Skip to main content

Posts

Showing posts from July, 2021

With help from Google, impersonated Brave.com website pushes malware

With a valid TLS certificate, faux Bravė.com could fool even security-savvy people. https://bit.ly/37gzv2c

Software downloaded 30,000 times from PyPI ransacked developers’ machines

Expect to see more of these "Frankenstein" malware packages, researchers warn. https://bit.ly/2WBO1jg

New bank-fraud malware called Vultur infects thousands of devices

Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers. https://bit.ly/2Wt1JEU

Feds list the top 30 most exploited vulnerabilities. Many are years old

Hackers continue to exploit publicly known—and often dated—software vulnerabilities. https://bit.ly/2WyeluB

Biden warns cyber attacks could lead to a “real shooting war”

US president's remarks follow breaches that paralyzed critical services. https://bit.ly/3i70lAm

Haron and BlackMatter are the latest groups to crash the ransomware party

The additions come as the number of high-severity ransomware attacks ratchet up. https://bit.ly/3f5kQLG

VPN servers seized by Ukrainian authorities weren’t encrypted

Company says it's in the process of overhauling its VPN offerings to better secure them. https://bit.ly/3zvzR1g

UK worries Starlink and OneWeb may interfere with each other, plans new rules

Ofcom says complexity of giant satellite networks raises interference concerns. https://bit.ly/2UQd2GQ

Sean Gallagher and an AI expert break down our crazy machine-learning adventure

Join our headline experiment post-mortem on Wednesday, July 28, at 1 pm Eastern time! https://bit.ly/3eUbmCP

Venmo gets more private—but it’s still not fully safe

Until it offers privacy by default, it remains a liability for many of its users. https://bit.ly/3i1swk0

An explosive spyware report shows limits of iOS, Android security

Amnesty International sheds alarming light on an NSO Group surveillance tool. https://bit.ly/3x37B4u

Kaseya gets master decryptor to help customers still suffering from REvil attack

REvil ransomware struck as many as 1,500 networks, but a master key is now available. https://bit.ly/3iTRpxx

Saudi Aramco confirms data leak after $50 million cyber ransom demand

World’s largest oil producer says some company files were compromised. https://bit.ly/3kIynfN

Ars AI headline experiment finale—we came, we saw, we used a lot of compute time

Turns out it's really hard to make a machine-learning model to evaluate headlines. https://bit.ly/36SFn1B

Home and office Routers come under attack by China state hackers, France warns

Compromised routers give the hackers anonymity in ongoing large-scale attacks. https://bit.ly/2TqLWp0

Lyft ditches Google Maps for Here, partners with Argo AI

Argo and Ford will deploy driverless cars on Lyft's network in Miami and Austin. https://bit.ly/36Y06kt

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

Both OSes have flaws that allow attackers with a toehold to elevate access. https://bit.ly/3zgXZ7E

Dish to pay AT&T $5 billion for network access amid feud with T-Mobile

10-year deal will make AT&T the primary network provider for Dish MVNO business. https://bit.ly/3hQHpFP

“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones

NSO Group says its spyware targets only criminals and terrorists. Critics disagree. https://bit.ly/2UZolwc

US warns China over state-sponsored hacking, citing mass attacks on Exchange

US: Chinese state-backed hackers perpetrated "massive cyber espionage operation." https://bit.ly/36ObeAp

Hackers got past Windows Hello by tricking a webcam

Researchers used infrared photos and third-party hardware to best facial-recognition tech. https://bit.ly/3hNXNa5

Facebook catches Iranian spies catfishing US military targets

Hackers posed as recruiters, journalists, and hospitality workers to lure their victims. https://bit.ly/3hIBjXU

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

The third serious Windows print flaw in 5 weeks prompts new Microsoft warning. https://bit.ly/36VKePP

For years, a backdoor in popular KiwiSDR product gave root to project developer

Users are rattled after learning their devices and networks were exposed. https://bit.ly/2TcTfAv

Feeding the machine: We give an AI some headlines and see what it does

In part two of our series, we attempt to learn the ways of the machine. https://bit.ly/2U7uxlO

Amazon bought Facebook’s satellite team to help build its Starlink competitor

Amazon's Project Kuiper got some new employees as Facebook ended satellite project. https://bit.ly/36zw5HN

iOS zero-day let SolarWinds hackers compromise fully updated iPhones

Flaw was exploited when government officials clicked on links in LinkedIn messages. https://bit.ly/3i4t4EE

SolarWinds 0-day gave Chinese hackers privileged access to customer servers

Hackers IDed as DEV-0322 have a fondness for defense contractors and software makers. https://bit.ly/3xA0UI6

AT&T will let unlimited-data customers pay more to avoid the slow lane

AT&T says users can soon "stay in the fast lane" on its priciest unlimited plan. https://bit.ly/3i7IAiV

Is our machine learning? Ars takes a dip into artificial intelligence

In the first part of a new series, we look at matching the problem to the tool. https://bit.ly/2Vsvjd9

Microsoft discovers critical SolarWinds zero-day under active attack

Flaws allow attackers to run malicious code on machines hosting Serv-U products. https://bit.ly/2T5pyBo

Feds indict “The Bull” for allegedly selling insider stock info on the dark web

Data allegedly sold individually or through weekly or monthly subscriptions. https://bit.ly/3jYYsXL

Morgan Stanley discloses data breach that resulted from Accellion FTA hacks

Financial services firm says data was stolen by exploiting flaws discovered in December. https://bit.ly/3jW34xF

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Game-over code-execution attacks are still possible even after fix is installed. https://bit.ly/2VdgcUN

Why the password isn’t dead quite yet

Everyone hates the old ways of authentication. But change comes with its own drawbacks. https://bit.ly/36rflSJ

Up to 1,500 businesses infected in one of the worst ransomware attacks ever

Mass compromise is having cascading effects around the world. https://bit.ly/3ysuj6Z

The rumor is true: Rimac is taking over Bugatti with Porsche’s help

Ars spoke to CEOs Oliver Blume and Mate Rimac about the hypercar deal. https://bit.ly/3AuJVZw

Old school: I work in DOS for an entire day

From the archives: Open source MS-DOS alternative lives—but using it nearly killed me. https://bit.ly/3yqnRxC

Wimbledon: The tech behind the world’s top tennis tournament

From the archives: There's a surprising amount of cool tech for a 140-year-old event. https://bit.ly/3dFplvR

Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Researchers uncovered 9 apps that used a sneaking method to pilfer credentials. https://bit.ly/367rn3x

Thinking about selling your Echo Dot—or any IoT device? Read this first

Deleting data from Echo Dots—and other IoT devices from Amazon and elsewhere—is hard. https://bit.ly/3qFqTes