Backdoored developer tool that stole credentials escaped notice for 3 months

AWS credentials and private repository tokens could allow self-perpetuating attacks.

Ars Technica

US government strikes back at Kremlin for SolarWinds hack campaign

Treasury Department says it's sanctioning 6 Russian firms for supporting the hacks.

Ars Technica

Microsoft acquires Nuance—makers of Dragon speech rec—for $16 billion

Nuance's deep-learning-based speech recognition serves 77% of US hospitals.

Ars Technica

No password required: Mobile carrier exposes data for millions of accounts

Q Link Wireless made data available to anyone who knows a customer's phone number.

Ars Technica

Windows and Linux devices are under attack by a new cryptomining worm

With new exploits and capabilities, the Sysrv botnet poses a growing threat.

Ars Technica

Comcast nightmare: Six months without Internet despite $5,000 payment

Comcast falsely said service was available, still hasn't delivered six months later.

Ars Technica

US adds Chinese supercomputing companies to export blacklist

Biden administration tightens controls on tech that aids China’s military.

Ars Technica

T-Mobile 5G home Internet: $60 a month, 100Mbps speeds, and no data cap

30 million households are eligible; signups available "until capacity runs out."

Ars Technica

SpaceX to keep Starlink pricing simple, exit beta when network is “reliable”

"We're going to try to keep [pricing] as simple and transparent as possible."

Ars Technica

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

Patching in industrial settings is hard. Ransomware shutting down production is harder.

Ars Technica

Yahoo Answers to end as Trump fans see plot to “silence conservatives”

"Should Trump buy Yahoo to prevent Answers from being shut down?" user asks.

Ars Technica

Russia’s Twitter throttling may give censors never-before-seen capabilities

Censorship based on deep packet inspection may work against Tor and VPNs.

Ars Technica

Malicious cheats for Call of Duty: Warzone are circulating online

The cheat is fake, but the malware it installs is the real thing.

Ars Technica

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities

Exploits allow hackers to log into VPNs and then access other network resources.

Ars Technica

Feds say man broke into public water system and shut down safety processes

Indictment underscores the potential for remote intrusions to have fatal consequences.

Ars Technica

North Korean hackers return, target infosec researchers in new operation

Google outs the new op two months after shutting down a previous campaign.

Ars Technica

Ubiquiti breach puts countless cloud-based devices at risk of takeover

Report: Theft of crypto secrets could allow hackers to remotely log in to devices.

Ars Technica

How to achieve smart home nirvana (or, home automation without subscription)

With some work and planning, Home Assistant sets your smart home.

Ars Technica

Nike sues over “Satan Shoe,” disavowing all connection to soul soles

Nike <em>really</em> doesn't like anyone thinking it made or endorses the Satan Shoe.

Ars Technica

Android sends 20x more data to Google than iOS sends to Apple, study says

Google contests the estimate, saying it's based on flawed methodology.

Ars Technica

The massive cargo ship that blocked the Suez Canal is now moving again

After impeding traffic for days, high tide and plenty of tugs got it unstuck.

Ars Technica

Hackers backdoor PHP source code after breaching internal git server

Code gave code-execution powers to anyone who knew the secret password: "zerodium."

Ars Technica

New Android malware with full range of spying capabilities has been found

Despite its sophistication, the app can be easy for more experienced users to spot.

Ars Technica

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

40,000 lines of flawed code almost made it into FreeBSD's kernel—we examine how.

Ars Technica

OpenSSL fixes high-severity flaw that allows hackers to crash servers

The widely used code library is also purged of a certificate verification bypass.

Ars Technica

Musk: Tesla accepts bitcoin as payment, won’t convert it “to fiat currency”

Bitcoin option live on Tesla's site in US now, coming to other countries later.

Ars Technica