arstechnica.com Open in urlscan Pro
3.130.231.34  Public Scan

Form analysis
1 forms found in the DOM

GET /search/

<form action="/search/" method="GET" id="search_form">
  <input type="hidden" name="ie" value="UTF-8">
  <input type="text" name="q" id="hdr_search_input" value="" aria-label="Search..." placeholder="Search...">
</form>

Text Content

Skip to main content
 * Biz & IT
 * Tech
 * Science
 * Policy
 * Cars
 * Gaming & Culture
 * Store
 * Forums

Subscribe

Close


NAVIGATE

 * Store
 * Subscribe
 * Videos
 * Features
 * Reviews

 * RSS Feeds
 * Mobile Site

 * About Ars
 * Staff Directory
 * Contact Us

 * Advertise with Ars
 * Reprints


FILTER BY TOPIC

 * Biz & IT
 * Tech
 * Science
 * Policy
 * Cars
 * Gaming & Culture
 * Store
 * Forums


SETTINGS

Front page layout


Grid


List


Site theme

light

dark

Sign in


SECURITY


 1.  “THIS VULNERABILITY IS NOW UNDER MASS EXPLOITATION.” CITRIX BLEED BUG BITES
     HARD
     
     By some estimates, 20,000 devices have already been hacked.
     
     Dan Goodin – 10/30/2023, 10:39 PM
     
     22 comments with


 2.  MICROSOFT PROFILES NEW THREAT GROUP WITH UNUSUAL BUT EFFECTIVE PRACTICES
     
     Octo Tempest employs tactics that many of its targets aren't prepared for.
     
     Dan Goodin – 10/28/2023, 1:20 AM
     
     74 comments with


 3.  IPHONES HAVE BEEN EXPOSING YOUR UNIQUE MAC DESPITE APPLE’S PROMISES
     OTHERWISE
     
     “From the get-go, this feature was useless,” researcher says of feature put
     into iOS 14.
     
     Dan Goodin – 10/26/2023, 11:48 PM
     
     139 comments with


 4.  PRO-RUSSIA HACKERS TARGET INBOXES WITH 0-DAY IN WEBMAIL APP USED BY
     MILLIONS
     
     Previously unknown XSS in Roundcube let Winter Vivern steal government
     emails.
     
     Dan Goodin – 10/26/2023, 12:21 AM
     
     42 comments with


 5.  HACKERS CAN FORCE IOS AND MACOS BROWSERS TO DIVULGE PASSWORDS AND MUCH MORE
     
     iLeakage is practical and requires minimal resources. A patch isn't (yet)
     available.
     
     Dan Goodin – 10/25/2023, 7:00 PM
     
     71 comments with


 6.  1PASSWORD DETECTS “SUSPICIOUS ACTIVITY” IN ITS INTERNAL OKTA ACCOUNT
     
     1Password CTO says investigation found no compromise of user data or
     sensitive systems.
     
     Dan Goodin – 10/23/2023, 10:56 PM
     
     105 comments with


 7.  FEEL-GOOD STORY OF THE WEEK: TWO RANSOMWARE GANGS MEET THEIR DEMISE
     
     One is fatally hacked, the other shut down in international police dragnet.
     
     Dan Goodin – 10/21/2023, 1:09 AM
     
     48 comments with


 8.  OKTA SAYS HACKERS BREACHED ITS SUPPORT SYSTEM AND VIEWED CUSTOMER FILES
     
     Hackers obtained valid credentials, but Okta doesn't say how.
     
     Dan Goodin – 10/21/2023, 12:45 AM
     
     42 comments with


 9.  THE LATEST HIGH-SEVERITY CITRIX VULNERABILITY UNDER ATTACK ISN’T EASY TO
     FIX
     
     If you run a Netscaler ADC or Gateway, assume it's compromised and take
     action... fast.
     
     Dan Goodin – 10/19/2023, 11:56 PM
     
     37 comments with


 10. THERE’S A NEW WAY TO FLIP BITS IN DRAM, AND IT WORKS AGAINST THE LATEST
     DEFENSES
     
     New technique produces lots of bitflips and could one day help form an
     attack.
     
     Dan Goodin – 10/19/2023, 2:30 PM
     
     65 comments with


 11. GOOGLE-HOSTED MALVERTISING LEADS TO FAKE KEEPASS SITE THAT LOOKS GENUINE
     
     Google-verified advertiser + legit-looking URL + valid TLS cert =
     convincing lookalike.
     
