Don’t believe everything you read—especially when it’s part of a marketing pitch designed to sell security services. The latest example of the runaway hype that can come from such pitches is research published today by SquareX, a startup selling services for securing browsers and other client-side applications. It claims, without basis, to have found a… Read More »
US Senator Ron Wyden accused the federal judiciary of “negligence and incompetence” following a recent hack, reportedly by hackers with ties to the Russian government, that exposed confidential court documents. The breach of the judiciary’s electronic case filing system first came to light in a report by Politico three weeks ago, which went on to… Read More »
BI.ZONE said the Paper Werewolf delivered the exploits in July and August through archives attached to emails impersonating employees of the All-Russian Research Institute. The ultimate goal was to install malware that gave Paper Werewolf access to infected systems. While the discoveries by ESET and BI.ZONE were independent of each other, it’s unknown if the… Read More »
Two years ago, researchers in the Netherlands discovered an intentional backdoor in an encryption algorithm baked into radios used by critical infrastructure–as well as police, intelligence agencies, and military forces around the world–that made any communication secured with the algorithm vulnerable to eavesdropping. When the researchers publicly disclosed the issue in 2023, the European Telecommunications… Read More »
The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes Once decoded, the script causes the browser to download a chain of additional obfuscated JavaScript. The final payload, a known malicious script called… Read More »
Google said that its Salesforce instance was among those that were compromised. The breach occurred in June, but Google only disclosed it on Tuesday, presumably because the company only learned of it recently. “Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off,”… Read More »
By now, you’ve likely heard of fraudulent calls that use AI to clone the voices of people the call recipient knows. Often, the result is what sounds like a grandchild, CEO, or work colleague you’ve known for years reporting an urgent matter requiring immediate action, saying to wire money, divulge login credentials, or visit a… Read More »
Cisco said that one of its representatives fell victim to a voice phishing attack that allowed threat actors to download profile information belonging to users of a third-party customer relationship management system. “Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account… Read More »
AI search engine Perplexity is using stealth bots and other tactics to evade websites’ no-crawl directives, an allegation that if true violates Internet norms that have been in place for more than three decades, network security and optimization service Cloudflare said Monday. In a blog post, Cloudflare researchers said the company received complaints from customers… Read More »
Once behind the captive portal, the page initiates the Windows Test Connectivity Status Indicator, a legitimate service that determines whether a device has Internet access by sending an HTTP GET request to hxxp://www.msftconnecttest[.]com/redirect. That site, in turn, redirects the browser to msn[.]com. As Thursday’s post explained: Once the system opens the browser window to this… Read More »