-
"RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems"Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel, recently published a paper detailing a new technique to exfiltrate data from an air-gapped system. Air gapping is a security measure in which a computer or network…
-
"Millions of Medical Imaging Files Freely Accessible on Unprotected Servers"Researchers at CyberAngel discovered that more than 45 million medical imaging files, including X-rays and CT scans, can be accessed on over 2,140 unprotected servers across the US, UK, Germany, and 64 other countries. These files include personally…
-
"New, Free Tool Adds Layer of Security for the Software Supply Chain"Researchers at the NYU Tandon School of Engineering developed an open-source tool called "in-toto" to bolster software supply chain security against cyberattacks. In-toto is a free and easy-to-use framework that cryptographically ensures the integrity of…
-
"Apple's App 'Privacy Labels' Are Here—and They're a Big Step Forward"
Apple has launched new privacy labels for iOS and macOS App Stores to increase the transparency of apps' data collection. The labels are considered nutrition facts for apps in that they provide details to users about what data is collected and accessed…
-
"Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure"Researchers at Armis found that thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and the internet of things (IoT). Even though there are patches out…
-
"DHS CISA Alerts to Medtronic MyCareLink Medical Device Flaws"The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) released an alert about vulnerabilities found in Medtronic MyCareLink (MCL) medical devices. The vulnerabilities were discovered by the Internet of Things (…
-
"HackerOne, Verizon Weigh Pros and Cons of Making Live Hacking Contests Virtual"
One of the effects of the COVID-19 pandemic is the change of live hacking events from being hosted in-person to being held virtually. Due to the pandemic, Verizon Media, in collaboration with HackerOne, had to hold two hacking events online. They both…
-
"New Windows Trojan Steals Browser Credentials, Outlook Files"Researchers with Palo Alto's Unit 42 research team have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities. The trojan is called PyMicropsia (due to it being built…
-
"Phishing Campaign Uses Outlook Migration Message"
Researchers at Abnormal Security have released details about an ongoing phishing campaign aimed at harvesting users' Office 365 credentials. The phishing emails in the campaign are designed to appear as if they were sent from the IT department…
-
-
"Contact-Tracing Apps Still Expose Users to Security, Privacy Issues"An analysis of 95 COVID-19 contact-tracing apps conducted by the mobile security firm Guardsquare revealed that 40% did not use the official API of the Exposure Notifications protocol created by Apple and Google to protect user privacy and security. The…
-
"Ad-Injecting Malware Hijacks Chrome, Edge, Firefox"The Microsoft 365 Defender Research Team has issued a warning about ad-injecting malware called Adrozek. According to Microsoft, cybercriminals have been distributing Adrozek malware since May 2020, with its peak occurring in August when more than 30,000…
News