The Latest from Zack Whittaker
A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes
A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the depa
Microsoft ends Windows 7 security updates
Pour one out for Windows 7, the decade-old operating system that today reached the end of the security line. Some three years after Microsoft called time on mainstream support of Windows 7, the techno
Meet the cybercriminals of 2022
Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cybercrime operations of the year, even if it meant resorting to new
It’s all in the (lack of) details: 2022’s badly handled data breaches
Data breaches can be extremely harmful to organizations of all shapes and sizes — but it’s how these companies react to the incident that can deal their final blow. While we’ve seen some exc
LastPass says hackers stole customers’ password vaults
Password manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach e
Even the FBI says you should use an ad blocker
This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI — which this week issued an alert warning that cyb
Support King, banned by FTC, linked to new phone spying operation
A year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 ban
Parsing LastPass’ data breach notice
Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year. Back in August, LastPass found that an employee’s work account was compromi
Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on November
Xnspy stalkerware spied on thousands of iPhones and Android devices
A little-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority whose owners are unaware that their data has been compromised. Xnsp
Florida state tax website bug exposed filers’ data
A security flaw on the Florida Department of Revenue website exposed at least hundreds of taxpayers’ Social Security numbers and bank account numbers, a security researcher found. Kamran Mohsin
LastPass says it was breached — again
Password manager LastPass said it’s investigating a security incident after its systems were compromised for the second time this year. LastPass chief executive Karim Toubba said in a blog post
Hackers are locking out Mars Stealer operators from their own servers
A security research and hacking startup says it has found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims. Mars Stealer
Booz Allen says former staffer downloaded employees’ personal data
U.S. government contractor Booz Allen Hamilton has disclosed that a former staffer downloaded potentially tens of thousands of employees’ personal information from the company’s internal
A simple Android lock screen bypass bug landed a researcher $70,000
Google paid the security researcher for reporting a bug that skirted Android lock screen protections.
Google says surveillance vendor targeted Samsung phones with zero-days
Google says it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer Samsung smartphones. The vulnerabilities, discovered in Samsung&
Twitter chief information security officer Lea Kissner departs
Twitter’s most senior cybersecurity staffer Lea Kissner has departed the social media giant. Kissner announced the move in a tweet on Thursday, saying they made the “hard decision” t
Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug
The vulnerability in the door entry security system, used in government buildings and apartment complexes, cannot be fixed.
SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack
The long hangover from a 2020 state-sponsored compromise still isn’t over for SolarWinds, as the software giant targeted by Russian government hackers has to pony up $26 million to shareholders
Twitter to delay verification check mark rollout until after US midterm elections
Twitter is reportedly delaying the rollout of verification check marks to subscribers as the social network attempts to steer clear of possible impact to Tuesday’s midterm elections. The Elon Mu