China-linked APT Caught Pilfering Treasure Trove of IP

Researchers from Cybereason’s Nocturnus Team have uncovered a massive, highly successful, three-year-long campaign of intellectual property theft. The perpetrators were likely able to siphon hundreds of gigabytes worth of “sensitive proprietary information from technology and manufacturing...

How to Choose Tech Stack for Mobile App Development

By Owais Sultan What a good tech stack for a mobile app is and how to, actually, pick the right one… This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development...

A week in security (April 25 – May 1)

Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...

Beware scammers disguised as fraud busters

Fraudsters like confusing and disorienting people. Successful ones avoid obvious lines of approach and try things you wouldnt expect. A recent story highlights this, with a particularly devious method of parting someone from their money. The Daily Record reports scammers running off with an $11,0...

Why you should be taking security advice from your grandmother

We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine. The defau...

Hackers fool major tech companies into handing over data of women and minors to abuse

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests EDRs from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But do...

crm.digitaltechvalley.com Cross Site Scripting vulnerability OBB-2554676

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

It Was a Good Month for Fighting Cybercrime—Don’t Get Comfortable

Even as police and tech companies get better at shutting down illicit operations, cybercrime is worse than ever...

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency CISA has warned. To that end, the agency has added the shortcoming to its Known Exploited...

golang-tech-stack.com Cross Site Scripting vulnerability OBB-2526797

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...

tech.24by7.ca Cross Site Scripting vulnerability OBB-2488921

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Senate Bill That Has Big Tech Scared

The proposal would stop the biggest platforms from giving themselves an advantage over the little guys. Who's afraid of a little competition?...

5 Common Database Management Challenges & How to Solve Them

By Owais Sultan Since nearly every application or tool in your tech stack connects to a database, it’s no surprise that… This is a post from HackRead.com Read the original post: 5 Common Database Management Challenges & How to Solve Them...

ALPINE-CVE-2022-26361

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

Hackers Using Fake Police Data Requests against Tech Companies

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as...

CVE-2022-25584

Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000GY allows attackers to access sensitive information...

Information disclosure

Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000GY allows attackers to access sensitive information...