Pulse of Truth

The distro's greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.…

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. [...]

A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.

Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.…

No customer, partner info stolen, spokesperson tells The Reg Dell has confirmed that criminals broke into its IT environment and stole some of its data — but told The Register that it's "primarily synthetic (fake) data."…

Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to divorce lawyers and other industries.

Alaska warned passengers to brace for likely delays throughout the day.

A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP Logistics, a Northamptonshire […] The post Weak Password Let Ransomware Gang Destroy 158-Year-Old Company appeared first on Cyber Security News.

Since the ongoing “ToolShell” exploitation campaign, in which threat actors attack on-premise Sharpoint servers using a chain of two recently published vulnerabilities[1,2,3], is still on top of the cyber security news[4,5,6,7], I thought it might be a good time to look at the question of how quickly do we – as a global society – actually patch actively-exploited vulnerabilities when it comes to our internet-facing systems.

We loved keygens back in the day. Our lawyers advise us to clarify that it’s because of the demo-scene style music embedded in them, not because we used them for …read more

The recent Co-op cyberattack exposed more than just lax security. It revealed two deeper, systematic problems within the retail sector; an overreliance on vulnerable third party technology, and the unchecked collection of personal data through so-called loyalty schemes. Both deserve scrutiny and even regulation.

Microsoft announced yesterday that a newly discovered critical remote code execution vulnerability in SharePoint is being exploited. There is no patch available. As a workaround, Microsoft suggests using Microsoft Defender to detect any attacks. To use Defender, you must first configure the AMSI integration to give Defender visibility into SharePoint. Recent versions of SharePoint have the AMSI integration enabled by default.

A new study suggests that certain brain activity patterns may be linked to feeling less groggy in the morning.

The cybersecurity landscape has witnessed an unprecedented surge in malicious scanning activity, with DShield honeypots recording over one million log entries in a single day for the first time in their operational history. This dramatic escalation represents a significant shift from typical honeypot activity patterns, where such high-volume events were previously considered exceptional rather than […] The post DShield Honeypot Scanning Reaches Record-High – 1,000,000+ Logs in a Day appeared first on Cyber Security News.

Silk Road criminal tipped police off to dirty cop who stole 50 seized bitcoins.

Delta Air Lines is leaning into dynamic ticket pricing that uses artificial intelligence to individually determine the highest fee you’d willingly pay for flights, according to comments Fortune spotted in the company’s latest earnings call. Following a limited test of the technology last year, Delta is planning to shift away from static ticket prices entirely […]

The future of cybersecurity awareness might just be… gluten-based.

Comments

The announcement marks the second major Salt Typhoon incident in the space of two years

404 Media has seen user manuals for Mobile Fortify, ICE’s new facial recognition app which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face.

The Chinese have a new tool called Massistant.

Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services. Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel...

Computer scientist Peter Gutmann tells The Reg why it's 'bollocks' The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.…

Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. It’s quick and easy. But behind the convenience is a growing privacy concern that most users know little about. A new study from Incogni digs into just how much personal information BNPL apps collect and share. The research looked at eight of the most popular BNPL apps … More → The post Buy Now, Pay Later… with your data appeared first on Help Net Security.

In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the full scope of network security issues, they are still a critical component to track as part of a security program. Over the last 25 years, the CVE program has evolved into a critical, shared, and global … More → The post Why we must go beyond tooling and CVEs to illuminate security blind spots appeared first on Help Net Security.