QSnatch malware, first spotted in late 2019, has grown from 7,000 bots to more than 62,000, according to a joint US CISA and UK NCSC security alert.
In Japan, a cyberstalker located his victim by enhancing the reflections in her eye, and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it....
OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.
The Android malware’s operator is hoping the code and client list will net them up to $100,000.
FBI believes device vendors won't disable these protocols and warns companies to take preventive and protective measures.
Plaintiffs in new class-action lawsuit claim Apple is directly benefiting and enabling iTunes gift card scams.
Dave user data is now available for download on a public hacking forum.
Academics said they also identified 52 problematic skills already available on the Alexa store, all targeted at children.
The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names (like the Utah Jazz or the Minnesota Wild), mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read...
Emotet botnet activity goes down as Emotet admins are wrestling with a vigilante for control over parts of their infrastructure.
NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15. NIST has now begun...
Following the GoldenHelper and GoldenSpy malware reports, the FBI is now warning US companies operating in China.
Smartwatch and wearable maker Garmin planning multi-day maintenance window to deal with ransomware incident.
Changes made to photos undetectable to the naked eye could still prevent matches in deep learning systems.
EXCLUSIVE: CouchSurfing working with law enforcement and security firm to investigate incident.
I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, we ask, "What are the...
15 out of the 28 biggest desktop PDF viewers are vulnerable, German academics say.
The APT is focused on breaking into both Windows PCs and Android mobile devices.
The severe bug could be harnessed for brute-force attacks.
Security researchers find more than 17,000 Slack credentials for roughly 12,000 Slack workspaces being sold online.