2024
macOS HM Surf vuln might already be under exploit by major malware family
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…
Tesla, Intel, deny they’re the foreign company China just accused of making maps that threaten national security
As TSMC defends itself against report it may have helped Huawei Tesla has denied it was involved in illegal-map making activities in China after Beijing asserted an unnamed foreign firm working on a smart car project had done so – and even stolen state secrets – through a…
Internet Archive exposed again – this time through Zendesk
Org turns its woes into a fundraising opportunity Despite the Internet Archive's assurances it's back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to its Zendesk implementation and to have used them…
Open source LLM tool primed to sniff out Python zero-days
The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model.…
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites
Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their…
Alleged Bitcoin crook faces 5 years after SEC’s X account pwned
SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.…
ESET denies it was compromised as Israeli orgs targeted with ‘ESET-branded’ wipers
Says 'limited' incident isolated to 'partner company' ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.…
Intel hits back at China’s accusations it bakes in NSA backdoors
Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of America's NSA.…
Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began
'My webcam isn't working today' is the new 'The dog ate my network' It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before…
Uncle Sam puts $10M bounty on Russian troll farm Rybar
Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.…