Here’s How Bad a Twitter Mega-Breach Would Be

“Twitter has seemingly neglected security for a very long time, and with all the changes, there is risk for sure,” says David Kennedy, CEO of the incident response firm TrustedSec, who formerly worked at the NSA and with the United States Marine Corps signal intelligence unit. “There’s a lot of work to be done to … Read more

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Whether you run IT for a massive organization or simply own a smartphone, you’re intimately familiar with the unending stream of software updates that constantly need to be installed because of bugs and security vulnerabilities. People make mistakes, so code is inevitably going to contain mistakes—you get it. But a growing movement to write software … Read more

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

The release of Apple’s new macOS 13 Ventura operating system on October 24 brought a host of new features to Mac users, but it’s also causing problems for those who rely on third-party security programs like malware scanners and monitoring tools.  In the process of patching a vulnerability in the 11th Ventura developer beta, released … Read more

Your Microsoft Exchange Server Is a Security Liability

Childs points to two other ZDI discoveries of Exchange vulnerabilities, one in 2018 and another in 2020, that were actively exploited by hackers even after the bugs were reported to Microsoft and patched. Security podcast Risky Business went so far as to title a recent episode “It’s Exchangehog Day,” in a reference to the dreary … Read more

TikTok’s Security Threat Comes Into Focus

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. But as the conflict evolves, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend … Read more

5 Best Password Managers (2022): Features, Pricing, and Tips

There are apps for Android, iOS, Windows, MacOS, and Linux, as well as extensions for all major web browsers. Bitwarden also has support for Windows Hello and Touch ID on its desktop apps for Windows and MacOS, giving you the added security of those biometric authentication systems. Another thing I like is Bitwarden’s semiautomated password … Read more

A Matrix Update Patches Serious End-to-End Encryption Flaws

Developers of the open source Matrix messenger protocol have released an update to fix critical end-to-end encryption vulnerabilities that subvert the confidentiality and authentication guarantees that have been key to the platform’s meteoric rise. Matrix is a sprawling ecosystem of open source and proprietary chat and collaboration clients and servers that are fully interoperable. The … Read more

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical computer. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy … Read more

The Dire Warnings in the Lapsus$ Hacker Joyride

“At the end of the day, the flexibility of how you can abuse corporate accounts to move laterally and pivot over to other applications in the cloud—there are just so many different ways that attackers can use enterprise credentials,” says Crane Hassold, director of threat intelligence at Abnormal Security and a former digital behavior analyst … Read more