How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency
“I’m completely interested in the creative ways computers can break down,” Schultz jokes.
Is it bad to have a major security incident on your résumé? (Seriously I don’t know)
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
The security pitfalls of social media sites offering ID-based authentication
Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.
10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome
Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.
What’s the point of press releases from threat actors?
It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.
Turns out even the NFL is worried about deepfakes
With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.
Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.
You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)
Patterson and her teammates are responsible for helping to disclose and patch more than 200 security vulnerabilities a year, some of which affect devices used in thousands of households around the world.
A secondhand account of the worst possible timing for a scammer to strike
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.