Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.
Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.
Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.
Following reports about U.S. companies that enable government and other users to access real-time tracking information for all major U.S. wireless carriers' subscribers, provider Securus Technologies has reportedly been hacked, while LocationSmart has fixed a data-exposing flaw.
Respiratory care provider Lincare Inc. has signed an $875,000 settlement of a class action lawsuit brought by current and former employees in the wake of a 2017 breach involving a business email compromise scam. The company was previously fined by federal regulators after another breach.
The noose appears to be tightening around the Dark Overlord, a group of international hackers who have stolen and held for ransom sensitive information from dozens of companies, healthcare organizations and U.S. public schools. Serbian police say they've arrested a suspect in cooperation with the FBI and U.K....
The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.
A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.
Researchers at the University of Cambridge, via a myPersonality test on Facebook, reportedly used data from 3 million users to power a spin-off company that delivered targeted advertising services. Facebook says the app is one of 200 that it's suspended for suspicious data handling practices.
Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.
Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.
European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.
A bipartisan group of U.S. lawmakers has reintroduced legislation in the House that would stop the government from forcing software vendors to intentionally weaken their products for surveillance purposes. Two prior attempts to enact the legislation in Congress have failed.