Security News

OpenTable has reversed its decision to show members' first names and profile pictures in past anonymous reviews after receiving backlash from members who felt it was a breach of privacy. This follows our reporting last week that OpenTable would display members' personal information on old and future reviews, even though old reviews, especially negative reviews, were created under the expectation they would remain anonymous.

Medium is banning AI-generated content from its paid Partner program, notifying users that the new policy goes into effect on May 1, 2024. "We are writing to notify you of policy updates that may impact your participation in the Medium Partner Program," the blogging platform noted in an email seen by BleepingComputer.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Palo Alto Networks firewalls under attack, hotfixes incoming!Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. It can handle almost anything, and someone once called it the kitchen sink of PKI. Microsoft patches two actively exploited zero-daysOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3...

A joint police operation between the Australian Federal Police and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan, later rebranded as "Hive.". The Australian Federal Police alleges that the Australian developed and sold the RAT on a dedicated hacking forum, enabling other users who paid for the tool to remotely access victims' computers and perform unauthorized activity.

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations....

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. Palo Alto Networks warned yesterday that hackers were actively exploiting an unauthenticated remote code execution vulnerability in its PAN-OS firewall software and that patches would be available on April 14.

Royal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. As Royal Mail transitioned towards barcoded stamps last year, the public had until the end of July 2023 to swap out their old paper stamps with ones carrying a 2D data matrix barcode at no cost.