How weak passwords and other failings led to catastrophic breach of Ascension

“Fundamentally, the issue that leads to Kerberoasting is bad passwords,” Tim Medin, the researcher who coined the term ...
Security Boulevard

APT37 Targets Windows with Rust Backdoor and Python Loader

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...
Android Police

Discover the security risks of using automatic password autofill

Jon has been an author at Android Police since 2021. He primarily writes features and editorials covering the latest Android news, but occasionally reviews hardware and Android apps. His favorite ...
Bleeping Computer

Crypto24 ransomware hits large orgs with custom EDR evasion tool

The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files. The threat group's earliest activity was reported on ...
The Hacker News

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) ...
Wired

Encryption Made for Police and Military Radios May Be Easily Cracked

Two years ago, researchers in the Netherlands discovered an intentional backdoor in an encryption algorithm baked into radios used by critical infrastructure–as well as police, intelligence agencies, ...
Computer Weekly

WhatsApp is refused right to intervene in Apple legal action on encryption ‘backdoors’

A court is to hear legal challenges against a secret order issued by the Home Office that requires Apple to give British law enforcement and intelligence agencies the ability to access users’ ...
9to5google

Google Messages testing RCS’ new MLS encryption, Details page redesign

Back in March, cross-platform end-to-end encryption (E2EE) for RCS was announced, and Google Messages is beginning to test the new Messaging Layer Security (MLS) protocol. Universal Profile 3.0 adds ...
Wired

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. Until last week, the platform that runs ...
decrypt

Meta and OpenAI Use of Copyrighted Books for Training AI Was Fair Use: Federal Judge

A U.S. judge ruled Meta's AI training on copyrighted books qualifies as fair use, dealing a blow to 13 authors. The decision follows a similar ruling favoring Anthropic, though courts warned AI ...
SlashGear

Google Says Your Accounts May Not Be Secure Enough - Here's Why You Should Stop Using Just A Password

If passwords are the centerpiece of your online security strategy, you're not alone. According to a Google and Morning Consult survey, 60% of U.S. consumers say they use strong, unique passwords to ...