Security

Emotet, the botnet that came back from the dead

What just happened? The Emotet botnet was dead, or so researchers thought. The malicious network is now back in business with a new phishing campaign, exploiting a novel technique to push users and companies to infect themselves.

"Polite WiFi" loophole lets modified drones track device locations through walls

The White House is hosting its second international summit against ransomware

Why it matters: The US government is once again meeting with global partners to try and develop an effective strategy to fight (and win) the war against ransomware. Tech companies like Microsoft are joining as well, bringing their valuable, first-hand expertise to the table.

Cybercriminals are taking advantage of Twitter verification revamp

Emotion analysis technologies could be "immature and discriminating," says UK privacy authority

A hot potato: The United Kingdom's independent authority for privacy doesn't want companies or organizations to use emotion analysis systems based on biometric traits. It's an untested and nascent technology that could even fail to materialize at all.

Reflection DDoS attacks are on the rise again

Why it matters: A resurgence in vulnerable CLDAP servers is making DDoS attacks more powerful and dangerous. Windows network administrators should adopt strict security practices or take the server off the internet if there is no practical need for using the CLDAP protocol.

iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild

PSA: Apple has averaged about one zero-day vulnerability per month since January. The latest came with iOS 16, which hackers may have actively exploited over the last month. Apple issued iOS and iPadOS versions 16.1 and 16 earlier this week. Users with compatible devices should update them immediately.

Samsung's Maintenance Mode aims to hide your private information from repair techs

"Dormant Color" malware infects millions of PCs with malicious Chrome extensions

What just happened? Researchers with Guardio Security uncovered a "vast campaign" of malicious data-collecting browser extensions. The analysts dubbed it "Dormant Colors" because of the malware's focus on color and style themes — Action Colors, Power Colors, Super Colors, and so on. Dormant Colors consists of 30 different extensions that millions of users have downloaded.

Clearview AI fined for violating the European GDPR privacy law

In context: French authorities have imposed the maximum possible fine against Clearview AI, a biometric startup selling its controversial facial recognition technology to governments and law enforcement worldwide. The company must delete the data already acquired on French citizens or face an additional EUR100,000 fine per day.

Microsoft is testing its own CCleaner alternative

Qatar 'requires' World Cup visitors to install state-sponsored 'spyware' on their phones

BlackLotus, the new UEFI rootkit that makes security researchers worry

Why it matters: "BlackLotus" is being offered on underground forums as an all-powerful firmware rootkit, capable of surviving any removal effort and bypassing the most advanced Windows protections. If actual malware samples can prove the offer is real, of course.

KataOS is Google's new operating system for machine learning applications

Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives

Security researchers show off the RTX 4090's password cracking power

Ford says the upcoming Mustang will be "much more difficult" to tune, thanks to beefed up cybersecurity

Microsoft extends brute-force attack protections to local Windows accounts

Wi-Fi drones were used by hackers to penetrate a financial firm's network remotely

Why it matters: Hackers have a new attack vector they have been toying with over the last couple of years — drone penetration kits. Drones have become much more capable in the last several years, making them a viable option for covertly placing intrusion equipment near a network. Once just a field of theoretical security research, now hacking drones are being found in the wild.

0patch offers two more years of updates for Windows 7 and Windows Server 2008 R2

Forward-looking: Windows 7 will exit extended support very soon, but "micropatches" offered by 0patch are ready to take Microsoft's place in keeping the old operating systems safe and sound against Internet threats. At least for the most dangerous flaws discovered in modern Windows versions.

'Always-on VPN' feature on Android can leak unencrypted data

Google brings passwordless logins to Android and Chrome

Microsoft fixes two zero-day flaws in October 2022 Patch Tuesday

TL;DR: Microsoft released a new series of patches designed to fix bugs in Windows and other popular software products. The most significant updates remedy a couple of zero-day flaws, but the two Exchange bugs discovered in recent weeks are still a danger for mail servers worldwide.

KillNet pro-Russian hacktivists are targeting USA airports' websites

In context: The KillNet crew has brought down the websites of some of the busiest airports in the world. Several US-based terminals experienced online issues, while the increased activity by the pro-Russian hackers could bring the world into a proper cyber-war against the Kremlin.

Woman pays her Instagram lover $30,000 for a ticket back to Earth