After a great event last month in San Jose, Ars is switching coasts for October and descending in force on our nation’s capital. If you’re on the East Coast and want to come hang out with Ars EIC Ken Fisher and me while we talk to some neat speakers and learn some stuff, then read… Read More »
Archive.org, possibly one of the only entities to preserve the entire history of the Internet, was recently compromised in a hack that revealed data of roughly 31 million users. A little after 2 PM California time, social media blew up with screenshots showing what the archive.org homepage displayed. It read: archive.org Have you ever felt… Read More »
The evolution of the kit from 2019 and the one from three years later underscores a growing sophistication by GoldenJackal developers. The first generation provided a full suite of capabilities, including: GoldenDealer, a component that delivers malicious executables to air-gapped systems over USB drives GoldenHowl, a backdoor that contains various modules for a mix of… Read More »
This Reddit comment posted to the CentOS subreddit is typical. An admin noticed that two servers were infected with a cryptocurrency hijacker with the names perfcc and perfctl. The admin wanted help investigating the cause. “I only became aware of the malware because my monitoring setup alerted me to 100% CPU utilization,” the admin wrote… Read More »
Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable… Read More »
Getty Images reader comments 28 Federal prosecutors have charged a man for an alleged “hack-to-trade” scheme that earned him millions of dollars by breaking into the Office365 accounts of executives at publicly traded companies and obtaining quarterly financial reports before they were released publicly. The action, taken by the office of the US Attorney for… Read More »
Getty Images reader comments 19 Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with vulnerabilities that made it possible for attackers to falsify registration databases and add, delete, or modify official documents. Over the past year, software developer turned security researcher Jason Parker has… Read More »
Getty Images reader comments 90 Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in… Read More »
The Tor Project reader comments 27 The Tor Project, the nonprofit that maintains software for the Tor anonymity network, is joining forces with Tails, the maker of a portable operating system that uses Tor. Both organizations seek to pool resources, lower overhead, and collaborate more closely on their mission of online anonymity. Tails and the… Read More »
Getty Images reader comments 156 The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use… Read More »