A team of researchers recently found a side-channel vulnerability in Apple’s custom SoC architecture that does not appear patchable and allows for the theft of encryption keys.
The research team, which hails from six different universities around the United States, published its findings and is calling it the...
Read more...
Following yesterday's report on an Air National Guard member sharing classified documents around the Internet, it seems the U.S. Government cannot catch a break. A 63-year-old civilian member of the U.S. Air Force assigned to U.S. Strategic Command was arrested on March 2nd “allegedly conspiring to transmit and...
Read more...
The criminal underbelly of cybersecurity is a shady place, with threat actors thieving data and information wherever possible. On the seemingly competent side of the business, some folks also wish to make a quick buck off the latest hype and not do much actual hacking. Such is the case with the now former group called...
Read more...
When you get into the ransomware scene, one would think that you want to lay somewhat low while building up a decent reputation before going for the big fish. However, ransomware newcomer Mogilevich is coming out swinging with the claim that it has compromised Epic Games and made off with a good handful of data...
Read more...
Over the past couple of years, the ransomware industry has exploded leading to millions in lost dollars to cybercriminals extorting businesses to regain access and control of their private data. It was thought to have reached a head when the Biden Administration sought to crack down on the threat at the International...
Read more...
We've seen malware that wants to steal your files, money, or even your identity, but the new "Gold Pickaxe" mobile malware goes a step further. This nasty little piece of software is active on both Android and iOS, and it steals the victim's face. Security researchers warn the malware could be used to create deepfake...
Read more...
A wide range of processors based on AMD's Zen 2 architecture, including consumer Ryzen chips (desktop and mobile) and EPYC server silicon, are vulnerable to a newly discovered exploit that could allow an attacker to steal sensitive data. That includes user passwords, encryption keys, and other information that you...
Read more...
Apple is threatening to pull the ability to use iMessage and FaceTime from users in the UK over proposed new requirements on telecommunications operators. The new proposal is not a new law, but rather an update to the existing Investigatory Powers Act (IPA) 2016.
When it comes to allowing law enforcement and...
Read more...
Earlier this week, ASUS pushed a firmware update for 19 of the company’s routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port...
Read more...
Time to tighten up your password complexity, dear readers. A deep learning password guessing tool called PassGAN has been found to take less than six minutes to crack your seven-character password, even ones with symbols.
Nefarious hackers are constantly looking for new means of stealing your information, and...
Read more...
We often report on phishing campaigns involving fraudulent customer support agents who trick victims into giving up sensitive information or installing malware on their systems. However, sometimes threat actors flip this script, instead posing as customers in need of help in order to prey on customer support agents...
Read more...
Hardware vulnerabilities are never fun, especially when actively exploited in the wild. Forward-looking companies try to get ahead of bad actors by encouraging responsible disclosure and awarding bug bounties. AMD has worked with security researchers who recently found numerous desktop and server/data center...
Read more...
Back in August of this year, an unknown actor operating under the username “devil” posted information relating to 5.4 million Twitter users for sale on BreachForums. This data included the email addresses and phone numbers tied to users’ accounts. Now, someone with the username “Ryushi” claims to be selling a similar...
Read more...
The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize...
Read more...
Between all the scintillating Black Friday deals and the Cyber Monday bargains that will follow, you may end up spending a lot of time surfing online retail stores for discounts. That's all well and good, but if you're among the more than 2 billion people who use Google's Chrome browser, take a moment to apply the...
Read more...
We here at HotHardware regularly advise our readers to ensure that their systems and software are up to date. Updates may include cool new features, but most updates are security-driven, patching holes, fixing glitches, and preventing exploits. However, for Apple, apparently not all systems are created equal, for not...
Read more...
Mullvad VPN, the Swedish VPN service that powers Mozilla VPN, is currently in the midst of a security audit of its Android app. While conducting this audit, the company discovered that Android’s VPN settings don’t block the operating system from making certain connections to Google servers outside the VPN tunnel...
Read more...
After introducing video end-to-end encryption (E2EE) for a subset of its wired doorbell and camera devices over a year ago, Ring has announced that it is now extending this capability to its wireless devices. While the company doesn’t specify in its announcement which of its battery-powered devices will support E2EE...
Read more...
Researchers have detailed the SQUIP attack, which is particularly worrisome for users of AMD Zen 1, Zen 2 and Zen 3 processors. Researchers were able measure the precise degree of Scheduler Queue Usage (i.e., occupancy) via Interference Probing, giving the attack its name. Using this technique, it was possible in...
Read more...
Amazon published a press release this morning announcing that it has entered into a merger agreement with iRobot, the company best known for its Roomba line of robot vacuum cleaners. So long as the deal receives shareholder and regulatory approval, Amazon will acquire iRobot for a $61 per share, totaling approximately...
Read more...
Ransomware attacks have been on the rise. This time around, the small Ontario, Canada town of St. Marys has been targeted. The ransomware organization behind the attack seems to be LockBit. So far though, no ransom has been paid. The town itself claims that most city functions are still operational and staff are still...
Read more...
Phishing attacks employ various methods to trick users into handing over sensitive information, such as login credentials. Over time, as users have become more suspicious and email clients, web browsers, and IT departments have implemented anti-phishing measures, scammers have had to get creative and devise more...
Read more...
