Security

The Federal Communications Commission wants to verify that Internet service providers are strengthening their networks against attacks that take advantage of vulnerabilities in Border Gateway Protocol (BGP).

The FCC today unanimously approved a Notice of Proposed Rulemaking that would require ISPs to prepare confidential reports "detail[ing] their progress and plans for implementing BGP security measures that utilize the Resource Public Key Infrastructure (RPKI), a critical component of BGP security."

Microsoft's new Copilot+ AI-powered computer history saving feature, Recall, was already being likened to one of the many fictional dystopian tech products found in episodes of Black Mirror on the very day it was announced last month.

Now that Recall is in the hands of cybersecurity experts, the reaction to the new Microsoft feature is somehow even worse than what critics imagined.

TikTok says it's currently taking steps to mitigate a cyberattack that's targeting a number of high-profile users through direct messages, in an attempt to hijack their accounts.

The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild.

Cybersecurity company Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to break into the corporate networks of its customers.

The technology maker hasn’t said yet who is responsible for the cyberattacks or how many of its customers are affected by intrusions linked to the vulnerability, which security researchers say is “extremely easy” to exploit.

Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down.

Cisco addressed a vulnerability, tracked as CVE-2024-20360 (CVSS score 8.8), in the web-based management interface of the Firepower Management Center (FMC) Software.

The vulnerability is a SQL injection issue, an attacker can exploit the flaw to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. The attacker can exploit this vulnerability only if it has at least Read Only user credentials.

A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system.

For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server peers due to an unexplained glitch that could have caused stability and security problems worldwide. This server, maintained by Internet carrier Cogent Communications, is one of the 13 root servers that provision the Internet’s root zone, which sits at the top of the hierarchical distributed database known as the domain name system, or DNS.

Researchers at Belgium's KU Leuven discovered a fundamental design flaw in the IEEE 802.11 Wi-Fi standard that gives attackers a way to trick victims into connecting with a less secure wireless network than the one to which they intended to connect.

Such attacks can expose victims to higher risk of traffic interception and manipulation, according to VPN review site Top10VPN, which collaborated with one of the KU Leuven researchers to release flaw details this week ahead of a presentation at an upcoming conference in Seoul, South Korea.