Windows Server Update Services put on ice as Microsoft pushes for the cloud
WSUS will continue to work, but will see no new features
Necro Trojan resurfaces on Android, infects 11 million devices via popular apps
The latest version has new features and infiltration methods
Apple's latest macOS update is causing headaches for security programs
Break different: Apple recently released the latest version of macOS, but things aren't going smoothly for Sequoia. The operating system is reportedly causing serious compatibility issues for security tool vendors, and it appears Cupertino was aware that the OS wasn't fully ready for prime time.
German investigators successfully tracked suspects inside the Tor network
Tor Browser developers say the program is still safe to use
International law enforcement shuts down cybercrime communication platform Ghost
A major blow to digitally-adapted organized crime
PKfail security flaw is far more extensive than initially thought
Facepalm: Binarly analysts have issued a new warning just a couple of months after unveiling a security issue related to compromised platform keys used to enforce Secure Boot protection. The PKfail problem affects a significantly larger pool of devices and brands, and is not limited to firmware products developed by AMI.
Novel phishing attack uses "no-escape" kiosk mode in Chrome to extract passwords
The quick fix is Control-Alt-Delete
Discord introduces passwordless logins, end-to-end encryption for calls
Discord is introducing passwordless login through biometric passkeys, such as Face ID and Touch ID. Also, Discord is migrating audio and video calls (but not text messaging) to a new system that features end-to-end encryption by default.
Malware has infected 1.3 million Android TV boxes in 197 countries
The backdoor can download and install additional malware
This AI claims to predict crimes before they happen based on real-time CCTV analysis
Is this the future of crime prevention?
Microsoft plans to move security software out of the Windows kernel
Significant changes could be coming in the not-so-distant future
Ford's advertising patent suggests listening to in-car conversations for personalized ads
It's not the first controversial patent Ford (or many large companies) has pursued
What now? Ransomware victim pays hacker, but decryption key fails
Hazard ransomware is good at encrypting files, less so at decrypting them
Russia is willing to spend some $660 million to bolster internet censorship
The system mainly targets VPN services that Russians use to access the internet
Lawmakers ask FTC to determine if AI generated article summaries are anti-competitive
Data collection has never been as powerful or lucrative as it is right now
A hot potato: Currently, the AI industry is the Wild West. There are very few laws on the books that govern the market. This lack of formal regulation has led to AI firms operating on the honor system, promising to effectively self-regulate, but democrats in the US Senate believe the self-regulation experiment has failed. They're now asking trade regulators to see if they can find any antitrust violations, especially in AI-generated content summaries.
FBI says Americans lost $5.6 billion to crypto scams only in the last year
A 45% increase from 2022 from nearly 70,000 victim complaints
Two ex-Samsung executives arrested for stealing chip technology to build factory in China
The stolen technology has been valued at $3.2 billion
Major TSA security flaw exposed, simple SQL vulnerability could have allowed access to airplane cockpits
An attacker could have added fake pilots to the roster using SQL injection
Microsoft is trying to kill ActiveX controls in Office for good
In context: Microsoft introduced ActiveX in 1996 during Windows 95 days. So, in technological terms, it's ancient. Redmond designed it as a developer framework, allowing users to embed interactive objects into Windows applications and Internet Explorer. However, ActiveX eventually became a security threat that the tech giant's engineers are understandably trying to remove.
Researchers extract data from air-gapped PC by monitoring RAM's electromagnetic radiation
Effective up to 23 feet away
New Android malware uses OCR to steal crypto wallet keys from images
Researchers believe an iPhone version is also in the works
Analysis of thousands of channels reveals Telegram is flooded with criminal networks
Drug dealers, scammers, white nationalists, and toxic content thrive on the platform
Newly discovered flaw makes some YubiKeys vulnerable to cloning
All YubiKey models running firmware prior to version 5.7 are affected
Navy discovers hidden Starlink dish on US warship after spotting Wi-Fi network named "STINKY"
WTF?! Navy personnel deployed for months at sea miss certain creature comforts, including a reliable internet connection. Starlink, with its ability to connect just about anywhere on earth, including in the middle of the ocean, was too tempting for a group of chiefs to resist, so they illegally installed it as part of their preparations for a deployment. They were caught and prosecuted but the incident may also prompt a reevaluation of internet access policies on deployed vessels – or at least better safety protocols.
Zyxel issues patches for nine critical vulnerabilities affecting over 50 access points and routers
Admins: Update your Zyxel networking firmware ASAP