Pulse of Truth
-
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.
- thehackernews.com AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition
Rhadamanthys malware now uses AI to extract cryptocurrency wallet seed phrases, posing a major threat to crypto users.
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
-
Euro cops arrest 4 including suspected LockBit dev chilling on holiday
go.theregister.com Four suspected LockBit ransomware gangsters nabbed in EuropeAnd what looks like proof stolen data was never deleted even after ransom paid
And what looks like proof stolen data was never deleted even after ransom paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…
-
Illustration by Alex Castro / The Verge
T-Mobile is investing millions of dollars into revamping its cybersecurity practices as part of a settlement with the US Federal Communications Commission. The company will also need to pay the US Treasury $15.75 million in civil penalties — the same amount as its internal cybersecurity investment. The commission says this “groundbreaking” settlement will serve as a model for the industry. Data breaches at T-Mobile in the last few years have leaked social security numbers, addresses, and driver’s license numbers for millions of people. The settlement clears up several T-Mobile investigations involving cybersecurity incidents in 2021, 2022, and 2023. The FCC press release says, “...these investigations developed evidence that the breaches...
Continue reading…
- arstechnica.com Crook made millions by breaking into execs’ Office365 inboxes, feds say
Email accounts inside 5 US companies unlawfully breached through password resets.
- www.theverge.com PlayStation Network is down, knocking PS5 and PS4 gamers offline
Something went really wrong.
Illustration by Alex Castro / The Verge
Gamers hoping to spend an evening in front of their PlayStation 5 or PlayStation 4 may be out of luck unless they enjoy single-player experiences (have you tried Astro Bot?). Sony’s gaming network is suffering a massive outage on Monday night. The official PSN Service Status page confirms problems affecting everything, “Other, PS Vita, PS3, PS4, PS5, Web.” If it’s PlayStation — it’s not working. The most recent update tagged 9:21PM ET says that for gaming, “You might have difficulty launching games, apps, or network features. We’re working to resolve the issue as soon as possible. Thank you for your patience.” On my end, attempting to launch a game brought up “PS5 error Code WS-116522-7,” and the associated webpage from Sony tells me...
Continue reading…
- www.newscientist.com Useful quantum computers are edging closer with recent milestones
Google, Microsoft and others have taken big steps towards error-free devices, hinting that quantum computers that solve real problems aren’t far away
-
Rackspace internal monitoring web servers hit by zero-day
go.theregister.com Rackspace systems hit by zero-day exploit of third-party appIntruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry
Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…
-
Man charged for selling forged license keys for network switches
The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...]
- arstechnica.com Systems used by courts and governments across the US riddled with vulnerabilities
With hundreds of courts and agencies affected, chances are one near you is, too.
-
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]
- go.theregister.com AI code helpers just can't stop inventing package names
LLMs are helpful, but don't use them for anything important
LLMs are helpful, but don't use them for anything important AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…
-
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'
go.theregister.com 'I break into buildings and pretend to be the bad guy'Alethe Denis exposes tricks that made you fall for that return-to-office survey
Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…
- hackaday.com Man-in-the-Middle PCB Unlocks HP Ink Cartridges
It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones inst…
It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many …read more
-
AI bots can now solve those pesky traffic light Captchas with 100% accuracy
Researchers from ETH Zurich have devised a machine learning program that can solve Google reCAPTCHA v2 image recognition challenges with perfect accuracy. Although these often-maligned tests are becoming obsolete, they still play an important role in internet security.Read Entire Article
- hackaday.com An ESP32 Delivers Perfect Slot Car Control
If your memory of slot cars as a childhood toy is of lightweight controllers with wire-wound rheostats inside, then you’re many years behind the state of the art when it comes to competitive …
If your memory of slot cars as a childhood toy is of lightweight controllers with wire-wound rheostats inside, then you’re many years behind the state of the art when it …read more
- www.theverge.com Welcome to Meta’s future, where everyone wears cameras
Meta really wants to put cameras on your face.
See that little circle? That’s a camera. | Photo by Vjeran Pavic / The Verge
All around Meta’s Menlo Park campus, cameras stared at me. I’m not talking about security cameras or my fellow reporters’ DSLRs. I’m not even talking about smartphones. I mean Ray-Ban and Meta’s smart glasses, which Meta hopes we’ll all — one day, in some form — wear. I visited Meta for this year’s Connect conference, where just about every hardware product involved cameras. They’re on the Ray-Ban Meta smart glasses that got a software update, the new Quest 3S virtual reality headset, and Meta’s prototype Orion AR glasses. Orion is what Meta calls a “time machine”: a functioning example of what full-fledged AR could look like, years before it will be consumer-ready. But on Meta’s campus, at least, the Ray-Bans were already everywhere. It...
Continue reading…
- eieio.games DOOM in the iOS Photos app (kind of)
Running DOOM in the iOS photos app with some shortcut abuse
Comments
-
LinkedIn’s AI Default Setting Is Not so Private for Users
LinkedIn’s AI-training kerfuffle is a stark reminder that telling users they can “opt out” of something is mostly meaningless. But first...
