Blog

Microsoft won’t let customers opt out of passkey push

Enrolment invitations will continue until security improves Microsoft last week lauded the success of its efforts to convince customers to use passkeys instead of passwords, without actually quantifying that success.…

Boffins trick AI model into giving up its secrets

All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days Computer scientists from North Carolina State University have devised a way to copy AI models running on Google Edge Tensor Processing Units (TPUs), as…

Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…

Interpol wants everyone to stop saying ‘pig butchering’

Victims' feelings might get hurt, global cops contend, and that could hinder reporting Interpol wants to put an end to the online scam known as "pig butchering" – through linguistic policing, rather than law enforcement.…

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code.…

Ireland fines Meta for 2018 ‘View As’ breach that exposed 30M accounts

€251 million? Zuck can find that in his couch cushions, but Meta still vows to appeal It's been six years since miscreants abused some sloppy Facebook code to steal access tokens belonging to 30 million users, and the slow-turning wheels of Irish justice have finally caught up with…

BlackBerry offloads Cylance’s endpoint security products to Arctic Wolf

Fresh attempt to mix the perfect cocktail of IoT and Infosec BlackBerry's ambition to mix infosec and the Internet of Things has been squeezed, after the Canadian firm announced it is offloading Cylance's endpoint security products.…

Australia moves to drop some cryptography by 2030 – before quantum carves it up

The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 – years before other nations plan…

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word? Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.…

Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right? President-elect Donald Trump's team wants to go on the offensive against America's cyber adversaries, though it isn't clear how the incoming administration plans to achieve this. …

Copyright © 2024 Lugapel