BlackLotus UEFI bootkit can defeat Secure Boot protection
The myth is real now, and you can't protect yourself from the ghost in the machine
Bitdefender defeats Mortal Kombat ransomware with free decryptor
Unencrypt your files silently, with additional arguments and commands for automation
U.S. Marshals Service is the latest in a string of cybersecurity "incidents" over last two weeks
The big picture: The US government has had a bad run of cybersecurity-related incidents over the last couple of weeks. In the span of 12 days, officials from the FBI, DoD, and USMS have confirmed one data leak caused by human error and two separate attacks against government systems. So far, investigators have either not found any suspects or are keeping the lid on what they have discovered.
LastPass says employee's home computer was hacked to steal a decrypted vault
Reportedly via Plex
In brief: Password manager LastPass has revealed details of a breach last year that resulted in partially encrypted user login data being stolen. The company confirmed that the incident stemmed from a previous hack in August that enabled the hacker to steal credentials from a DevOps engineer's home computer and obtain a decrypted vault.
EU Commission bans TikTok from employee devices over cybersecurity fears
TikTok says the ban "is misguided and based on fundamental misconceptions"
Google is hardening Android security at the firmware level
An arduous but necessary task to improve security for over 2.5 billion active users
Activision suffered a data breach in December, exposing confidential data and future gaming plans
The company confirmed the breach but denied data exfiltration
Misconfigured government mail server spilled sensitive military data for weeks
The drip has been contained
Twitter's SMS two-factor authentication is now a paid feature
Non-subscribers will still have access to 2FA via authentication apps and security keys
Stealthy malware that opens a backdoor into Windows web servers discovered
Putting some custom FREB code into your regular IIS connections
Tile adds anti-theft mode that makes its trackers undetectable, threatens $1 million fine if used for stalking
It requires an extensive verification process
In context: Tackers such as Apple's AirTags are becoming an increasingly popular way of keeping track of items such as car keys, but while they might discourage thefts, they've also made it a lot easier for people to follow someone without them realizing. Tile's new Anti-Theft Mode makes the trackers more difficult to discover, which is potentially bad news for thieves but good news for stalkers. However, Tile is threatening anyone who engages in the latter with a $1 million fine.
After deprecation, Intel's SGX technology is still messing with users' security
The now-deceased security tech is still being patched for vulnerabilities
Microsoft's Patch Tuesday for February fixes 3 zero-day bugs and more
Windows and Office being pierced by hackers as usual
Thousands of websites infected to redirect users in Google Ads view-pumping scam
WordPress sites infected to redirect visitors to crypto Q&A spam
Hackers hit US Windows systems with "Mortal Kombat" ransomware
Scorpion says: "Get over here!" Watch out for emails from the crypto exchange CoinPayments. Hackers are running a new "Mortal Kombat" ransomware campaign. The attackers disguise the phishing email attachment to look like payment transactions. However, when opened, the payload automatically downloads either ransomware or a crypto-wallet skimmer. So it's a bit like a one-two uppercut. TOASTY!
A new version of iOS and iPadOS fixes a zero-day bug exploited by hackers
The bug could be part of some infamous commercial spyware targeting iOS
Two-Factor Authentication: Methods and Myths
When I mentioned to a few friends that I was writing a feature about two-step authentication, the typical response was an eye-roll and "Oh, that annoying thing?..." But wait. There's more to it.
Reddit recommends users set up 2FA following confirmed data breach
Reddit sources say no user data was compromised in the attack
Valve left a security flaw in Dota 2 for two years until someone tried to exploit it
An outdated build of the V8 JavaScript engine put players at risk
Windows 11: a spyware machine out of users' control?
Microsoft's latest OS starts collecting telemetry as soon as the boot process ends
Malware delivery through Microsoft OneNote files is growing in a post-macro world
OneNote is demonstrating its effectiveness as a malware distribution platform
New ransomware campaign targets old VMware flaw patched two years ago
Umm... Who is administering these systems?
For now, don't Google search for software downloads
Hackers have tricked Google Ads, redirecting users towards malware payloads
Former developer of Ubiquiti confessed to stealing data, trying to extort the networking company
While pretending to be an anonymous hacker
QNAP's NAS devices affected by a new critical security issue, patches are available
The next ransomware target for cyber-crime gangs?