Security

An AI tool could decipher text — including passwords — from keystroke sounds recorded over Zoom and be right over nine times out of ten, a group of researchers said in a paper published on August 3.

An AI model developed by the researchers showed a 93% accuracy rate in deciphering keystrokes from a recording of a Macbook's keystrokes made over video conferencing software Zoom, according to a group of researchers affiliated with Durham University, the University of Surrey, and the Royal Holloway University of London.

In September last year, a scandal blew up the world of high-stakes, livestreamed poker: In a hand at Los Angeles' Hustler Live Casino, which broadcast its games on YouTube, a relative novice holding nothing but a jack of clubs and a four of hearts successfully called the bluff of a veteran player. No one could possibly think that poor hand might be good enough to call a bluff, thousands of outraged poker players argued, unless the person holding it had some extra knowledge that her opponent's hand was even worse—in other words, she must have been cheating.

Two years ago, ransomware crooks breached hardware-maker Gigabyte and dumped more than 112 gigabytes of data that included information from some of its most important supply-chain partners, including Intel and AMD. Now researchers are warning that the leaked information revealed what could amount to critical zero-day vulnerabilities that could imperil huge swaths of the computing world.

The Russian state-owned railway company RZD said Wednesday that its website and mobile app were down for several hours due to a “massive” cyberattack, forcing passengers to only buy tickets at railway stations.

The Ukrainian hacktivist group IT Army claimed responsibility for the attack on its Telegram channel. “The terrorist state is heading non-stop to the station called Chaos,” the hackers said. The group’s claims could not be immediately verified.

Hundreds of Internet-exposed devices inside solar farms remain unpatched against a critical and actively exploited vulnerability that makes it easy for remote attackers to disrupt operations or gain a foothold inside the facilities.

Researchers say that nearly 336,000 devices exposed to the Internet remain vulnerable to a critical vulnerability in firewalls sold by Fortinet because admins have yet to install patches the company released three weeks ago.

The Belkin Smart Plug Mini V2, a popular smart home device, has been found to contain a critical security vulnerability.

Despite growing concerns from customers and security professionals, Belkin has made it clear that they have no intention of resolving the issue. This decision leaves users exposed to potential cyber threats and raises questions about the company’s commitment to consumer safety.

The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach.

By now, you’ve likely heard that passwordless Google accounts have finally arrived. The replacement for passwords is known as "passkeys."

Federal authorities, tech pundits, and news outlets want you to be on the lookout for a scary cyberattack that can hack your phone when you do nothing more than plug it into a public charging station. These warnings of “juice jacking,” as the threat has come to be known, have been circulating for more than a decade.