Cybersecurity

Unpatched critical bugs in #VersaConcerto lead to auth bypass, RCE

https://www.bleepingcomputer.com/news/security/unpatched-critical-bugs-in-versa-concerto-lead-to-auth-bypass-rce/

#cybersecurity #Versa

"If you attempt to take a screenshot of Signal Desktop when screen security is enabled, nothing will appear. This limitation can be frustrating, but it might look familiar to you if you’ve ever had the audacity to try and take a screenshot of a movie or TV show on Windows. According to Microsoft’s official developer documentation, setting the correct Digital Rights Management (DRM) flag on the application window will ensure that “content won’t show up in Recall or any other screenshot application.” So that’s exactly what Signal Desktop is now doing on Windows 11 by default.

A stylized close-up crop of a movie screenplay that says "INT. COPILOT+ PC MANUFACTURING FACILITY - NIGHT - METALLIC SHELVES in endless rows stretch into the darkness. Two figures crouch in the shadows. ALICE: DRM technology has been consistently used against us. BOB: It won't be the first time we've turned the tables. ALICE: My life has always felt like a movie."

Apps like Signal have essentially no control over what content Recall is able to capture, and implementing “DRM” that works for you (not against you) is the best choice that we had. It’s like a scene in a movie where the villain has switched sides, and you can’t screenshot this one by default either."

https://signal.org/blog/signal-doesnt-recall/

#CyberSecurity #Privacy #DataProtection #Microsoft #Windows #WindowsRecall #Signal #Messaging

Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store almost everything a user does every three seconds. Via @arstechnica@mastodon.social. #Signal #Cybersecurity #Windows #Recall #AI #Tech #Technology https://flip.it/bztLbn

Russian hackers breach orgs to track #aid routes to #Ukraine

https://www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/

#Russia #cybersecurity #politics

Happy Families: new certificates for faster and easier relay management

https://blog.torproject.org/happy-families/

#Tor #cybersecurity #anonymity #privacy #FOSS

Critical #Samlify #SSO flaw lets attackers log in as admin

https://www.bleepingcomputer.com/news/security/critical-samlify-sso-flaw-lets-attackers-log-in-as-admin/

#cybersecurity

#3AM #ransomware uses spoofed #IT calls, #email bombing to breach networks

https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/

#cybersecurity #SocialEngineering

Data-stealing #Chrome extensions impersonate #Fortinet, #YouTube, VPNs

https://www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/

#VPN #cybersecurity

Trojanized #RVTools push #Bumblebee #malware in #SEO poisoning campaign

https://www.bleepingcomputer.com/news/security/trojanized-rvtools-push-bumblebee-malware-in-seo-poisoning-campaign/

#cybersecurity

#KetteringHealth hit by system-wide outage after #ransomware attack

https://www.bleepingcomputer.com/news/security/kettering-health-hit-by-system-wide-outage-after-ransomware-attack/

#healthcare #cybersecurity

Marks & Spencer faces $402 million profit hit after #cyberattack

https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/

#MarksAndSpencer #UK #retail #cybersecurity #DataBreach #privacy

"The Trump administration will not seek the removal of Israeli tech firm NSO Group from a Commerce Department trade blacklist that has significantly dented the company’s financial fortunes, U.S. officials said this week.

Nor is the White House planning to rescind a Biden-era executive order that effectively bars the company from selling its controversial Pegasus spyware to the U.S. government, said the officials, who like others spoke on the condition of anonymity to discuss a sensitive matter.

The administration’s plans are a rebuff to NSO Group, which is in Washington this week on a rehabilitation tour, in hopes of being removed from the Commerce Department’s Entity List, which bars it from receiving U.S. technology. The list is sort of a scarlet letter in the business world because of the reputational harm it confers. Since the 2021 listing, NSO Group has faced significant financial hardship.

The statements to The Washington Post come amid speculation that the Trump administration might rescind or modify the executive order. President Donald Trump has revoked dozens of President Joe Biden’s orders and has others under review."

https://www.washingtonpost.com/national-security/2025/05/20/nso-group-pegasus-trump-eo/
#CyberSecurity #NSOGroup #NSO #Pegasus #Spyware #Surveillance #USA #Trump

"On May 12, Coinbase announced it will join the S&P 500 as its “first and only crypto company”.1a This is the latest change that may see more American investors inadvertently exposed to the cryptocurrency industry via index funds, following MicroStrategy’s entry into the NASDAQ-100 in December 2024.

Their joy was likely tempered when, only two days later on May 14, they had to announce a data breach that exposed customer data including names, addresses, phone numbers, email addresses, images of government ID documents, account balance and transaction data, and masked social security and bank account numbers. Although leaks like this typically lead to an uptick in phishing attempts, where scammers use the private information to contact customers and more convincingly impersonate Coinbase employees, the leak of account balance data and customer addresses is also particularly concerning given the recent spike in violent attacks and kidnappings targeting wealthy crypto holders.

