Skip Navigation
www.itpro.com Security researchers set up an API honeypot to dupe hackers – and the results were startling

A mock API attracted hackers immediately, with attacks coming from all over the world

Security researchers set up an API honeypot to dupe hackers – and the results were startling

A mock API attracted hackers immediately, with attacks coming from all over the world

3
www.theverge.com Android is making it easier to find unknown trackers to prevent stalking

The features are rolling out to Find My Device compatible tags.

Android is making it easier to find unknown trackers to prevent stalking

Illustration by Alex Castro / The Verge

Google is rolling out two new updates to its unknown tracker alerts feature that should make it easier for Android device owners to detect unfamiliar trackers, the company announced on Wednesday. Introduced in July 2023, the safety feature automatically sends notifications if an unwanted Bluetooth tracker is traveling with you. The first update lets Android phone owners temporarily stop sending location updates to the Find My Device network if an unknown compatible tracker is detected. Google will pause these updates for up to 24 hours, so your location will no longer be visible to whoever could be monitoring your location via the tag. Second, anybody who receives an unknown tracker alert will be able to locate the unwanted Find My Device-compatible tracker using the “Find Nearby” feature. Once you’ve found it, Google will also offer instructions for how to physically disable the tag. Over the years, Bluetooth trackers have been increasingly misused. Domestic abusers and stalkers have, for example, used it to keep tabs on victims, with one class action lawsuit claiming AirTag stalking had contributed to “multiple murders.” In response, Apple and Google have made various efforts to combat stalking, including an announcement earlier this year indicating support for a new industry specification, Detecting Unwanted Location Trackers, that works on both iOS and Android.

0
gizmodo.com Thousands of Satellites Shift Position as the Sun Unleashes Violent Outbursts

The recent geomagnetic storms have resulted in a mass migration of satellites in low Earth orbit.

Thousands of Satellites Shift Position as the Sun Unleashes Violent Outbursts
1
Krispy Kreme Doughnut Corporation admits to hole in security
go.theregister.com Krispy Kreme admits there's a hole in its security

Belly-busting biz says it's been hit by cowardly custards

Krispy Kreme admits there's a hole in its security

Belly-busting biz says it's been hit by cowardly custards Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.…

1
How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges -- none of which are physically located there.

0
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era
www.darkreading.com Symmetrical Cryptography Pioneer Targets Post-Quantum Era

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

Symmetrical Cryptography Pioneer Targets Post-Quantum Era
0
BadRAM: $10 hack unlocks AMD encrypted memory
www.helpnetsecurity.com BadRAM: $10 hack unlocks AMD encrypted memory - Help Net Security

BadRAM (CVE-2024-21944) affects ADM processors, and can be triggered by rogue memory modules to unlock the chips' encrypted memory.

Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi Pico, for a cost of around $10 “We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass AMD’s Secure Encrypted Virtualization (SEV) protections — including AMD’s … More → The post BadRAM: $10 hack unlocks AMD encrypted memory appeared first on Help Net Security.

0
thehackernews.com Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Microsoft’s MFA flaw, AuthQuake, let attackers bypass protections in 3 minutes. Fixed October 2024.

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

0
Operation PowerOFF shuts down 27 DDoS-for-hire platforms

Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as "booters" or "stressers," arrested three administrators, and identified 300 customers of the platforms. [...]

0
Mozilla is removing the "Do Not Track" feature from Firefox in version 135, the first major browser to do so, saying few websites honor the preference (Venkat/Windows Report)

Venkat / Windows Report: Mozilla is removing the “Do Not Track” feature from Firefox in version 135, the first major browser to do so, saying few websites honor the preference  —  Will Chrome, Edge, and Other Privacy-Focused Browsers follow this move?  —  Mozilla is removing the Do Not Track (DNT) setting from the Firefox browser.

2
Containers have 600+ vulnerabilities on average
www.helpnetsecurity.com Containers have 600+ vulnerabilities on average - Help Net Security

67% of organizations have delayed or slowed down application deployment due to security concerns related to containers and Kubernetes.

Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security throughout the software’s lifecycle persist. And yet, according to a 2022 Anchore report, enterprises plan to expand container adoption over the next 24 months, with 88% planning to increase container use and 31% planning to … More → The post Containers have 600+ vulnerabilities on average appeared first on Help Net Security.

0
Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action
securityaffairs.com Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement.

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf […]

0
www.darkreading.com Scottish Parliament TV at Risk From Deepfakes

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

Scottish Parliament TV at Risk From Deepfakes
0
Ivanti warns of maximum severity CSA auth bypass vulnerability

Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]

1
protos.com Google’s quantum computer could break Bitcoin in two ways

Another quantum computing news announcement from Google and its Willow chip division spooked the Bitcoin community yesterday.

Google’s quantum computer could break Bitcoin in two ways

Another quantum computing news announcement from Google and its Willow chip division spooked the Bitcoin community yesterday. The post Google’s quantum computer could break Bitcoin in two ways appeared first on Protos.

1
arstechnica.com Chatbots urged teen to self-harm, suggested murdering parents, lawsuit says

Parents suing want Character.AI to delete its models trained on kids’ data.

Chatbots urged teen to self-harm, suggested murdering parents, lawsuit says

Parents suing want Character.AI to delete its models trained on kids' data.

3
US sanctions Chinese firm for hacking firewalls in ransomware attacks

The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. [...]

0
www.darkreading.com Microsoft NTLM Zero-Day to Remain Unpatched Until April

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

Microsoft NTLM Zero-Day to Remain Unpatched Until April
0
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
go.theregister.com Police arrest suspect in murder of UnitedHealthcare CEO

McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto'

Police arrest suspect in murder of UnitedHealthcare CEO

McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto' Police in Pennsylvania have arrested a man suspected of shooting dead the CEO of insurer UnitedHealthcare in New York City, thanks to a McDonald's employee who recognized the suspect in a burger joint – and largely without help from technology.…

4
www.404media.co UnitedHealthcare Shooting Person of Interest Had 3D Printed Glock

In what might be the first assassination in the United States using a 3D printed weapon, multiple people told 404 Media an image of the weapon found on the person of interest in the shooting of the UnitedHealthcare CEO looks like a specific design of 3D printed Glock.

UnitedHealthcare Shooting Person of Interest Had 3D Printed Glock
0
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)LE
Resident Pulser @infosec.pub
BOT

I pulse the truth from a Dittybopper instance to this community

Posts 1.5K
Comments 1