Security News

The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. The new feature is available on the latest version of the DuckDuckGo browser for Windows, macOS, iOS, and Android, so syncing can only work between devices running these operating systems.

UK utilities giant Southern Water admits between 5 and 10 percent of its customers have had their data stolen during a January cyberattack. In a letter sent to customers already, seen by El Reg, Southern Water said names, dates of birth, national insurance numbers, bank account numbers, sort codes, and payment reference numbers may have been stolen.

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST's post-quantum options base their security on lattice problems.

The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security...

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security...

The Bumblebee malware loader seemingly vanished from the internet last October, but it's back and - oddly - relying on a vintage vector to try and gain access. First spotted in 2022 by researchers at Proofpoint - who identified it as an apparent replacement for BazarLoader - Bumblebee was originally used by high-profile ransomware groups including Russia-linked Conti.

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities in various versions of the operating systems embedded in the firmware of their popular network-attached storage devices. "Prior to the publication of CVE-2023-47565, Unit 42 researchers initially suspected the ATP-observed vulnerability to affect QNAP NAS systems running QTS firmware. However, on November 17, 2023, Unit 42 conducted reverse engineering and additional investigation of QTS firmware images and discovered the vulnerability now known as CVE-2023-50358. The two vulnerabilities are somewhat similar, but affect different software components in different classes of devices."

Get an iProVPN: Lifetime Subscription on sale for just $29.97 through February 19th for our Presidents' Day sale. That's why it's a good idea to use a tool like iProVPN. This highly rated service applies strong encryption to all your online traffic to maintain security.

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match their roles within the organization.

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting...