It infected 10 million computers. So why did cybergeddon never arrive?

June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS. The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that's available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe’s Flash media player, but it's in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.

Check Point Research and CyberInt have identified a chain of vulnerabilities in the Origin gaming client developed by Electronic Arts (EA). Once exploited, the vulnerabilities would have led to player account takeover and identity theft. EA is the world’s second-largest gaming company and boasts household gaming titles such as FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer and Medal of Honor in its portfolio.

What if the missile warning to residents in Hawaii 18 months ago wasn't a "miscommunication" but a hack done by North Korea? Researchers show how easy it is to spoof an emergency alert.

Even if you have the basics of security policy, are you sure your actual implementation is on track?

In January 2018, an emergency alert sent to local phones informed Hawaii residents of an impending nuclear ballistic missile attack, triggering some understandable panic. Needless to say, the attack wasn’t real, and a subsequent investigation found that the bogus alert was the result of little more than a clerical error.

At least 10 cell providers have been compromised, losing the call detail records for “hundreds of millions” of telco customers.

The U.S. National Aeronautics and Space Administration (NASA) this week confirmed that its Jet Propulsion Laboratory (JPL) has been hacked. An audit document from the U.S. Office of the Inspector General was published by NASA this week. It reveals that an unauthorized Raspberry Pi computer connected to the JPL servers was targeted by hackers, who then moved laterally further into the NASA network. How much further? Well, the hackers apparently got as far as the Deep Space Network (DSN) array of radio telescopes and numerous other JPL systems.

The U.S. has been hacking Iran. Allegedly U.S. Cyber Command has launched cyber strikes against Iranian command-and-control systems.

The patent describes how Amazon's drones could be primarily used for delivery, but could be asked by customers to check up on their properties.

The city of Riviera Beach, Florida, has “given in” to ransomware. And it’s the biggest municipal ransom we’ve seen: ₿65—about $600,000.

Third party data breach struck Quest Diagnostics’ billing vendor which exposed patients’ sensitive information including social security numbers and medical information.

Nothing is secure from physical access: Where there’s a will, there’s an exploit. Once the Cellebrite genie is out of the bottle, how can they contain it?

In the digital world, security has become synonymous with privacy. But the truth of the matter is that they are not the same at all.

The technology company tweeted its QLED-branded sets should be scanned once every few weeks.

What just happened? Do you own a Samsung QLED TV? If so, the company is advising that you regularly check for malware using its built-in virus scanner. Unsurprisingly, this hasn’t gone down well with most people.

The cyber cold war continues: Deep-throat sources claim the U.S. has implanted malware deep into Russia’s electricity grid. But hang on, something smells fishy.

In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.

Telegram, the encrypted messaging app, has come under sustained DDoS attack, which was traced back to IP addresses in China. It’s widely believed this is an attempt to disrupt citizen protests in Hong Kong, which are being coordinated using Telegram’s messaging group feature. The so-called #612strike protesters are against new Chinese extradition laws, saying they threaten Hong Kong’s status as an autonomous region.

Researchers have been experimenting with Rowhammer. And what they’ve found will shock you. RAMBleed is their catchy name for an arsenal of ways to read any physical memory on a machine. Yes, any memory: It works across processes, containers, and even VMs. You don’t need any runtime privilege. Neither DDR4, ECC, nor TRR can save us. We’re doomed. Multi-tenant public #cloud is suddenly looking less attractive.