- arstechnica.com Meta pays the price for storing hundreds of millions of passwords in plaintext
Company failed to follow one of the most sacrosanct rules for password storage.
- hackaday.com Winamp A Few Days Later: You Can Fork, And Watch For GPL Violations
A few days ago the source code for the popular Winamp music player was released into the world, with as we reported at the time, a licence that left a lot to be desired. Since then it seems some of…
A few days ago the source code for the popular Winamp music player was released into the world, with as we reported at the time, a licence that left a …read more
-
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable
go.theregister.com Microsoft has some thoughts about Windows Recall securityAI screengrab service to be opt-in, features encryption, biometrics, enclaves, more
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…
- www.eff.org New Email Scam Includes Pictures of Your House. Don’t Fall For It.
You may have arrived at this post because you received an email with an attached PDF from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening....
You may have arrived at this post because you received an email with an attached PDF from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation, and how to respond to an apparently personalized threat that even includes your actual “LastNameFirstName.pdf” and a picture of your house. Don’t panic. Contrary to the claims in your email, you probably haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam —actually, a whole category of scams called "sextortion." This is a type of online phishing that is targeting people around the world and preying on digital-age fears. It generally uses publicly available information or information from data breaches, not information obtained from hacking the recipients of the emails specifically, and therefore it is very unlikely the sender has any "incriminating" photos or has actually hacked your accounts or devices. They begin the emails showing you your address, full name, and possibly a picture of your house. We’ll talk about a few steps to take to protect yourself, but the first and foremost piece of advice we have: do not pay the ransom. We have pasted an example of this email scam at the bottom of this post. The general gist is that a hacker claims to have compromised your computer and says[...]
- thehackernews.com Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%
Google's shift to Rust for Android has cut memory vulnerabilities by 52%, highlighting the benefits of safe coding.
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch
- restoreprivacy.com Mozilla Faces GDPR Complaint Over Firefox Tracking Users Without Consent
noyb has filed a complaint against Mozilla for enabling a feature in its Firefox browser that allegedly tracks users without their consent.
The European privacy rights organization noyb has filed a formal complaint against Mozilla for enabling a new feature in its Firefox browser that allegedly tracks users without their consent. The feature in question, called Privacy-Preserving Attribution (PPA), is designed to measure the effectiveness of online advertisements while minimizing data collection, but noyb claims it violates … The post Mozilla Faces GDPR Complaint Over Firefox Tracking Users Without Consent appeared first on RestorePrivacy.
-
That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices
go.theregister.com Critical doomsday Linux bug is CUPS-based vulnerabilityQuick fix: Remove cups-browsed, block UDP port 631
Quick fix: Remove cups-browsed, block UDP port 631 Updated After days of waiting and anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…
-
Source: Arm approached Intel about potentially buying Intel's product group, but not factory operations; Intel declined, saying the division isn't for sale (Ian King/Bloomberg)
www.techmeme.com Source: Arm approached Intel about potentially buying Intel's product group, but not factory operations; Intel declined, saying the division isn't for saleBy Ian King / Bloomberg. View the full context on Techmeme.
Ian King / Bloomberg: Source: Arm approached Intel about potentially buying Intel's product group, but not factory operations; Intel declined, saying the division isn't for sale — - Intel's rapid decline has spurred takeover speculation — Arm is interested in product group, not factory operations
- www.darkreading.com Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
- arstechnica.com Tails OS joins forces with Tor Project in merger
The organizations have worked closely together over the years.
- www.bloomberg.com Arm Is Rebuffed by Intel After Inquiring About Buying Product Unit
Arm Holdings Plc approached Intel Corp. about potentially buying the ailing chipmaker’s product division, only to be told that the business isn’t for sale, according to a person with direct knowledge of the matter.
-
A Danish CEO's Lessons From a Ransomware Bankruptcy
What happens when a small business can’t afford a ransomware payment? But first…
-
Kia dealer portal flaw could let attackers hack millions of cars
A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. [...]
-
Meta halts routing via Deutsche Telekom over €20M peering fee
Meta announced that it's ending its direct peering relationship with Deutsche Telekom following a court's ruling earlier this year that would oblige the tech firm to pay the telecom €20,000,000 to continue using its network. [...]
- news.mit.edu New security protocol shields data from attackers during cloud-based computation
MIT researchers developed a technique guaranteeing that data remain secure during multiparty, cloud-based computation. This method, which leverages the quantum properties of light, could enable organizations like hospitals or financial companies to use deep learning to securely analyze confidential ...
The technique leverages quantum properties of light to guarantee security while preserving the accuracy of a deep-learning model.
-
Who’s watching you the closest online? Google, duh
go.theregister.com Who is tracking web behavior the most? Google, obviouslyFour Chocolate Factory trackers cracked the Top 25 in all regions
Four Chocolate Factory trackers cracked the Top 25 in all regions Google, once again, is the "undisputed leader" when it comes to monitoring people's behavior on the internet, according to Kaspersky's annual web tracking report.…
-
Kansas water plant cyberattack forces switch to manual operations
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. [...]
- arstechnica.com Hacker plants false memories in ChatGPT to steal user data in perpetuity
Emails, documents, and other untrusted content can plant malicious memories.