LockBit Gang to Publish 103GB of Bangkok Air Customer Data
The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. [...]
Showing only posts by Lisa Vaas. Show all posts.
T-Mobile’s Security Is ‘Awful,’ Says Purported Thief
John Binns, claiming to be behind the massive T-Mobile theft of >50m customer records, dissed the security measures of the US's No. 2 wireless biggest carrier. T-Mobile is "humbled," it said, announcing new partnerships with security heavyweights on Friday. [...]
FIN8 Targets US Bank With New ‘Sardonic’ Backdoor
The latest refinement of the APT's BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble. [...]
‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. [...]
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. [...]
Win10 Admin Rights Tossed Off by Yet Another Plug-In
Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights. [...]
Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day
Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. [...]
Windows 10 Admin Rights Gobbled by Razer Devices
So much for Windows 10's security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating. [...]
What’s Next for T-Mobile and Its Customers? – Podcast
Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite. [...]
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention. [...]
T-Mobile: >40 Million Customers’ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. [...]
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. [...]
Phishing Costs Nearly Quadrupled Over 6 Years
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks. [...]
100m T-Mobile Customer Records Purportedly Up for Sale
The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately. [...]
SolarWinds 2.0 Could Ignite Financial Crisis – Podcast
That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it? [...]
Exchange Servers Under Active Attack via ProxyShell Bugs
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs. [...]
Ransomware Payments Explode Amid ‘Quadruple Extortion’
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks. [...]
Accenture Confirms LockBit Ransomware Attack
LockBit offered Accenture's purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups. [...]
SAP Patches Nine Critical & High-Severity Bugs
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours. [...]
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. [...]
Fuzz Off: How to Shake Up Code to Get It Right – Podcast
Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails. [...]
Android Malware ‘FlyTrap’ Hijacks Facebook Accounts
Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan. [...]
Black Hat: Charming Kitten Leaves More Paw Prints
IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof. [...]
We COVID-Clicked on Garbage, Report Finds: Podcast
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020. [...]
‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics
Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. [...]
« newer articles | page 9 | older articles »