Security
-
Message-scraping, user-tracking service Spy Pet shut down by Discord
Bot-driven service was also connected to targeted harassment site Kiwi Farms.
-
Millions of IPs remain infected by USB worm years after its creators left it for dead
Ability of PlugX worm to live on presents a vexing dilemma: Delete it or leave it be.
-
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks
Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks?
-
Hackers are using developing countries for ransomware practice
Businesses in Africa, Asia, and South America hit before moving on to Western targets.
-
Hackers infect users of antivirus service that delivered updates over HTTP
eScan AV updates were delivered over HTTP for five years.
-
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
-
Roku forcing 2-factor authentication after 2 breaches of 600K accounts
Accounts with stored payment information went for as little as $0.50 each.
-
LastPass users targeted in phishing attacks good enough to trick even the savvy
Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.
-
All the pieces are in place for the first crew flight of Boeing’s Starliner
“This is a test flight, and a complicated one at that."
-
Kremlin-backed actors spread disinformation ahead of US elections
To a lesser extent, China and Iran also peddle disinfo in hopes of influencing voters.
-
Billions of public Discord messages may be sold through a scraping service
Cross-server tracking suggests a new understanding of "public" chat servers.
-
Attackers are pummeling networks around the world with millions of login attempts
Attacks coming from nearly 4,000 IP addresses take aim at VPNs, SSH and web apps.
Paul Sutter walks us through the future of climate change—and things aren’t great
This episode of Edge of Knowledge focuses on our rapidly transforming world.
-
Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M
Indictment says man tricked cloud providers into giving him services he never paid for.
-
Change Healthcare faces another ransomware threat—and it looks credible
Hackers already received a $22 million payment. Now a second group demands money.
-
“Highly capable” hackers root corporate networks by exploiting firewall 0-day
No patch yet for unauthenticated code-execution bug in Palo Alto Networks firewall.
-
Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed
Multiple links in the supply chain failed for years to identify an unfixed vulnerability.
-
AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.
When the data was published in 2021, the company said it didn't belong to its customers.
-
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs.
-
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
-
Ivanti CEO pledges to “fundamentally transform” its hard-hit security model
Part of the reset involves AI-powered documentation search and call routing.
-
How will astronauts cruise around the Moon? NASA narrows choice to three options
"I know we’re asking a lot of these companies."
-
How to hack the Jacksonville Jaguars’ jumbotron (and end up in jail for 220 years)
The story that just keeps getting worse.
-
Microsoft blamed for “a cascade of security failures” in Exchange breach report
Summer 2023 intrusion pinned to corporate culture, "avoidable errors."
-
Missouri county declares state of emergency amid suspected ransomware attack
Outage occurs on same day as special election, but election offices remain open.
-
AT&T acknowledges data leak that hit 73 million current and former users
Data leak hit 7.6 million current AT&T users, 65.4 million former subscribers.
-
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
-
Backdoor found in widely used Linux utility targets encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month.
-
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
-
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Researchers say it's the first known in-the-wild attack targeting AI workloads.
-
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Rapid-fire prompts sometimes followed with spoofed calls from "Apple support."
-
Thousands of phones and routers swept into proxy service, unbeknownst to users
Two new reports show criminals may be using your device to cover their online tracks.
-
Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov
Hacks allegedly targeted US officials and politicians, their spouses and dozens of companies.
-
Hackers can unlock over 3 million hotel doors in seconds
Saflok has a fix for the vulnerability, but patching may take a long time.
-
Never-before-seen data wiper may have been used by Russia against Ukraine
AcidRain, discovered in 2022, is tied to AcidPour. Both are attributed to Russia.
-
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
-
“Disabling cyberattacks” are hitting critical US water systems, White House warns
Biden administration rallies nation's governors to secure their facilities.