Showing only posts tagged Biz & IT. Show all posts.

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Source

Enlarge Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti …

A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier

Source

Enlarge (credit: Getty Images) Orange España, Spain’s second-biggest mobile operator, suffered a major outage on Wednesday after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers …

Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked

Source

Enlarge Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Twitter) on Wednesday after an unknown scammer hijacked it and used it to spread a link that attempted to steal cryptocurrency from people who clicked on it. “We are …

Millions still haven’t patched Terrapin SSH protocol vulnerability

Source

Enlarge (credit: Getty Images) Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud …

4-year campaign backdoored iPhones using possibly the most advanced exploit ever

Source

Enlarge (credit: Tero Vesalainen ) Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented …

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

Source

Enlarge / Shortly after the FBI posted a notice saying it had seized the dark-web site of AlphV, the ransomware group posted this notice claiming otherwise. The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control …

Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

Source

Enlarge / A Comcast Xfinity service van in San Ramon, California on February 25, 2020. (credit: Getty Images | Smith Collection/Gado ) Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to …

Xfinity waited to patch critical Citrix Bleed 0-day. Now it’s paying the price

Source

Enlarge (credit: Getty Images | Smith Collection/Gado ) Comcast waited as many as nine days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers. The breach, which was carried out …

SSH protects the world’s most sensitive networks. It just got a lot weaker

Source

Enlarge / Terrapin is coming for your data. (credit: Aurich Lawson | Getty Images) Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware …

How Microsoft’s cybercrime unit has evolved to combat increased threats

Source

Microsoft's Cybercrime Center. (credit: Microsoft) Governments and the tech industry around the world have been scrambling in recent years to curb the rise of online scamming and cybercrime. Yet even with progress on digital defenses, enforcement, and deterrence, the ransomware attacks, business email compromises, and malware infections keep on …

UniFi devices broadcasted private video to other users’ accounts

Source

Enlarge / An assortment of Ubiquiti cameras. (credit: Ubiquiti ) Users of UniFi, the popular line of wireless devices from manufacturer Ubiquiti, are reporting receiving private camera feeds from, and control over, devices belonging to other users, posts published to social media site Reddit over the past 24 hours show. “Recently …

Ukrainian cellular and Internet still out, 1 day after suspected Russian cyberattack

Source

Enlarge / A service center for "Kyivstar", a Ukrainian telecommunications company, that provides communication services and data transmission based on a broad range of fixed and mobile technologies. (credit: Getty Images) Ukrainian civilians on Wednesday grappled for a second day of widespread cellular phone and Internet outages after a cyberattack …

Dropbox spooks users with new AI features that send data to OpenAI when used

Source

Enlarge (credit: Getty Images ) On Wednesday, news quickly spread on social media about a new enabled-by-default Dropbox setting that shares Dropbox data with OpenAI for an experimental AI-powered search feature, but Dropbox says data is only shared if the feature is actively being used. Dropbox says that user data …

How worried should we be about the “AutoSpill” credential leak in Android password managers?

Source

Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Images) By now, you’ve probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it …

The growing abuse of QR codes in malware and payment scams prompts FTC warning

Source

Enlarge / A woman scans a QR code in a café to see the menu online. The US Federal Trade Commission has become the latest organization to warn against the growing use of QR codes in scams that attempt to take control of smartphones, make fraudulent charges, or obtain personal …

Stealthy Linux rootkit found in the wild after going undetected for 2 years

Source

Enlarge Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday. Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian …

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Source

Enlarge (credit: Getty Images) Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The …

Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier

Source

Enlarge (credit: Getty Images | Benj Edwards ) In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering …

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation

Source

Enlarge (credit: Getty Images) Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open source file-sharing server app. The vulnerability, which carries the maximum severity rating of 10 …

Hackers spent 2+ years looting secrets of chipmaker NXP before being detected

Source

Enlarge (credit: Getty Images ) A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked …

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Source

Enlarge (credit: Aurich Lawson / Ars Technica ) Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday. Both of the vulnerabilities, which were previously unknown to their manufacturers and to …

USB worm unleashed by Russian state hackers spreads worldwide

Source

Enlarge (credit: Getty Images) A group of Russian-state hackers known for almost exclusively targeting Ukrainian entities has branched out in recent months, either accidentally or purposely, by allowing USB-based espionage malware to infect a variety of organizations in other countries. The group—known by many names, including Gamaredon, Primitive …

The FCC says new rules will curb SIM swapping. I’m pessimistic

Source

Enlarge (credit: Getty Images | Panuwat Sikham ) After years of inaction, the FCC this week said that it's finally going to protect consumers against a scam that takes control of their cell phone numbers by deceiving employees who work for mobile carriers. While commissioners congratulated themselves for the move, there …

Ransomware group reports victim it breached to SEC regulators

Source

Enlarge (credit: Getty Images) One of the world’s most active ransomware groups has taken an unusual—if not unprecedented—tactic to pressure one of its victims to pay up: reporting the victim to the US Securities and Exchange Commission. The pressure tactic came to light in a post …

« newer articles | page 9 | older articles »