Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.
Автор: Becky Bracken, Senior Editor, Dark Reading
IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack
Threat actors punch holes in the company’s online ordering systems, tripping up doughnut deliveries across the US after a late November breach.
Millionaire Airbnb Phishing Ring Busted Up by Police
Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.
Texas Teen Arrested for Scattered Spider Telecom Hacks
An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on ‘key Scattered Spider members’ and their tactics.
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.
News Desk 2024: The Rise of Cybersecurity Platforms
Enterprise cybersecurity teams tell Omdia’s Maxine Holt that they want to dig out from underneath mounting tech and pivot to a simpler platform model — but they are finding that tricky to pull off.
News Desk 2024: Can GenAI Write Secure Code?
GenAI’s 30%-50% coding productivity boost comes with a downside — it’s also generating vulnerabilities. Veracode’s Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.
BlackBasta Ransomware Brand Picks Up Where Conti Left Off
New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren’t so sure the brand means that much.
MITRE: Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
In addition to XSS, MITRE and CISA’s 2024 list of the 25 most dangerous security vulnerability types (CWEs) also flagged out-of-bounds write, SQL injection, CSRF, and path traversal.