The cybersecurity outlet The Record originally reported that under Trump’s new Defense Secretary Pete Hegseth, U.S. Cyber Command has been ordered to “stand down from all planning against Russia, including offensive digital actions.” The outlet cites three anonymous sources who are familiar with the matter. The order reportedly does not apply to the National Security Read more about Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations[…]

Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. See the “OmniHuman-1” model developed by ByteDance: discussion on X ByteDance’s paper   Bad actors can now digitally impersonate someone you love, Read more about PeerAuth – easy way to authenticate a real person[…]

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law Read more about Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead[…]

Chinese tech company employees and government workers are siphoning off user data and selling it online – and even high-ranking Chinese Communist Party officials and FBI-wanted hackers’ sensitive information is being peddled by the Middle Kingdom’s thriving illegal data ecosystem. “While Western cybercrime research focuses heavily on criminals in the English- and Russian-speaking worlds, there Read more about Chinese scammers, criminals and businesses are exploiting its surveillance state[…]

America’s top cybersecurity and law enforcement officials made a coordinated push Tuesday to raise awareness about cyber threats from foreign actors in the wake of an intrusion of U.S. telecom equipment dubbed Salt Typhoon. The hackers are linked to the Chinese government and they still have a presence in U.S. systems, spying on American communications, Read more about In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors[…]

More than 600,000 sensitive files containing thousands of people’s criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher. We don’t know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says Read more about Data broker SL leaves 600K+ sensitive files exposed online, doesn’t fix it despite warnings[…]

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained more than 1.1 million records belonging to Conduitor Limited (trading as Forces Penpals) — a service that offers dating services, and social networking for military members and their supporters. The publicly exposed database was not password-protected or encrypted. It contained Read more about US and UK Armed Forces Dating & Social Networking Service Exposed Over 1 Million Records Online through coding error[…]

There are two major reasons that the U.S. doesn’t pass an internet-era privacy law or regulate data brokers despite a parade of dangerous scandals. One, lobbied by a vast web of interconnected industries with unlimited budgets, Congress is too corrupt to do its job. Two, the U.S. government is disincentivized to do anything because it exploits this Read more about Oh Look, It Was Trivial To Buy Troop And Intelligence Officer Location Data From Dodgy, Unregulated Data Brokers[…]

S Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security Read more about Synology and QNAP hurry out patches for zero-days exploited at Pwn2Own[…]

Some of the world’s most prominent leaders’ movements were tracked online through a fitness app used by their bodyguards, an investigation has suggested A report by French newspaper Le Monde said several US Secret Service agents use the Strava fitness app, which has revealed highly confidential movements of US president Joe Biden, presidential rivals Donald Read more about Fitness apps (Strava) still giving away locations of world leaders including Trump, Putin and Macron[…]

A nasty bug in Samsung’s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researchers. The use-after-free vulnerability is tracked as CVE-2024-44068, and it affects Samsung Exynos mobile processors versions 9820, 9825, 980, 990, 850, and W920. It Read more about Samsung phones being attacked by flaw. Use the Oct 7 update![…]

It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US. What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement … […] Apple famously refused the FBI’s request to Read more about Chinese 3x ISP hack shows why world is right about security backdoors and politicians and security people who want them are idiots[…]

In this week’s Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC. The vulnerability, CVE-2024-38014, was spotted and privately disclosed by security shop SEC Consult, which has now shared the full details Read more about More details on that Windows Installer ‘make me admin’ hole[…]