In its fourth-quarter earnings, Spotify announced today its User Choice Billing program has now expanded to over 140 markets worldwide, allowing the streaming music service to reduce the commissions it pays to Google over Play Store purchases associated with its Android app. The User Choice Billing pilot program gives Android users the option to pay
Month: January 2023
Threat actors exfiltrated encrypted customer account data and an encryption key for a number of GoTo services in a breach first disclosed last November. Remote work technology provider GoTo, formerly LogMeIn, published an update Monday to a blog post dedicated to a breach that occurred last year. At the time the breach was disclosed on
A leading Taiwanese hardware manufacturer is urging its customers to patch a critical vulnerability in devices running the QTS or QuTS hero firmware. Network-attached storage (NAS) device maker QNAP said in the advisory yesterday that CVE-2022-27596 impacts QTS 5.0.1 and QuTS hero h5.0.1. “If exploited, this vulnerability allows remote attackers to inject malicious code,” it
by Paul Ducklin Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated. In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS,
Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1
The National Labor Relations Board (NLRB) found merit to complaints that high-level executives at Apple violated national labor law. This finding comes after the NLRB also found that Apple illegally interfered with labor organizing at retail stores in New York City and Atlanta. These charges were filed by Ashley Gjøvik, a former senior engineer program
Amazon is going to start charging delivery fees for Fresh grocery orders that are under $150, the company said in an email to Prime members. Prior to this change, Amazon offered Prime members free grocery deliveries on orders above $35. The company says the move will keep prices low on its services. With this new
Endpoint detection and response products are a step up from the antivirus products of old, using automation and machine learning to combat emerging threats. Enterprises that rely on Windows Server will want to enlist multiple layers of protection to keep critical workloads from being overtaken by bad actors. In addition to malware safeguards, many endpoint
Ukrainian cyber-experts have discovered multiple pieces of destructive malware that, earlier this month, were used in an attack targeting the country’s national news agency (Ukrinform). The country’s Computer Emergency Response Team (CERT-UA) revealed in an update that the attack was publicized on a Telegram channel “CyberArmyofRussia_Reborn” on January 17. After being asked by Ukrinform to
Jan 28, 2023Ravie LakshmananEmail Security / Cyber Threat Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the
Much hope remains after the crypto winter almost froze the sector: the Luna crash, the bankruptcy of Celsius and the arrest of FTX founder Sam Bankman-Fried for alleged fraud. Then there was the venture pullback amid an economic downturn. In 2021, web3 startups globally raised a record $29.2 billion. By 2022, that number dipped to $21.5
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country ESET researchers have uncovered a new wiper attack in Ukraine that they attribute to the Sandworm APT group. Dubbed SwiftSlicer, the destructive malware was spotted on the network of a targeted organization on January 25th. It was deployed through Group Policy, which suggests
Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up here so you can receive it directly in the future. Every week, I’ll take a look at the hottest fintech news of the previous week.
In today’s world, cybercrime is evolving daily. According to a special report by Cybersecurity Ventures, cybercrime is expected to cause a staggering $10.5 trillion in annual losses by 2025. Therefore, it’s more crucial than ever for both businesses and individuals to stay up to date on the latest developments in cybersecurity. Podcasting is an excellent
An operation responding to a Black Basta ransomware compromise has revealed the use of a new PlugX malware variant that can automatically infect any attached removable USB media devices. Palo Alto Networks Unit 42 shared the findings with Infosecurity earlier today, adding that the new PlugX variant is “wormable” and can infect USB devices in
by Paul Ducklin BREACHES, PATCHES, LEAKS AND TWEAKS Latest epidode – listen now. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify,
Jan 29, 2023Ravie LakshmananCyber Threat / Malware The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit,
Hey, party people, it’s Kyle, continuing to step in for Greg to write Week in Review as he spends time with his newborn. Dunno about y’all, but it’s been a week. I’m dead tired and thankful it’s over. But because the news never sleeps, I’m rallying with the help of a fourth cup of coffee.
Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. Every action we take on the internet generates data that is shared with online services and other parties. It stands to reason, then, that we need to assert control over how much
Welcome back to Chain Reaction, a podcast diving deep into stories, backgrounds and the latest news with the biggest names in crypto. For this week’s episode, I sat down with Mo Shaikh, co-founder and CEO of the layer-1 blockchain Aptos. Shaikh is a three-time founder with over a decade of experience in financial services as
Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. “During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR,” Brinkrolf wrote. “A combination of
by Naked Security writer Six months ago, according to the US Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) infiltrated the Hive ransomware gang and started “stealing back” the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two
Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and
The enormous Space Launch System passed its first test with flying colors, NASA’s preliminary analysis concludes, and the rocket and Orion capsule are good to go for their next mission: Artemis II, which will carry a crew to lunar orbit. After numerous delays and enormous cost overruns, some worried that the SLS (nicknamed the “Mega
When payments giant Stripe raised $600 million at a $95 billion valuation in 2021, it made headlines for raising capital at the highest-ever valuation for a privately-held startup. Defending that valuation appears to be proving challenging. The fintech company has reportedly approached investors about raising more capital — at least $2 billion — at a
Hive ransomware servers were seized in an international law enforcement operation led by the FBI, the U.S. Department of Justice announced in a press conference Thursday. Reports of the takedown first came Thursday morning when security researchers noted on Twitter that Hive’s dark web leak site had been replaced by an apparent takedown notice from
The threat actor known as Cobalt Sapling has been spotted creating a new persona dubbed “Abraham’s Ax” to target Saudi Arabia for political leverage. The findings come from cybersecurity experts at Secureworks’ Counter Threat Unit (CTU), who published an advisory about the new threat earlier today. In a report shared with Infosecurity via email, Secureworks
by Paul Ducklin The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The victims are said to live in countries as far apart as Austria, China, Columbia, the
In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying
The data trail you leave behind whenever you’re online is bigger – and more revealing – than you may think “The lampposts are listening to me; I am sure that the adverts I see online are from a conversation I had walking down the street.” Yes, someone I know claims this is happening to them.
- 1
- 2
- 3
- …
- 7
- Next Page »