Trending

Hot Cybersecurity News. Hot Cyber Articles Vulnerability disclosures, Malware and Threat analysis. Exploit & Vulnerability News. Independent researchers and analysis.

union jack, british, flag-1027898.jpg

UK bans Chinese CCTV cameras at ‘sensitive’ government locations

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Government departments have been told to rip them off core networks and replace them whenever and wherever possible “A review of the current and future possible security risks associated with the installation of visual surveillance systems on the government estate has concluded that, in light of the threat to the UK and the increasing capability …

UK bans Chinese CCTV cameras at ‘sensitive’ government locations Read More »

Zero-day

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

In response to a heap buffer overflow vulnerability, Google has released a security update for the desktop versions of Google Chrome for Windows, Linux, and Mac. The Chrome vulnerability is already being used in the wild, claims Google’s own blog. This is the eighth time this year that a Google Chrome zero-day vulnerability has been …

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year Read More »

apple

RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

The Directory Services Identifier (DSID), which might be used to identify users, is a part of the analytics data acquired by iPhone, according to researchers at the software company Mysk Because Apple collects both DSID and Apple ID, it can use the former to recognise the user and access any related personal data, such as …

RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users Read More »

security

Over 50 Million Passwords Stolen by 30+ Russian Cybercrime Groups Using Stealer Malware

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

In the first seven months of 2022, up to 34 Russian-speaking gangs using the stealer-as-a-service business model to distribute information-stealing software stole no less than 50 million credentials. The Singapore-based Group-IB reported that the “underground market value of stolen logs and compromised card data is estimated to be over $5.8 million.” The thieves not only …

Over 50 Million Passwords Stolen by 30+ Russian Cybercrime Groups Using Stealer Malware Read More »

infosec

73% of retail applications have security flaws, yet only a quarter of them have been fixed

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Almost three-quarters of apps in the retail and hospitality sectors have security problems, but only 25% of them have been patched, according to a top global provider of modern application security testing tools. Furthermore, 17% of these issues are classified as “high severity,” which means that, if exploited, they pose a significant risk to the …

73% of retail applications have security flaws, yet only a quarter of them have been fixed Read More »

Zero-day

New QBot Malware is dropped by attack that leverages Windows Zero-Day flaw as a cover.

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

The Qbot malware is dropped by new phishing assaults using a Windows zero-day vulnerability without the Mark of the Web security warnings being shown. The Mark of the Web is a unique property that Windows adds to files when they are downloaded from an untrusted remote location, such as the Internet or an email attachment. …

New QBot Malware is dropped by attack that leverages Windows Zero-Day flaw as a cover. Read More »

Apple pays out $100k bounty for Safari webcam hack that imperilled victims’ online accounts

A new gold standard to shield hackers acting in good faith

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

In order to help its clients show that they can and will shield ethical hackers from liability while hacking in good faith, bug bounty programme operator and ethical hacking platform HackerOne has released a Gold Standard Safe Harbour (GSSH) declaration. Any vulnerability disclosure policy or operational bug bounty programme should already include a safe harbour …

A new gold standard to shield hackers acting in good faith Read More »

cybersecurity news

WATCH: Top 5 CyberSecurity Trends To Expect In 2023

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Cybersecurity is a fast-evolving area. Here, we look at the most important trends to watch out for in 2023, including the increased threats from connected IoT devices, hybrid working and state-sponsored attacks. The top 2023 trends we cover are: * Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage …

WATCH: Top 5 CyberSecurity Trends To Expect In 2023 Read More »

Mitel 0-DAY used by hackers in a suspected ransomware attack

REPORT: Ukrainian Hacker Sought By US Arrested In Switzerland

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Ukrainian hacker who had been wanted by US authorities for ten years was detained in Switzerland last month, according to a report on Friday from the specialised website Krebs on Security. On October 23, Vyacheslav Igorevich Penchukov, 40, was detained while visiting his wife in the Swiss canton of Geneva, according to the website. …

REPORT: Ukrainian Hacker Sought By US Arrested In Switzerland Read More »

XSS Prevention Cheat Sheet

XSS in Chromium browsers can be triggered by a developer console trick

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

If malicious actors can fool Chromium browser users into submitting a straightforward JavaScript command in the developer console, they can launch cross-site scripting (XSS) assaults throughout the subdomains of a website. This is supported by security researcher Micha Bentkowski’s findings, which he reported in a blog post titled Google Roulette that was published yesterday (16 …

XSS in Chromium browsers can be triggered by a developer console trick Read More »