Pulse of Truth
- www.itpro.com Security researchers set up an API honeypot to dupe hackers – and the results were startling
A mock API attracted hackers immediately, with attacks coming from all over the world
A mock API attracted hackers immediately, with attacks coming from all over the world
- gizmodo.com Thousands of Satellites Shift Position as the Sun Unleashes Violent Outbursts
The recent geomagnetic storms have resulted in a mass migration of satellites in low Earth orbit.
- Krispy Kreme Doughnut Corporation admits to hole in securitygo.theregister.com Krispy Kreme admits there's a hole in its security
Belly-busting biz says it's been hit by cowardly custards
Belly-busting biz says it's been hit by cowardly custards Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.…
- thehackernews.com Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Microsoft’s MFA flaw, AuthQuake, let attackers bypass protections in 3 minutes. Fixed October 2024.
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
- www.theverge.com Android is making it easier to find unknown trackers to prevent stalking
The features are rolling out to Find My Device compatible tags.
Illustration by Alex Castro / The Verge
Google is rolling out two new updates to its unknown tracker alerts feature that should make it easier for Android device owners to detect unfamiliar trackers, the company announced on Wednesday. Introduced in July 2023, the safety feature automatically sends notifications if an unwanted Bluetooth tracker is traveling with you. The first update lets Android phone owners temporarily stop sending location updates to the Find My Device network if an unknown compatible tracker is detected. Google will pause these updates for up to 24 hours, so your location will no longer be visible to whoever could be monitoring your location via the tag. Second, anybody who receives an unknown tracker alert will be able to locate the unwanted Find My Device-compatible tracker using the “Find Nearby” feature. Once you’ve found it, Google will also offer instructions for how to physically disable the tag. Over the years, Bluetooth trackers have been increasingly misused. Domestic abusers and stalkers have, for example, used it to keep tabs on victims, with one class action lawsuit claiming AirTag stalking had contributed to “multiple murders.” In response, Apple and Google have made various efforts to combat stalking, including an announcement earlier this year indicating support for a new industry specification, Detecting Unwanted Location Trackers, that works on both iOS and Android.
- How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges -- none of which are physically located there.
- Symmetrical Cryptography Pioneer Targets the Post-Quantum Erawww.darkreading.com Symmetrical Cryptography Pioneer Targets Post-Quantum Era
Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.
- BadRAM: $10 hack unlocks AMD encrypted memorywww.helpnetsecurity.com BadRAM: $10 hack unlocks AMD encrypted memory - Help Net Security
BadRAM (CVE-2024-21944) affects ADM processors, and can be triggered by rogue memory modules to unlock the chips' encrypted memory.
Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi Pico, for a cost of around $10 “We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass AMD’s Secure Encrypted Virtualization (SEV) protections — including AMD’s … More → The post BadRAM: $10 hack unlocks AMD encrypted memory appeared first on Help Net Security.
- Operation PowerOFF shuts down 27 DDoS-for-hire platforms
Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as "booters" or "stressers," arrested three administrators, and identified 300 customers of the platforms. [...]