Google's app for generating MFA codes syncs to user accounts by default. Who knew?
With 70 zero-days uncovered so far this year, 2023 is on track to set a new record.
Google researchers say currently unfixed vulnerability affects a popular software package.
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.
Critics also decry Microsoft's "pay-to-play" monitoring that detected intrusions.
AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.
Microsoft blocks a new batch of system drivers, but the loophole empowering them remains.
SQL injection attacks on MOVEit file-transfer service likely to get worse.
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia.
Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.
When it announced iOS 16, iPadOS 16, and macOS Ventura at its Worldwide Developers Conference last summer, one of the features Apple introduced was something called "Rapid Security Response." The feature is meant to enable quicker and more frequent security patches for Apple's newest operating systems, especially for WebKit-related flaws that affect Safari and other apps that use Apple's built-in browser engine.
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
A handful of markets were responsible for trafficking most of the data.
Automation features make LockBit one of the more destructive pieces of ransomware.
Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.
Vice Society has a superpower that’s allowed it to quietly thrive: Mediocrity.
For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.
Hack of FishPig distribution server used to install Rekoobe on customer systems.
Unusually resourced threat actor has targeted multiple companies in recent days.
Turns out they're not all that rare. We just don't know how to find them.
