Security

When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as suitably crafted JavaScript could be used to perform Spectre attacks. Cloud hosts were susceptible, too. But outside these situations, the impact seemed relatively limited.

COSCO’s computer networks in the Americas remained completely severed from the Internet on Thursday, almost 48 hours after the Chinese shipping giant reported it was hit by a ransomware attack.

Make sure you remove all your personal information before you sell or trade your #iPhone in because if you don't, the consequences can be creepy and dangerous as one Ontario teenager discovered. AppleInsider recounts the tale, and shows you how to avoid the same fate.

There are those of us who hang on to our old iPhones and build up a stash of them for no reason that we can quite justify. More often, though, we can see our outdated devices as being cash to put towards a new phone. When even a broken iPhone is worth something in trade, you have to be tempted.

Bluetooth has a bug which can allow hackers to slip in and steal data, even when you're in a secure connection.

The news was unveiled by Lior Neumann and Eli Biham, two cybersecurity researchers from the Israel Institute of Technology who discovered the vulnerability, known as CVE-2018-5383.

To present the problem in layman's terms, the pairing between two devices is weak due to a miscommunication, allowing remote attackers to obtain the encryption key used to secure a connection.

Leafminer, a threat actor that appears to be operating out of Iran, is conducting a wide-ranging cyber espionage campaign against organizations in the Middle East using a mix of publicly available tools and custom malware.

While the group's technical capabilities are average at best in comparison to other advanced persistent threat (APT) actors, its goals seem far more ambitious, according to Symantec, which has been studying the group.

Google is having a busy week at its Cloud Next '18 conference, but it's primarily been all software announcements. That changed on Wednesday with the Titan Security Key.

The Titan is a physical security key that adds a layer of authentication to an account — one that a digital authenticator can't match. It will first launch for Google Cloud customers before rolling out to all consumers via the Google Store in the months that follow.

Sen. Ron Wyden has called on federal agencies to stop using Adobe Flash, multimedia software that has consistently proven vulnerable over the years.

Adobe will stop providing security updates for Flash in 2020, and Wyden, D-Ore., wants agencies charged with issuing federal cybersecurity guidance to get Flash off government systems before then.

The victims of an ongoing, long-running Russian-backed hacking campaign against infrastructure providers, including electric companies, number in the "hundreds," but immediate electrical blackouts resulting from the hacks to the grid are not in the cards, at least not in the short term, according to DHS officials.

L33tdawg: We are proud to have Alex keynoting for us next year at #HITB2019AMS! Our 10th year anniversary HITB Security Conference in Amsterdam!

Alex Stamos, Facebook’s head of security, called for radical overhaul in how Facebook operates in a leaked memo from March 2018, as the company reeled from a chain of ugly scandals.

Qualys has developed a free extension for Google Chrome to protect browsers from cryptojacking attacks, Dark Reading has learned.

The new BrowserCheck CoinBlocker Extension uses both domain blacklists for cryptocurrency mining sites as well as heuristics features to detect unknown cryptojacking attack types. Qualys will officially roll out the plugin on Wed., July 25, but it's already available on the Google Chrome Web Store.