News
-
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a…
-
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
-
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December…
-
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of core blood supplies to NHS hospitals Read More
-
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat actor list on a cybercrime forum Read More
-
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here’s what the CIS CTI team has seen. Read More
-
Despite Bans, AI Code Tools Widespread in Organizations
Despite bans on AI code generation tools, widespread use and lack of governance are creating significant security risks for organizations Read More
-
North Korean Hackers Target Critical Infrastructure for Military Gain
A joint advisory by the UK, US and South Korea have warned of a global espionage campaign by a North Korea threat actor, Andariel, targeting CNI organizations Read More
-
The CrowdStrike Outage and Market-Driven Brittleness
Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely…
-
Robot dog trained to jam wireless devices during police raids
The US Department of Homeland Security has unveiled a dog-like robot that it says has been adapted to jam the connectivity of smart home devices. Read more in my article on the Hot for Security blog. Read More