General Cyber News via Ars Technica Risk Assessment

$5.9 million ransomware attack on farming co-op may cause food shortage

Attack on US farming provider NEW Cooperative may disrupt the food supply chain.
Publish Date: 9/21/2021
read more -->

Nation-state espionage group breaches Alaska Department of Health

Fallout continues from an advanced persistent threat first detected in May 2021.
Publish Date: 9/20/2021
read more -->

Epik data breach impacts 15 million users, including non-customers

Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak.
Publish Date: 9/20/2021
read more -->

A new app helps Iranians hide messages in plain sight

Nahoft uses encryption to turn chats into a random jumble of words.
Publish Date: 9/18/2021
read more -->

SpaceX’s Starlink will come out of beta next month, Elon Musk says

With 600,000 orders, SpaceX boosting dish production to (hopefully) meet demand.
Publish Date: 9/17/2021
read more -->

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
Publish Date: 9/17/2021
read more -->

Telegram emerges as new dark web for cyber criminals

Growing network of hackers sharing data leaks on encrypted messaging app.
Publish Date: 9/17/2021
read more -->

Office 2021 will be available for non-Microsoft 365 subscribers on October 5

New release won't get new features like the subscription versions of Office.
Publish Date: 9/16/2021
read more -->

Anonymous leaks gigabytes of data from alt-right web host Epik

Clients include 8chan, Parler, and Gab, among others.
Publish Date: 9/15/2021
read more -->

Microsoft accounts can go passwordless, making “password123” a thing of the past

Passwordless accounts rely on MS Authenticator or a security key for login.
Publish Date: 9/15/2021
read more -->

Travis CI flaw exposed secrets of thousands of open source projects

Developers furious at Travis CI's "insanely embarrassing 'security bulletin.'"
Publish Date: 9/14/2021
read more -->

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Zero-click flaw has been exploited by NSO since at least February 2021.
Publish Date: 9/14/2021
read more -->

Security researchers at Wiz discover another major Azure vulnerability

A little-known management service handed unauthenticated attackers root access.
Publish Date: 9/14/2021
read more -->

Infosec researchers say Apple’s bug-bounty program needs work

Apple allegedly pays less for bugs than its competitors do—and pays more slowly.
Publish Date: 9/9/2021
read more -->

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Millions of WhatsApp messages are reviewed by both AI and human moderators.
Publish Date: 9/8/2021
read more -->

ProtonMail removed “we do not keep any IP logs” from its privacy policy

Swiss courts compelled it to log and disclose a user's IP and browser fingerprint.
Publish Date: 9/7/2021
read more -->

Microsoft Outlook shows real person’s contact info for IDN phishing emails

IDN homograph attacks were a problem to begin with. Outlook just made 'em worse.
Publish Date: 9/7/2021
read more -->

Why ransomware hackers love a holiday weekend

Looking forward to Labor Day? So are ruthless gangs of cybercriminals.
Publish Date: 9/5/2021
read more -->

A brief overview of IBM’s new 7 nm Telum mainframe CPU

A typical Telum-powered mainframe offers 256 cores at a base clock of 5+GHz.
Publish Date: 9/2/2021
read more -->

NPM package with 3 million weekly downloads had a severe vulnerability

Untrusted JavaScript config file can execute arbitrary code.
Publish Date: 9/2/2021
read more -->


Copyright Ⓒ 2010 SecuritySpecifiers™