Infosec.Pub

The alleged targeting of prominent Italian businessman Francesco Gaetano Caltagirone now widens the Paragon spyware scandal in Italy to victims beyond journalists and activists.

The cryptocurrency sector faces an existential threat on two fronts: none of the 2,138 web applications and 146 mobile apps tested by ImmuniWeb support post-quantum encryption, and more than 7.8 million user records are already circulating on the dark web. As adversaries hoard encrypted data for future “Harvest Now, Decrypt Later” exploits, the industry’s failure to adopt NIST’s Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) standard signals a looming crisis. Without action, encrypted transactions could be laid bare … More → The post Outdated encryption leaves crypto wide open appeared first on Help Net Security.

SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. [...]

A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. [...]

On a multi-tenant GNU Guix system like the Dam, unprivileged users can trigger the download and installation of software in the store, the read-only part of the filesystem where all the software is.

China has added prominent research firm TechInsights to its Unreliable Entity list, shutting out the Canadian teardown specialist that helped expose the inner workings of Huawei Technologies Co.’s AI chips.

Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be “taboo in a constitutional state.” The post German government says it will oppose EU mass-scanning proposal appeared first on CyberScoop.

One click, total mess. A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked.

The company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July. No, there’s no warrant out for Schmidt’s arrest, nor is there a warrant for Schmidt’s co-plaintiff, Crystal Arrington, whom the system tagged 849 times in roughly the same period. You might think this sounds like it violates the Fourth Amendment, which protects American citizens from unreasonable searches and seizures without probable cause. Well, so does the American Civil Liberties Union. Norfolk, Virginia Judge Jamilah LeCruise also agrees, and in 2024 she ruled that plate-reader data obtained without a search warrant couldn’t be used against a defendant in a robbery case...

Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent sites once they are found, but identifying new ones remains difficult. To close that gap, researchers from Boston University created LOKI, a system that ranks search queries by how likely they are to reveal scams. Using a small seed set of 1,663 confirmed scam domains, LOKI discovered 52,493 previously … More → The post Researchers develop AI system to detect scam websites in search results appeared first on Help Net Security.

In a remarkable leap for quantum physics, researchers in Japan have uncovered how weak magnetic fields can reverse tiny electrical currents in kagome metals—quantum materials with a woven atomic structure that frustrates electrons into forming complex patterns. These reversals amplify the metal’s electrical asymmetry, creating a diode-like effect up to 100 times stronger than expected. The team’s theoretical explanation finally clarifies a mysterious phenomenon first observed in 2020, revealing that quantum geometry and spontaneous symmetry breaking are key to this strange behavior.

Catching and Explaining Novel Malware in Seconds with the DSX Brain and DIANNA

How organisations can improve their ability to both detect and discover cyber threats.

Researchers have found a way to extract almost every photon from diamond color centers, a key obstacle in quantum technology. Using hybrid nanoantennas, they precisely guided light from nanodiamonds into a single direction, achieving 80% efficiency at room temperature. The innovation could make practical quantum sensors and secure communication devices much closer to reality.

The California Privacy Protection Agency (CPPA) issued a record fine earlier this month to Tractor Supply, the country’s self-proclaimed largest “rural lifestyle” retailer, for apparently ducking its responsibilities under the California Consumer Privacy Act. Under that law, companies are required to respect California customers’ and job applicants’ rights to know, delete, and correct information that businesses collect about them, and to opt-out of some types of sharing and use. The law also requires companies to give notice of these rights, along with other information, to customers, job applicants, and others. The CPPA said that Tractor Supply failed several of these requirements. This is the first time the agency has enforced this data privacy law to protect job applicants. Perhaps best of all, the company's practices came to light all thanks to a consumer complaint filed with the agency. Your complaints matter—so keep speaking up.  Tractor Supply, which has 2,500 stores in 49 states, will pay for their actions to the tune of $1,350,000—the largest fine the agency has issued to date. Specifically, the agency said, Tractor Supply violated the law by:

Failing to maintain a privacy policy that notified consumers of their rights; Failing to notify California job applicants of their privacy rights and how to exercise them; Failing to provide consumers with an effective mechanism to opt-out of the selling and sharing of their personal information,[...]