Philip Choo

0 Comments
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Confluence
0 Comments
A couple from California who were convicted of using fake or stolen identities to claim millions of dollars in Covid-19 relief fraud fraudulently have gone on the run. Authorities said that Encino residents 37-year-old Marietta Terabelian and 43-year-old Richard Ayvazyan cut off their electronic monitoring anklets and absconded. In June, the husband and wife were found guilty of
0 Comments
Portcast founders Dr. Lingxiao Xia and Nidhi Gupta For many manufacturers and freight forwarders, managing logistics is still a very manual process: tracking shipments with a call or online lookup, and entering that data into an Excel spreadsheet. Portcast, which describes itself as a “next-generation logistics operating system,” makes the process more efficient by gathering
0 Comments
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a “legally binding order from the Swiss Federal Department of Justice” related to a collective
0 Comments
Western media channels are being systematically manipulated to spread pro-Russian government propaganda and disinformation, according to a new report by the Crime and Security Research Institute at Cardiff University. The researchers said they uncovered evidence that “provocative” pro-Russian or anti-Western statements were being systematically posted in reader comments sections in articles relating to Russia in 32 prominent
0 Comments
A critical vulnerability in Atlassian’s Confluence Server software is now under active attack. Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open
0 Comments
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise La sortie d’applications mobiles permettant le stockage et la vérification du passeport vaccinal par le gouvernement du Québec (VaxiCode et VaxiCode Vérif) a fait couler beaucoup d’encre la semaine dernière. C’est avec raison; l’application
0 Comments
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U’s implementation of the
0 Comments
Another Accellion breach victim has been named nine months after threat actors exploited zero-day vulnerabilities in the company’s File Transfer Application. Beaumont Health has notified approximately 1500 patient that their personal data may have been compromised in the December attack on Accellion software.  Goodwin Procter LLP, which was hired by Beaumont to provide legal services, used Accellion’s File Transfer software
0 Comments
Authored by ChanUng Pak   McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending to be a tax-filing application. We have identified two main campaigns that used different fake app themes to lure in taxpayers. The first campaign from November 2020 pretended to be a fake IT certificate application while the second campaign, first seen in May 2021, used the fake tax-filing theme. With this discovery,
0 Comments
Hello friends, and welcome back to Week in Review. Last week, we dove into the truly bizarre machinations of the NFT market. This week, we’re talking about something that’s a little bit more impactful on the current state of the web — Apple’s NeuralHash kerfuffle. If you’re reading this on the TechCrunch site, you can
0 Comments
Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided
0 Comments
Two new senior cybersecurity appointments have been announced by the United States Department of Homeland Security. Former lead solution engineer at Salesforce, David Larrimore, has been named as the Department’s chief technology officer. Between 2016 and 2019, Larrimore occupied the same position at the Immigration and Customs Enforcement (ICE) component. Other roles held by Larrimore include an
0 Comments
Seksom Suriyapa was seemingly destined to land at a venture firm. A Stanford Law graduate, he worked at two blue-chip investment banks before joining the cybersecurity company McAfee as a senior corp dev employee, later logging six years at the human resources software company SuccessFactors and, in 2018, landing at Twitter, where he headed up
0 Comments
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the
0 Comments
by Paul Ducklin [02’00”] Security code flushes out security bugs. [15’48”] Recursion: see recursion. [26’34”] Phishing (and lots of it). [33’09”] Oh! No! The Windows desktop that got so big it imploded. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to
0 Comments
Kalepa, an insurance underwriting platform based out of New York, has raised a $14 million Series A funding round led by Inspired Capital, with participation from previous investor IA Ventures. Also participating was Gokul Rajaram of Doordash, Coinbase, and formerly of Google, Jackie Reses, formerly of Square, and Henry Ward of Carta. Founded by Paul