Pulse of Truth

Transak, a leading crypto payment services provider, has been affected by a significant data breach that affected over 92,000 users. The incident, which came to light on October 21, 2024, stemmed from a sophisticated phishing attack that compromised an employee’s laptop. The breach exposed the sensitive personal information of 92,554 users, representing approximately 1.14% of […] The post Crypto Payment Firm Transak Hit by Data Breach After Employee’s Laptop Hack appeared first on Cyber Security News.

Jason Koebler / 404 Media: A civil rights org claims in a lawsuit that a VA town violated 4A protections by installing Flock cameras, making it “impossible” for citizens to move untracked  —  “It is functionally impossible for people to drive anywhere without having their movements tracked, photographed …

Intel had a solution ready to add 64-bit features to the "classic" 32-bit x86 ISA, but the company chose to push forward with the Itanium operation instead. A new snippet of technology history has recently emerged from a year-old Quora discussion. Intel's former "chief x86 architect," Bob Colwell, provides a...Read Entire Article

Sabotage supposedly cost tens of millions, but TikTok owner ByteDance denies it.

Hackers commonly bypass Microsoft Windows kernel protections to enable cheating in competitive online games, new research shows. Academics at the University of Birmingham performed a technical analysis of how game cheats and anti-cheat systems work and carried out a market investigation, analyzing 80 cheat-selling sites in Europe and North America over three months.

The deal follows a marketwide push for vendor consolidation and a growing interest in more end-to-end offerings from a single provider.

Microsoft recently unveiled OpenHCL , an open-source paravisor that augments virtualization stacks to facilitate confidential computing VMs on Intel TDX and AMD SEV-SNP platforms. Written in Rust , well-known for its strong memory safety guarantees, OpenCL represents a milestone achievement for the open-source security community.

A new AI tool named Vulnhuntr has been introduced, revolutionizing the way vulnerabilities are discovered in open-source projects. This innovative tool leverages the power of large language models (LLMs) to find and explain complex, multi-step vulnerabilities, including remotely exploitable 0-day vulnerabilities, with unprecedented efficiency and accuracy. Developed by Protect AI, Vulnhuntr has already made significant […] The post New AI Tool to Discover 0-Days at Large Scale With Click of a Button appeared first on Cyber Security News.

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of

Steven Levy / Wired: How Cloudflare CTO John Graham-Cumming cracked an encrypted ZIP file containing the code for a system that helped ANC members communicate safely under apartheid  —  John Graham-Cumming, who happens to be Cloudflare's CTO, cracked a 30-year-old encrypted file that had a role in rewriting South Africa's history.

US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]

Hackers reveal the old Redbox kiosks can be easily hacked for users' names and some financial info. The data may go back close to a decade.

    Image: Hugo Herrera / The Verge

Book publisher Penguin Random House is putting its stance on AI training in print. The standard copyright page on both new and reprinted books will now say, “No part of this book may be used or reproduced in any manner for the purpose of training artificial intelligence technologies or systems,” according to a report from The Bookseller spotted by Gizmodo. The clause also notes that Penguin Random House “expressly reserves this work from the text and data mining exception” in line with the European Union’s laws. The Bookseller says that Penguin Random House appears to be the first major publisher to account for AI on its copyright page. What gets printed on that page might be a warning shot, but it also has little to do with actual...

Continue reading…

Four business addresses were raided, officers seize server used to host illegal streaming service

Moldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]

A new Spectre bypass exploit has exposed vulnerabilities in recent Intel processors and older AMD microarchitectures running Linux, with severe ramifications for ongoing efforts to combat speculative execution attacks.

Will Shanklin / Engadget: The FCC issues new rules that will require all mobile phones sold in the US to be compatible with hearing aids, “after a transition period”  —  With the number of Americans 65 and older expected to balloon by nearly 50 percent by 2050, the rules will ensure those with hearing loss …

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon. Blind spots undermine breach detection CISOs identified blind spots as a key issue, with 70% of CISOs stating their existing security tools are not as effective as they could be when it comes to detecting breaches due to … More → The post Despite massive security spending, 44% of CISOs fail to detect breaches appeared first on Help Net Security.

Researcher feeds screen recordings into Gemini to extract accurate information with ease.

If you picked today in your hackerspace’s sweepstake on when Winamp would pull their code repository, congratulations! You’re a winner! The source for the Windows version of the venerable music …read more

Natasha Lomas / TechCrunch: The EU declines to designate X as a DMA gatekeeper after an investigation found that “X is not an important gateway for business users to reach end users”  —  Elon Musk's X won't be regulated under the European Union's Digital Markets Act (DMA) the Commission decided Wednesday …