The malware group behind Magecart continues to be on the cutting edge of hiding in plain sight. A report this week from Roman Lvovsky, an Israeli security researcher at Akamai Technology,  demonstrates three obfuscation techniques that have been recently spotted by their telemetry. Magecart has been operating for years infecting various e-commerce websites, most notably ...

A sad and scary new record was set this past week, with the latest and biggest distributed denial-of-service attack. The network security provider Cloudflare Inc. posted on its blog today that it had observed and repelled the attack in August. The previous volumetric record was set in February, the August attack was three times as much. ...

A group of journalists and researchers today released evidence of a massive campaign to spy on numerous political leaders across the globe. Called “The Predator Files,” the project covers the use of potent spyware that targeted more than 50 social media accounts in 10 countries beginning in February. It documents the reports from dozens of ...

The role of civilian hackers during warfare continues to expand, and now at least one group is trying to set up some rules of engagement. But whether the proposal from the International Committee of the Red Cross announced Wednesday will gain any traction and make these attempts more humane is anyone’s guess. Civilian hackers have participated ...

Facial recognition software has come full circle, from tech darling to tech disaster. Now, its rise and fall have been chronicled by Kashmir Hill (pictured below), a technology reporter for the New York Times who has tracked its potential and problems through one of its major innovators, Clearview AI Inc. Her new book, “Your Face Belongs ...

Running a criminal cryptocurrency enterprise has certainly gotten more complicated. It was 10 years ago this week when Ross Ulbricht walked into a branch of the San Francisco public library to spend another day running the Silk Road, his marketplace for buying and selling illegal and questionable goods. He walked out in handcuffs after an ...

John Kindervag, the originator of the term zero-trust networking, has joined Illumio Inc. as its chief evangelist. Kindervag, whose appointment was announced Monday, has had a long and successful career in information security, including serving on various advisory boards and more than eight years working for Forrester Research as an analyst. He was at Forrester where ...

Security penetration testing provider SpecterOps Inc. today became the latest company to offer a “purple team” assessment, a sign that the collaborative approach to cybersecurity is catching on. The concept refers to using both defensive and offensive measures to understand the weak spots in a customer’s infrastructure, and to shore up defenses to prevent future ...

A new report on the security of artificial intelligence large language models, including OpenAI LP’s ChatGPT, shows a series of poor application development decisions that carry weaknesses in protecting enterprise data privacy and security. The report is just one of many examples of mounting evidence of security problems with LLMs that have appeared recently, demonstrating ...

One of the largest nonfungible token marketplaces OpenSea was hacked once again this week. The hack follows two other attacks, the last back in June 2022, when a third-party contractor was able to download emails of its users and newsletter subscribers and provide a copy to an unauthorized party. An earlier phishing attack in February ...