     Dan Goodin – 10/19/2023, 6:50 AM
     
     174 comments with


 12. “CISCO BURIED THE LEDE.” >10,000 NETWORK DEVICES BACKDOORED THROUGH
     UNPATCHED 0-DAY
     
     An unknown threat actor is exploiting the vulnerability to create admin
     accounts.
     
     Dan Goodin – 10/17/2023, 8:40 PM
     
     108 comments with


FOLLOW US

 * Follow us on Facebook
 * Follow us on Twitter
 * Follow us on YouTube
 * Follow us on Instagram


LATEST ARS VIDEO >


PAUL SUTTER WALKS US THROUGH THE FUTURE OF CLIMATE CHANGE—AND THINGS AREN’T
GREAT


Paul Sutter walks us through the future of climate change—and things aren’t
great


PAUL SUTTER WALKS US THROUGH THE FUTURE OF CLIMATE CHANGE—AND THINGS AREN’T
GREAT

This episode of Edge of Knowledge focuses on our rapidly transforming world.

Read Full Article

Advertisement



 1. BIGGEST DDOSES OF ALL TIME GENERATED BY PROTOCOL 0-DAY IN HTTP/2
    
    More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset
    attack.
    
    Dan Goodin – 10/13/2023, 2:50 PM
    
    24 comments with


 2. THOUSANDS OF WORDPRESS SITES HAVE BEEN HACKED THROUGH TAGDIV PLUGIN
    VULNERABILITY
    
    If a site is redirecting visitors to scam sites, it was likely hacked by
    Balada.
    
    Dan Goodin – 10/9/2023, 10:48 PM
    
    29 comments with


 3. THOUSANDS OF ANDROID DEVICES COME WITH UNKILLABLE BACKDOOR PREINSTALLED
    
    Somehow, advanced Triada malware was added to devices before reaching
    resellers.
    
    Matt Burgess, wired.com – 10/7/2023, 12:32 PM
    
    190 comments with


 4. 23ANDME SAYS PRIVATE USER DATA IS UP FOR SALE AFTER BEING SCRAPED
    
    Records reportedly belong to millions of users who opted in to a
    relative-search feature.
    
    Dan Goodin – 10/7/2023, 1:58 AM
    
    172 comments with


 5. VULNERABILITIES IN SUPERMICRO BMCS COULD ALLOW FOR UNKILLABLE SERVER
    ROOTKITS
    
    With the ability to manage huge fleets of servers, BMCs are ideal places to
    stash malware.
    
    Dan Goodin – 10/5/2023, 12:21 AM
    
    66 comments with


 6. THEY’VE BEGUN: ATTACKS EXPLOITING VULNERABILITY WITH MAXIMUM 10 SEVERITY
    RATING
    
    Will attacks be as big as those targeting MOVEit? Maybe not, but they still
    can be plenty bad.
    
    Dan Goodin – 10/3/2023, 11:53 PM
    
    75 comments with


 7. VULNERABLE ARM GPU DRIVERS UNDER ACTIVE EXPLOITATION. PATCHES MAY NOT BE
    AVAILABLE
    
    Vulnerability allows attackers to tamper with data stored in device memory.
    
    Dan Goodin – 10/2/2023, 9:37 PM
    
    54 comments with



 * Store
 * Subscribe
 * About Us
 * RSS Feeds
 * View Mobile Site

 * Contact Us
 * Staff
 * Advertise with us
 * Reprints


NEWSLETTER SIGNUP

Join the Ars Orbital Transmission mailing list to get weekly updates delivered
to your inbox. Sign me up →



CNMN Collection
WIRED Media Group
© 2023 Condé Nast. All rights reserved. Use of and/or registration on any
portion of this site constitutes acceptance of our User Agreement (updated
1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars
Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from
links on this site. Read our affiliate link policy.
Your California Privacy Rights | Manage Preferences
The material on this site may not be reproduced, distributed, transmitted,
cached or otherwise used, except with the prior written permission of Condé
Nast.
Ad Choices






WE CARE ABOUT YOUR PRIVACY

We and our 140 partners store and/or access information on a device, such as
unique IDs in cookies to process personal data. You may accept or manage your
choices by clicking below or at any time in the privacy policy page. These
choices will be signaled to our partners and will not affect browsing data.More
information about your privacy


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Use precise geolocation data. Actively scan device characteristics for
identification. Store and/or access information on a device. Personalised
advertising and content, advertising and content measurement, audience research
and services development. List of Partners (vendors)

I Accept
Show Purposes