Ars Technica

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

| | 1Password, A Little Sunshine, AdBlock Plus, Ars Technica, Chainalysis, Data breaches, Karim Toubba, lastpass breach, MetaMask, Nicholas Weaver, Nick Bax, Plex, Taylor Monahan, The Coming Storm, Unciphered, Web Fraud 2.0, Wladimir Palant
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a ...
Krebs on Security
How Malicious Android Apps Slip Into Disguise

How Malicious Android Apps Slip Into Disguise

| | A Little Sunshine, Aleksandr Eremin, Anatsa, android malware, Ars Technica, Google Play, The Coming Storm, ThreatFabric, Web Fraud 2.0
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into benign mobile apps and evade security scanning tools. Google says ...
Krebs on Security
Actions Target Russian Govt. Botnet, Hydra Dark Market

Actions Target Russian Govt. Botnet, Hydra Dark Market

| | Ars Technica, Asus, Beserk Bear, Cyclops Blink, Dan Goodin, Dragonfly 2.0, FBI, Federal Security Service, Garantex, German Federal Criminal Police Office, GRU, Hydra Market, Main Intelligence Directorate, Ne'er-Do-Well News, NotPetya, Ransomware, Russian FSB, Sandworm, TRISIS, triton, U.S. Department of Justice, U.S. Department of Treasury, Voodoo Bear, VPNFilter, WatchGuard, Web Fraud 2.0
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in ...
Krebs on Security
Microsoft Patch Tuesday, February 2022 Edition

Microsoft Patch Tuesday, February 2022 Edition

| | Allan Liska, Andrew Cunningham, Ars Technica, CVE-2022-21989, CVE-2022-21996, CVE-2022-22005, Greg Wiseman, Immersive Labs, Kevin Breen, Print Spooler, rapid7, Recorded Future, Time to Patch, Win32k
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month's relatively light patch batch is refreshingly bereft of any zero-day threats, or even ...
Krebs on Security
Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

| | Apple AirTag, Ars Technica, Bobby Rauch, Good Samaritan attack, Jim Salter, Latest Warnings, Washington Post, Web Fraud 2.0
The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its ...
Krebs on Security
Exploiting (and Patching) a Zero Day RCE Vulnerability in a Western Digital NAS

Another 0-Day Looms for Many Western Digital Users

| | Ars Technica, Dan Goodin, Latest Warnings, MyBook Live, MyCloud OS 3, MyCloud OS 5, Pedro Ribeiro, PWN2OWN, Radek Domanski, The Coming Storm, Time to Patch, Western Digital
Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as ...
Krebs on Security
MyBook Users Urged to Unplug Devices from Internet

MyBook Users Urged to Unplug Devices from Internet

| | Ars Technica, Bleeping Computer, CVE-2018-18472, Latest Warnings, MyBook, MyBook Live, MyBook Live Duo, National Vulnerability Database, Time to Patch, Western Digital, Wizcase.com
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives ...
Krebs on Security
VMware Flaw a Vector in SolarWinds Breach?

VMware Flaw a Vector in SolarWinds Breach?

| | APT 29, Ars Technica, cisa, Cozy Bear, Cyber Security and Infrastructure Security Agency, Data breaches, Duo, FSB, Microsoft Outlook Web App, New York Times, nsa, SAML token compromise, Security Assertion Markup Language, The Coming Storm, U.S. National Security Agency, VMware, Volexity, Washington Post
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack ...
Krebs on Security
Panel Discussion: John Strand, Christopher Nickerson, & Deviant Ollam - Awareness Con 2019

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

| | A Little Sunshine, Ars Technica, Chad Leonard, Chris Nickerson, Coalfire, Dallas County, Dallas County Attorney Charles Sinnard, Dan Goodin, Gary DeMercurio, Justin Wynn, Matthew Linholm, Sen. Zach Whiting, State Sen. Amy Sinclair, Tom McAndrew
On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested ...
Krebs on Security
10/1/18: Dtex, Insider Threat, Privacy News: Welcome to Cybersecurity Awareness Month! CEO Christy Wyatt Reveals Trusted Insider Strategy, Provides How To for Insider Negligence; Five Years Post Snowden, NSA Insiders Still Removing Classified Data

10/1/18: Dtex, Insider Threat, Privacy News: Welcome to Cybersecurity Awareness Month! CEO Christy Wyatt Reveals Trusted Insider Strategy, Provides How To for Insider Negligence; Five Years Post Snowden, NSA Insiders Still Removing Classified Data

| | Ars Technica, ChristyWyatt, Cybersecurity Awareness Month, DHS, DOJ, Dtex, facebook, FBI, Forrester, Infosecurity Magazine, insider threat, Nghia Hoang Pho, nsa, SecurityWeek, The New York Times, Trusted Insider
Welcome to Cybersecurity Awareness Month. Every year the United States Department of Homeland Security (DHS) uses October to highlight awareness for the importance of cybersecurity. The collaborative effort between the public and ...
Dtex Systems