Pulse of Truth
www.techmeme.com
Steven Levy / Wired: How Cloudflare CTO John Graham-Cumming cracked an encrypted ZIP file containing the code for a system that helped ANC members communicate safely under apartheid — John Graham-Cumming, who happens to be Cloudflare's CTO, cracked a 30-year-old encrypted file that had a role in rewriting South Africa's history.
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]
thehackernews.com
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of
www.darkreading.com
US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.
gizmodo.com
Hackers reveal the old Redbox kiosks can be easily hacked for users' names and some financial info. The data may go back close to a decade.
www.theverge.com
Image: Hugo Herrera / The Verge Book publisher Penguin Random House is putting its stance on AI training in print. The standard copyright page on both new and reprinted books will now say, “No part of this book may be used or reproduced in any manner for the purpose of training artificial intelligence technologies or systems,” according to a report from The Bookseller spotted by Gizmodo. The clause also notes that Penguin Random House “expressly reserves this work from the text and data mining exception” in line with the European Union’s laws. The Bookseller says that Penguin Random House appears to be the first major publisher to account for AI on its copyright page. What gets printed on that page might be a warning shot, but it also has little to do with actual... Continue reading…
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]
www.wired.com
Moldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.
Four business addresses were raided, officers seize server used to host illegal streaming service
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]
A new Spectre bypass exploit has exposed vulnerabilities in recent Intel processors and older AMD microarchitectures running Linux, with severe ramifications for ongoing efforts to combat speculative execution attacks.
www.darkreading.com
This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.
Will Shanklin / Engadget: The FCC issues new rules that will require all mobile phones sold in the US to be compatible with hearing aids, “after a transition period” — With the number of Americans 65 and older expected to balloon by nearly 50 percent by 2050, the rules will ensure those with hearing loss …
arstechnica.com
Researcher feeds screen recordings into Gemini to extract accurate information with ease.
www.helpnetsecurity.com
Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon. Blind spots undermine breach detection CISOs identified blind spots as a key issue, with 70% of CISOs stating their existing security tools are not as effective as they could be when it comes to detecting breaches due to … More → The post Despite massive security spending, 44% of CISOs fail to detect breaches appeared first on Help Net Security.
hackaday.com
If you picked today in your hackerspace’s sweepstake on when Winamp would pull their code repository, congratulations! You’re a winner! The source for the Windows version of the venerable music …read more
www.techmeme.com
Natasha Lomas / TechCrunch: The EU declines to designate X as a DMA gatekeeper after an investigation found that “X is not an important gateway for business users to reach end users” — Elon Musk's X won't be regulated under the European Union's Digital Markets Act (DMA) the Commission decided Wednesday …
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]
www.itpro.com
The EU’s flagship cyber resilience framework NIS2 is finally here, but research indicates businesses are not ready, with compliance officers facing a herculean task
gizmodo.com
Eric Counsel Jr. is accused of helping to hack the U.S. Securities and Exchange Commission's X account in order to post false information about Bitcoin.
www.techmeme.com
The Citizen Lab: An analysis of WeChat's network protocol MMTLS finds that it is a modified version of TLS 1.3 and WeChat developers' changes to its cryptography add weaknesses — Key contributions — We performed the first public analysis of the security and privacy properties of MMTLS …
Dutch, French, and German police forces arrested three members of a notorious criminal network responsible for a series of violent attacks on ATMs across Europe. The coordinated operation occurred in the early hours of October 16, 2024, marking a pivotal moment in the fight against organized crime. Europol played a crucial role in facilitating collaboration […] The post Authorities take down Gang Behind ATM Attacks appeared first on Cyber Security News.
www.darkreading.com
The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.
www.techmeme.com
Laura Hughes / Financial Times: NHS doctors warn of safety risks from an outdated IT infrastructure, as the UK government plans to digitize the world's largest publicly funded health service — Plans to digitise health service must first tackle ‘flip a coin’ nature of equipment across UK, say medical staff
go.theregister.com
Messaging service creates persistent user IDs that have different qualities on each device An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked devices.…
go.theregister.com
'My webcam isn't working today' is the new 'The dog ate my network' It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before being fired for poor performance. Then the six-figure ransom demands – accompanied by proof of the stolen files – start appearing.…
www.techmeme.com
Michael Kan / PCMag: Chrome begins disabling uBlock Origin as part of Google's plan to phase out Manifest V2 extensions; uBlock Origin has 39M+ downloads on the Chrome Web Store — The browser is doing so as part of Google's plan to phase out older Manifest V2 extensions to bolster Chrome's security.
www.techmeme.com
Gary Marcus / Marcus on AI: Apple AI researchers say they found no evidence of formal reasoning in language models and their behavior is better explained by sophisticated pattern matching — Important new study from Apple — A superb new article on LLMs from six AI researchers at Apple who were brave enough …
The Finnish Customs office took down the website and seized the servers for the darknet marketplace 'Sipulitie' where criminals sold illegal narcotics anonymously. [...]
www.infosecurity-magazine.com
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs
Early in the digital era, she worked at Bell Labs on the intersection of art and technology, making films and at one point arriving at a novel theory about the “Mona Lisa.”
hackaday.com
We have all seen the advertisements and glossy flyers for coding assistants like GitHub Copilot, which promised to use ‘AI’ to make you write code and complete programming tasks faster …read more
go.theregister.com
Florida man gets his hands on 'the best ever' With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get hacked again.…
www.tripwire.com
New legislation is on the horizon in Australia that is set to change the way businesses deal with ransomware attacks. This law, not unlike the Cyber Incident Reporting for Critical Infrastructure Act ( CIRCIA) in the US, aims to improve transparency when it comes to paying ransoms. There's no question that cybercrime is on the rise in the country. In its 2022/23 Annual Cyber Threat Report, the Australian Cyber Security Centre (ACSC) said it was notified of a cyber incident an average of a staggering once every six minutes. Ransomware, in particular, remains a significant threat to Australian...
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. [...]
www.wired.com
Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.
www.theverge.com
Image: Nintendo Hackers released a collection of leaked data from Pokémon game developer Game Freak over the weekend, including personal information about employees. Game Freak — which develops the main lineup of Pokémon video games — confirmed the breach in a statement, saying (per a machine translation from Japanese) that it was the result of “unauthorized access to our servers by a third party” and dated back to August of 2024. Game Freak said the leaked personal information — which it characterizes as names and company email addresses — included around 2,600 items. As Polygon notes, however, the breach appears to include much more than employee information. Redditors and others say they’ve unearthed source code from previous games as well as unused... Continue reading…