2024
TSMC blows whistle on potential sanctions-busting shenanigans from Huawei
Chip giant tells Uncle Sam someone could be making orders on the sly TSMC has reportedly tipped off US officials to a potential attempt by Huawei to circumvent export controls and obtain AI chips manufactured by the Taiwanese company.…
VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time
If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn't work.…
Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their exposure to the 2020 SolarWinds hack.…
Akira ransomware is encrypting victims again following pure extortion fling
Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims' files after a break from the typical double extortion tactics.…
Pixel perfect Ghostpulse malware loader hides inside PNG image files
Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file's pixels. This development, security experts say, is "one of the most significant changes" made by the crooks behind it since launching in 2023.…
macOS HM Surf vuln might already be under exploit by major malware family
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…
Tesla, Intel, deny they’re the foreign company China just accused of making maps that threaten national security
As TSMC defends itself against report it may have helped Huawei Tesla has denied it was involved in illegal-map making activities in China after Beijing asserted an unnamed foreign firm working on a smart car project had done so – and even stolen state secrets – through a…
Internet Archive exposed again – this time through Zendesk
Org turns its woes into a fundraising opportunity Despite the Internet Archive's assurances it's back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to its Zendesk implementation and to have used them…
Open source LLM tool primed to sniff out Python zero-days
The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model.…
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites
Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their…