A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.

Files available on the open source NPM repository underscore a growing sophistication.

Lawsuit: One user's IP address was identified in 4,450 infringement notices.

A while ago I already looked into Avast Secure Browser. Back then it didn’t end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user’s computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn’t finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast’s Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in Europe and the US. According to the European decision, Avast is still arguing despite better knowledge that their data collection was fully anonymized and completely privacy-conformant but… well, old habits are hard to get rid of. Either way, it’s time to take a look at Avast Secure Browser again. Because… all right, because of the name. That was a truly ingenious idea to name their browser like that, nerd sniping security professionals into giving them free security audits. By now they certainly would have addressed the issues raised in my original article and made everything much more secure, right?

Note: This article does not present any actual security vulnerabilities.[...]

Hacktivists claim they have stolen 1.2 TB of data from Disney's developer Slack channels.

Authors/Presenters:Nian Xue, Yashaswi Malla, Zihang Xia, Christina Pöpper, Mathy Vanhoef
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables appeared first on Security Boulevard.

    Photo by Tom Warren / The Verge

Alderon Games, the maker of dinosaur MMO Path of Titans, says it's swapping out its Intel 13th and 14th Gen-based servers for AMD and urges others hosting the game’s servers to do the same. The developer has had “significant” instability issues that none of the fixes so far have reversed, wrote Alderon founder Matthew Cassells in a blog post last week. Cassells wrote that Alderon has recorded “thousands of crashes” on gamers’ CPUs using its crash reporting tools and says the processors can also corrupt SSDs and memory. He added that in his team’s experience, 100 percent of the affected CPUs “deteriorate over time, eventually failing.” On the contrary, Unreal Engine decompression tool maker RAD Game Tools, which Cassells cites in the...

Continue reading…

Cryptography ain’t easy. Seemingly small details like how many times a computationally intensive loop runs can give the game away. [Lord Feistel] gives us a demo of how this could …read more

Google parent Alphabet Inc. is in advanced talks to buy cybersecurity startup Wiz in a deal that could fetch $23 billion, the Wall Street Journal reported, citing people with knowledge of the matter.

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain.

A hacker who claims to have stolen sensitive call and text logs from AT&T Inc. said they were paid about $400,000 to erase the data trove.

    Images of UTM SE from its App Store listing. | Screenshots: UTM SE

Apple has approved UTM SE, an app for emulating a computer to run classic software and games, weeks after the company rejected it and barred it from being notarized for third-party app stores in the European Union. The app is now available for free for iOS, iPadOS, and visionOS. After Apple rejected the app in June, the developer said it wasn’t going to keep trying because the app was “a subpar experience.” Today, UTM thanked the AltStore team for helping it and credited another developer “whose QEMU TCTI implementation was pivotal for this JIT-less build.”

  Screenshot: UTM SE
  UTM SE doesn’t include any virtual machines, but does help you find them.

As with other emulators on the App Store, you can’t do much...

Continue reading…