hacks have increased 74% over the last year
There are almost 1,000 password-based attacks every second
Emotet, the botnet that came back from the dead
What just happened? The Emotet botnet was dead, or so researchers thought. The malicious network is now back in business with a new phishing campaign, exploiting a novel technique to push users and companies to infect themselves.
"Polite WiFi" loophole lets modified drones track device locations through walls
Researchers say WiFi chip manufactures need to come up with new WiFi protocol to mitigate the vulnerability
The White House is hosting its second international summit against ransomware
Why it matters: The US government is once again meeting with global partners to try and develop an effective strategy to fight (and win) the war against ransomware. Tech companies like Microsoft are joining as well, bringing their valuable, first-hand expertise to the table.
Cybercriminals are taking advantage of Twitter verification revamp
Don't fall for that phishing email
Emotion analysis technologies could be "immature and discriminating," says UK privacy authority
A hot potato: The United Kingdom's independent authority for privacy doesn't want companies or organizations to use emotion analysis systems based on biometric traits. It's an untested and nascent technology that could even fail to materialize at all.
Reflection DDoS attacks are on the rise again
Why it matters: A resurgence in vulnerable CLDAP servers is making DDoS attacks more powerful and dangerous. Windows network administrators should adopt strict security practices or take the server off the internet if there is no practical need for using the CLDAP protocol.
iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild
PSA: Apple has averaged about one zero-day vulnerability per month since January. The latest came with iOS 16, which hackers may have actively exploited over the last month. Apple issued iOS and iPadOS versions 16.1 and 16 earlier this week. Users with compatible devices should update them immediately.
Samsung's Maintenance Mode aims to hide your private information from repair techs
Rolling out now on select Samsung Galaxy devices
"Dormant Color" malware infects millions of PCs with malicious Chrome extensions
What just happened? Researchers with Guardio Security uncovered a "vast campaign" of malicious data-collecting browser extensions. The analysts dubbed it "Dormant Colors" because of the malware's focus on color and style themes — Action Colors, Power Colors, Super Colors, and so on. Dormant Colors consists of 30 different extensions that millions of users have downloaded.
Clearview AI fined for violating the European GDPR privacy law
In context: French authorities have imposed the maximum possible fine against Clearview AI, a biometric startup selling its controversial facial recognition technology to governments and law enforcement worldwide. The company must delete the data already acquired on French citizens or face an additional €100,000 fine per day.
Microsoft is testing its own CCleaner alternative
New PC Manager app helps clean up files, but also pushes Edge
Qatar 'requires' World Cup visitors to install state-sponsored 'spyware' on their phones
Authorities would literally be able to read, edit, or delete any information on your phone
BlackLotus, the new UEFI rootkit that makes security researchers worry
Why it matters: "BlackLotus" is being offered on underground forums as an all-powerful firmware rootkit, capable of surviving any removal effort and bypassing the most advanced Windows protections. If actual malware samples can prove the offer is real, of course.
KataOS is Google's new operating system for machine learning applications
An experimental OS designed to be mathematically secure
Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives
Windows' built-in antivirus shines when using the cloud, doesn't without it
Security researchers show off the RTX 4090's password cracking power
The new GPU significantly reduces the time required to obtain or recover user passwords
Ford says the upcoming Mustang will be "much more difficult" to tune, thanks to beefed up cybersecurity
Seventh generation of the iconic muscle car might not please aftermarket tuners
Microsoft extends brute-force attack protections to local Windows accounts
All Windows versions will be better protected against recurring login attempts