IoT
Featured Technology

NAME:WRECK vulnerabilities impact millions of smart and industrial devices

Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria — which the company describes as “an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks.”

Google Chrome
Featured Technology

Security researcher drops Chrome and Edge exploit on Twitter

An Indian security researcher has published details today about a zero-day vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave.

DHS
Featured Government Leadership Nation-state People

‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails

Former Acting Secretary for the Department of Homeland Security Chad Wolf on Monday recounted the intense first days of the SolarWinds crisis, and remarked on recent reports that the suspected Russian hackers behind the attack had gained access to his email account. “My first question was: were these unclassified email accounts? The answer was yes,” Wolf said at a virtual talk hosted by the Heritage Foundation. “It’s still concerning, but it would have been even more of a concern if they had access to the lines that DHS does its most sensitive work on.”

White House
Featured Government Leadership People

White House announces leadership picks for CISA and National Cyber Director role

The Biden administration on Monday said it has picked two National Security Agency veterans to serve in top cybersecurity leadership roles. Chris Inglis will be nominated to serve as the country’s first National Cyber Director, and Jen Easterly will be tapped to run the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. Both positions require Senate confirmation, which could take several months…

LinkedIn
Cybercrime Featured Technology

LinkedIn denies 500 million user data breach

LinkedIn has formally denied a rumor that it suffered a devastating security breach that exposed the account details of more than 500 million of its registered users.

contact form
Cybercrime Featured Technology

Microsoft: Malware gang uses website contact forms for distribution

Microsoft said today it spotted a cybercrime operation abusing contact forms on legitimate websites to target companies and their workers in attempts to infect them with the IcedID malware.

Android apps
Featured Technology

Official client for the APKPure Android app store compromised with malware

The official client for APKPure, the second-largest Android app store after the Google Play Store, was compromised with malware this week, three security firms said on Friday.

Amazon
Featured Technology

US arrests suspect who wanted to blow up AWS data center

The FBI has arrested on Thursday a Texas man who planned to blow up one of the Amazon Web Services (AWS) data centers in an attempt to “kill of about 70% of the internet.”

Maze
Cybercrime Featured

Maze/Egregor ransomware cartel estimated to have made $75 million

The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.

Huawei
Featured Technology

Android malware found on Huawei’s official app store

A security firm said this week it found malware on Huawei’s official Android app store, the AppGallery. Russian antivirus maker Dr.Web said it found ten apps from three developers that were infected with Joker, a type of Android malware that subscribes users to premium phone services in a tactic known as WAP fraud.