Security
-
Roku forcing 2-factor authentication after 2 breaches of 600K accounts
Accounts with stored payment information went for as little as $0.50 each.
-
LastPass users targeted in phishing attacks good enough to trick even the savvy
Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.
-
All the pieces are in place for the first crew flight of Boeing’s Starliner
“This is a test flight, and a complicated one at that."
-
Kremlin-backed actors spread disinformation ahead of US elections
To a lesser extent, China and Iran also peddle disinfo in hopes of influencing voters.
-
Billions of public Discord messages may be sold through a scraping service
Cross-server tracking suggests a new understanding of "public" chat servers.
-
Attackers are pummeling networks around the world with millions of login attempts
Attacks coming from nearly 4,000 IP addresses take aim at VPNs, SSH and web apps.
-
Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M
Indictment says man tricked cloud providers into giving him services he never paid for.
-
Change Healthcare faces another ransomware threat—and it looks credible
Hackers already received a $22 million payment. Now a second group demands money.
-
“Highly capable” hackers root corporate networks by exploiting firewall 0-day
No patch yet for unauthenticated code-execution bug in Palo Alto Networks firewall.
-
Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed
Multiple links in the supply chain failed for years to identify an unfixed vulnerability.
-
AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.
When the data was published in 2021, the company said it didn't belong to its customers.
-
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs.
Paul Sutter walks us through the future of climate change—and things aren’t great
This episode of Edge of Knowledge focuses on our rapidly transforming world.
-
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
-
Ivanti CEO pledges to “fundamentally transform” its hard-hit security model
Part of the reset involves AI-powered documentation search and call routing.
-
How will astronauts cruise around the Moon? NASA narrows choice to three options
"I know we’re asking a lot of these companies."
-
How to hack the Jacksonville Jaguars’ jumbotron (and end up in jail for 220 years)
The story that just keeps getting worse.
-
Microsoft blamed for “a cascade of security failures” in Exchange breach report
Summer 2023 intrusion pinned to corporate culture, "avoidable errors."
-
Missouri county declares state of emergency amid suspected ransomware attack
Outage occurs on same day as special election, but election offices remain open.
-
AT&T acknowledges data leak that hit 73 million current and former users
Data leak hit 7.6 million current AT&T users, 65.4 million former subscribers.
-
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
-
Backdoor found in widely used Linux utility targets encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month.
-
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
-
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Researchers say it's the first known in-the-wild attack targeting AI workloads.
-
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Rapid-fire prompts sometimes followed with spoofed calls from "Apple support."
-
Thousands of phones and routers swept into proxy service, unbeknownst to users
Two new reports show criminals may be using your device to cover their online tracks.
-
Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov
Hacks allegedly targeted US officials and politicians, their spouses and dozens of companies.
-
Hackers can unlock over 3 million hotel doors in seconds
Saflok has a fix for the vulnerability, but patching may take a long time.
-
Never-before-seen data wiper may have been used by Russia against Ukraine
AcidRain, discovered in 2022, is tied to AcidPour. Both are attributed to Russia.
-
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
-
“Disabling cyberattacks” are hitting critical US water systems, White House warns
Biden administration rallies nation's governors to secure their facilities.
-
Fujitsu says it found malware on its corporate network, warns of possible data breach
Company apologizes for the presence of malware on company computers.
-
ASCII art elicits harmful responses from 5 major AI chatbots
LLMs are trained to block harmful responses. Old-school images can override those rules.
-
Member of LockBit ransomware group sentenced to 4 years in prison
33-year-old Canadian-Russian national pleaded guilty last month.
-
Hackers can read private AI-assistant chats even though they’re encrypted
All non-Google chat GPTs affected by side channel that leaks responses sent to users.
-
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
-
Microsoft says Kremlin-backed hackers accessed its source and internal systems
Midnight Blizzard is now using stolen secrets in follow-on attacks against customers.