Security News

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. Yesterday, BleepingComputer received multiple reports that reCaptcha stopped working in the latest version of Mozilla Firefox, with the issues also reported on Twitter and Reddit.

It is taking less time for organisations to detect attackers in their environment, a report by Mandiant Consulting, a part of Google Cloud, has found. Continued state-sponsored exploitation attacks: A Microsoft report found instances of nation-state cyber espionage rose last year.

The U.K.'s National Cyber Security Centre and other international cyber authorities, including the Federal Bureau of Investigation, have warned about pro-Russia hacktivist attacks targeting providers of operational technology. Pro-Russia hacktivists exploit both virtual network computing remote access software and default passwords to access the software components of internet-exposed industrial control systems associated with OT devices.

Digital transformation drove APAC tech salaries before 2022. APAC 2022 and 2023 tech salary crunch followed global tech sector woes.

NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. Germany said on Friday that the Russian threat group was behind an attack against the Executive Committee of the Social Democratic Party, compromising many email accounts using a Microsoft Outlook zero-day bug.