As with everything digital, there’s someone, somewhere devising a method to steal the assets away from their rightful owners Are you an NFT investor? If so, watch out, there’s a scammer about! As with everything digital, there’s someone, somewhere devising a method to steal these assets away from their rightful owner. Watch the video to
Month: May 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new five-step 5G Security Evaluation Process to help companies improve their security posture before deploying new 5G applications. More specifically, the new guidelines include information about relevant threat frameworks, 5G system security standards, industry security specifications, federal security guidance documents and methodologies to conduct cybersecurity
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could “allow an attacker to execute arbitrary code in the context of
To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. Happy Friday, Crunchers! It’s 27 May 2022, and we are slinking into a long weekend because it’s Memorial Day weekend here in the U.S. There’s no newsletter on Monday — Haje is
Manish Maheshwari, the former head of Twitter India, is leaving the startup he co-founded just six months ago following disagreements with co-founder and investors. “I am moving out of Invact to first take a break for a few months and then pursue new opportunities. It is heartbreaking for a founder to leave the startup, like
Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution As Unified Extensible Firmware Interface (UEFI) replaced legacy BIOS as the leading technology embedded into chips of modern computers and devices, it became vital to the security of the
Limited and fragmented ransomware reporting has a negative impact on national security, according to a U.S. Senate report. The report by the Committee on Homeland Security & Governmental Affairs this week noted how “fragmented and incomplete” reporting of ransomware attacks by victims has created a flawed picture of the threat landscape and has put federal
Pro-consumer website Comparitech has released a new report exploring legislation about child data collection in the world’s top 50 countries by gross domestic product (GDP). The document assessed 23 different aspects of these policies to assess whether specific legislation was in place for children’s online data or not. Aspects examined included requirements for privacy policies,
by Paul Ducklin We’ve often warned about the risks of browser extensions – not just for Chrome, but for any browser out there. That’s because browser extensions aren’t subject to the same strict controls as the content of web pages you download, otherwise they wouldn’t be extensions… …they’d basically just be locally-cached web pages. An
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new research published today. “An attacker running code on a vulnerable QCT server would be able to ‘hop’ from the server host to the BMC and move their attacks to the server management network,
Substack, the five-year-old newsletter platform that has aggressively positioned itself as a disruptive force in media, has abandoned efforts to raise a Series C round, the New York Times is reporting today. According to its sources, Substack held discussions with potential investors in recent months about raising $75 million to $100 million at a valuation
It’s a common problem among the superwealthy. Sure they can buy fancy clothes, jewelry and fast cars, but at the end of the day, they’re stuck using the same boring gadgets as the rest of us. How can they possibly extend their expensive and flashy taste to consumer electronics? Fortunately, from the bedazzled Nokias of
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant. Fitness trackers worn on the wrist, glucose monitors that test
Over the past decade, REST APIs have become a de facto architectural approach for modern web and mobile application platforms. They separate data and presentation layers, allowing systems to scale in size and feature sophistication over time. However, as data moves across boundaries, security becomes a key concern for REST APIs containing sensitive information. One
The Cybersecurity and Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws this week. The US federal agency has urged all organizations to remediate these vulnerabilities promptly to “reduce their exposure to cyber-attacks.” Federal Civilian Executive Branch (FCEB) agencies are required by law to remediate all vulnerabilities in the catalog by the specified
A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. “The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims,” Interpol said in a statement. Operation
Republican lawmakers are facing growing anger over the deadliest mass shooting at an American school in nearly a decade yesterday, with many of their constituents expressing frustration over their repeated votes against even modest gun control reforms. Social media can’t solve the problem. Indigov, a three-year-old, 70-person New York-based startup, can’t solve it either, but
The landmark regulation changed everyone’s mindset on how companies worldwide collect and use the personal data of EU citizens It was May 25th, 2018, and the sun was certainly shining in many of the (then) 28 European Union member states. In the offices of many companies in (and often also outside) the EU, this was
The process to make any purchase within a business can be long and cumbersome, involving multiple departments and lots of back and forth. A pair of Airbnb alums have teamed up to build a software business aimed at dramatically simplifying that process, or being, in their words, a “concierge for procurement.” That startup, Zip, has
The US government lacks comprehensive data on ransomware attacks, including how much is lost in payments, according to a new report by the United States Senate Committee on Homeland Security & Governmental Affairs. The report presented the findings of a 10-month investigation into the growing threat of ransomware. It cited FBI figures showing that the agency had
by Paul Ducklin A keen-eyed researcher at SANS recently wrote about a new and rather specific sort of supply chain attack against open-source software modules in Python and PHP. Following on-line discussions about a suspicious public Python module, Yee Ching Tok noted that a package called ctx in the popular PyPi repository had suddenly received
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is “ctx,” a Python module available in the PyPi repository. The other involves “phpass,” a PHP package that’s been forked on GitHub to distribute
To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. It’s the 24th of May, 2022, and today Amanda made us laugh with her “Welcome to Hell, we all drive Teslas,” subhead to her story about Everything you wanted to know about
When DigitialOcean bought Nimbella last year, you knew it intended to go deeper into serverless technologies, and sure enough the company announced a new feature called DigitalOcean Functions today, based on Nimbella technology. DigitalOcean offers cloud infrastructure services at a price point below that of the Big 3, making it popular with developers. Gabe Monroy,
After Herminio Rodriguez started work as director of IT for the city of Sarasota, Fla., he discovered an issue with the city’s backups. “Nothing worked,” Rodriguez said of the backup jobs, in an interview with SearchDataBackup at last week’s VeeamON user conference. It was time to make a change. He made it just in time.
The District of Columbia announced that it sued Meta Platforms Inc. CEO Mark Zuckerberg for his role in the data breach that allowed political consulting firm Cambridge Analytica to target Facebook users during the 2016 US presidential election. The “sweeping investigation” found that Zuckerberg had lax oversight of users and created misleading privacy agreements that resulted in
by Paul Ducklin Face-matching service Clearview AI has only been around for five years, but it has courted plenty of controversy in that time, both inside and outside the courtroom. Indeed, we’ve written about the Clearview AI many times since the start of 2020, when a class action suit was brought against the company in
As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry. Looking back at 2012, colored coins were the first hint of what we now call non-fungible tokens (NFTs), or nifties for some. Ten years later, these blockhain-based assets that
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and
- 1
- 2
- 3
- …
- 6
- Next Page »