Showing only posts tagged exploits. Show all posts.

Actively exploited vulnerability threatens hundreds of solar power stations

Source

Enlarge (credit: Getty Images) Hundreds of Internet-exposed devices inside solar farms remain unpatched against a critical and actively exploited vulnerability that makes it easy for remote attackers to disrupt operations or gain a foothold inside the facilities. The devices, sold by Osaka, Japan-based Contec under the brand name SolarView …

Operation Triangulation: Zero-Click iPhone Malware

Source

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device …

Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls

Source

Enlarge (credit: Getty Images) Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity rating of 9.8 out of a possible 10. “At this stage if you have a vulnerable device exposed …

Attackers can force Amazon Echos to hack themselves with self-issued commands

Source

Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock …

Booby-trapped sites delivered potent new backdoor trojan to macOS users

Source

Enlarge (credit: Getty Images ) Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website. The malware was a full-featured backdoor that was written from scratch, an indication that …

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Source

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its …

MacOS Zero-Day Used against Hong Kong Activists

Source

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and …

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

Source

Enlarge The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful attacks …

4 vulnerabilities under attack give hackers full control of Android devices

Source

Enlarge (credit: Getty Images ) Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google …

Actively exploited Mac 0-day neutered core OS security defenses

Source

Enlarge (credit: Getty Images) When Apple released the latest version 11.3 for macOS on Monday, it didn't just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms, some …

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

Source

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former …

Windows and Linux devices are under attack by a new cryptomining worm

Source

Enlarge (credit: Getty Images) A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said. Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s …

Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack

Source

Enlarge (credit: Getty Images ) Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they …

Chinese Hackers Stole an NSA Windows Exploit in 2014

Source

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s …

Chrome users have faced 3 security concerns over the past 24 hours

Source

(credit: Chrome ) Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls. Let …

Sophisticated Watering Hole Attack

Source

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered …

« newer articles | page 2