Enlarge Tom Roberts Epik has now confirmed that an "unauthorized intrusion" did in fact occur into its systems. The announcement follows last week's incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company's initial response to the data breach claims,…
Enlarge Austin Distel SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial…
Enlarge / This isn't how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. Aurich Lawson | Getty Images Further Reading “Worst cloud vulnerability you can imagine” discovered in Microsoft Azure Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft…
Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. 1905HKN via Getty Images / Jim Salter The LA Times reported this week that Los Angeles man Hao Kuo "David" Chi pled guilty to four federal felonies…
Enlarge / A CenturyLink service van parked in Santa Fe, New Mexico, on May 2, 2019. Getty Images | Robert Alexander CenturyLink is selling large portions of its copper network in 20 states to a private-equity firm, letting the telco pull out of rural areas where it doesn't plan to…
Enlarge Getty Images Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee. “It is clear that the data entrusted to these eight key agencies…
Enlarge Getty Images Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest, best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other…
Enlarge Getty Images Recently detected Android malware, some spread through the Google Play Store, uses a novel way to supercharge the harvesting of login credentials from more than 100 banking and cryptocurrency applications. The malware, which researchers from Amsterdam-based security firm ThreatFabric are calling Vultur, is among the first Android threats…
Enlarge Getty Images Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure…
Enlarge Getty Images Privacy tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them. The Ontario, Canada-based company said earlier this…