Personal data of US House and Senate members offered for sale following healthcare hack
The DC Health Link breach saw 170,000 records compromised
Google One expands VPN service to all subscribers, adds dark web monitoring
New privacy and security features coming to Google One
Acer confirms data breach after hacker lists trove of stolen material for sale
No customer or financial data was compromised
Meta is suing Freenom, cybercriminals' favorite domain registrar
The TLD service provider is not accepting free domain registrations anymore
White House supports Senate bill that would enable US to ban TikTok
TikTok has almost 100 million active users in the US
Two security flaws in the TPM 2.0 specs put cryptographic keys at risk
In-hardware security can be defeated with just two extra bytes
Multibillion dollar companies should do more to prevent cyberattacks, says the Biden administration
Cyberattacks are getting more sophisticated and existing security mechanisms are proving ineffective
BlackLotus UEFI bootkit can defeat Secure Boot protection
The myth is real now, and you can't protect yourself from the ghost in the machine
Bitdefender defeats Mortal Kombat ransomware with free decryptor
Unencrypt your files silently, with additional arguments and commands for automation
U.S. Marshals Service hack is the latest in a string of cybersecurity "incidents" over last two weeks
The big picture: The US government has had a bad run of cybersecurity-related incidents over the last couple of weeks. In the span of 12 days, officials from the FBI, DoD, and USMS have confirmed one data leak caused by human error and two separate attacks against government systems. So far, investigators have either not found any suspects or are keeping the lid on what they have discovered.
LastPass says employee's home computer was hacked to steal a decrypted vault
Reportedly via Plex
In brief: Password manager LastPass has revealed details of a breach last year that resulted in partially encrypted user login data being stolen. The company confirmed that the incident stemmed from a previous hack in August that enabled the hacker to steal credentials from a DevOps engineer's home computer and obtain a decrypted vault.
EU Commission bans TikTok from employee devices over cybersecurity fears
TikTok says the ban "is misguided and based on fundamental misconceptions"
Google is hardening Android security at the firmware level
An arduous but necessary task to improve security for over 2.5 billion active users
Activision suffered a data breach in December, exposing confidential data and future gaming plans
The company confirmed the breach but denied data exfiltration
Misconfigured government mail server spilled sensitive military data for weeks
The drip has been contained
Twitter's SMS two-factor authentication is now a paid feature
Non-subscribers will still have access to 2FA via authentication apps and security keys
Stealthy malware that opens a backdoor into Windows web servers discovered
Putting some custom FREB code into your regular IIS connections
Tile adds anti-theft mode that makes its trackers undetectable, threatens $1 million fine if used for stalking
It requires an extensive verification process
In context: Tackers such as Apple's AirTags are becoming an increasingly popular way of keeping track of items such as car keys, but while they might discourage thefts, they've also made it a lot easier for people to follow someone without them realizing. Tile's new Anti-Theft Mode makes the trackers more difficult to discover, which is potentially bad news for thieves but good news for stalkers. However, Tile is threatening anyone who engages in the latter with a $1 million fine.
After deprecation, Intel's SGX technology is still messing with users' security
The now-deceased security tech is still being patched for vulnerabilities
Microsoft's Patch Tuesday for February fixes 3 zero-day bugs and more
Windows and Office being pierced by hackers as usual
Thousands of websites infected to redirect users in Google Ads view-pumping scam
WordPress sites infected to redirect visitors to crypto Q&A spam
Hackers hit US Windows systems with "Mortal Kombat" ransomware
Scorpion says: "Get over here!" Watch out for emails from the crypto exchange CoinPayments. Hackers are running a new "Mortal Kombat" ransomware campaign. The attackers disguise the phishing email attachment to look like payment transactions. However, when opened, the payload automatically downloads either ransomware or a crypto-wallet skimmer. So it's a bit like a one-two uppercut. TOASTY!
A new version of iOS and iPadOS fixes a zero-day bug exploited by hackers
The bug could be part of some infamous commercial spyware targeting iOS
Two-Factor Authentication: Methods and Myths
When I mentioned to a few friends that I was writing a feature about two-step authentication, the typical response was an eye-roll and "Oh, that annoying thing?..." But wait. There's more to it.
Reddit recommends users set up 2FA following confirmed data breach
Reddit sources say no user data was compromised in the attack