The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to incorporate the Covered List created by the Federal Communications Commission (FCC) into their risk management plans. The list encompasses a number of communications equipment and service providers that have been determined by the US government to pose a potential national security risk according
Month: May 2023
by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals
May 03, 2023Ravie LakshmananPassword Security / Authentication Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without
German IT service provider Bitmarck has confirmed bringing all of its customer and internal systems offline due to a cyber-attack discovered over the weekend. Writing on a temporary website on Sunday (and then on Monday), the company said the cyber-attack was detected by its early warning systems. “In compliance with our security protocol, we have
May 02, 2023Ravie LakshmananNetwork Security / Vulnerability Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux
An Ohio man has been sentenced to four years and three months behind bars after stealing 712 bitcoin ($21m), which were seized by investigators following the arrest of his brother. Gary James Harmon, 31, of Cleveland, stole the cryptocurrency, which was the subject of “pending criminal forfeiture proceedings” in the case of his sibling, Larry
by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they
May 01, 2023Ravie Lakshmanan An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted
Multiple Android applications have been observed not invalidating or revalidating session cookies during app data transfer from one device to another. The technique would enable attackers with a highly privileged device migration tool to move applications to a new Android device, causing migration issues, according to a new advisory by CloudSEK researchers. “This means if
Apr 29, 2023Ravie LakshmananData Safety / Privacy / AI OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority’s demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI’s CEO, Sam Altman, tweeted, “we’re excited ChatGPT is available