Crypto security researchers have been warning for months about Coinbase’s evidently poor security practices and lack of attention to customer complaints, and describing hacks in which victims reported being scammed by attackers who seemed to have access to private Coinbase data. In February, zachxbt wrote: “Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. ... Coinbase is in a position where they have the power to make these changes and set a good example but they have chosen to do little to nothing.”

According to Coinbase, the data thieves bribed some members of Coinbase’s poorly paid offshore customer support team, who they described as “rogue overseas support agents”, who are reportedly earning less than $5,000 annually."

https://www.citationneeded.news/issue-84/

#CyberSecurity #Coinbase #Crypto #Cryptocurrencies #Hacking #DataLeaks #DataProtection

#KrebsOnSecurity Hit With Near-Record 6.3 Tbps #DDoS

https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/

#cybersecurity #cybercrime

#KDE is finally getting a native #VirtualMachine manager called "#Karton"

https://www.neowin.net/news/kde-is-finally-getting-a-native-virtual-machine-manager-called-karton/

#Linux #FOSS #cybersecurity #VM

#Coinbase #DataBreach Will ‘Lead to People Dying,’ #TechCrunch Founder Says

https://decrypt.co/321076/coinbase-data-breach-will-lead-to-people-dying-techcrunch-founder-says

#cybersecurity #privacy #crypto

#Windows11’s most important new feature is post-quantum #cryptography. Here’s why.

https://arstechnica.com/security/2025/05/heres-how-windows-11-aims-to-make-the-world-safe-in-the-post-quantum-era/

#PQE #cybersecurity #Microsoft

"I have more experience with routers than most, but the terms of use and policy documents I read for this article still weren't easy reading. Privacy policies typically aren't written with full transparency in mind.

"All a privacy policy can really do is tell you with some confidence that something bad is not going to happen," said Bennett Cyphers, a staff technologist with the privacy-focused Electronic Frontier Foundation, "but it won't tell you if something bad is going to happen."

"Often, what you'll see is language that says, 'we collect X, Y and Z data, and we might share it with our business partners, and we may share it for any of these seven different reasons', and all of them are very vague," Cyphers continued. "That doesn't necessarily mean that the company is doing the worst thing you could imagine, but it means that they have wiggle cover if they choose to do bad stuff with your data."

He's not wrong: Most of the privacy policies I reviewed for this post included plenty of the "wiggle cover" Cyphers described, with vague language and few actual specifics. Even worse, many of these policies are written to cover the entire company in question, including its services, websites and how it handles data from sales transactions and even job applications.

That means that much of what's written in a manufacturer's privacy policy might not even be relevant to routers."

https://www.cnet.com/home/internet/do-wi-fi-routers-track-you-rbrowsing-i-read-30000-words-of-privacy-policies-to-find-out/

#CyberSecurity #Privacy #Wifi #WifiRouters

#SKTelecom says #malware breach lasted 3 years, impacted 27 million numbers

https://www.bleepingcomputer.com/news/security/sk-telecom-says-malware-breach-lasted-3-years-impacted-27-million-numbers/

#cybersecurity #privacy #telecom #SouthKorea

Premium #WordPress '#Motors' theme vulnerable to admin takeover attacks

https://www.bleepingcomputer.com/news/security/premium-wordpress-motors-theme-vulnerable-to-admin-takeover-attacks/

#cybersecurity

#VanHelsing #ransomware builder leaked on hacking forum

https://www.bleepingcomputer.com/news/security/vanhelsing-ransomware-builder-leaked-on-hacking-forum/

#cybersecurity #cybercrime

Mobile carrier #Cellcom confirms #cyberattack behind extended outages

https://www.bleepingcomputer.com/news/security/mobile-carrier-cellcom-confirms-cyberattack-behind-extended-outages/

#cybersecurity #telecom

#HazyHawk gang exploits #DNS misconfigs to hijack trusted domains

https://www.bleepingcomputer.com/news/security/hazy-hawk-gang-exploits-dns-misconfigs-to-hijack-trusted-domains/

#cybersecurity

#RVTools hit in #SupplyChain attack to deliver #Bumblebee #malware

https://www.bleepingcomputer.com/news/security/rvtools-hit-in-supply-chain-attack-to-deliver-bumblebee-malware/

#cybersecurity

Why do hackers target service desks? It’s "quicker and easier" to manipulate a person than to carry out a technical breach. Via @BleepingComputer@infosec.exchange. #Cybersecurity #ServiceDesk #Hack #Technology #Tech https://flip.it/bVT08q