Enlarge In January, Google and Microsoft outed what they said was North Korean government-sponsored hackers targeting security researchers. The hackers spent weeks using fake Twitter profiles—purportedly belonging to vulnerability researchers—before unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, both of which installed custom malware …
Enlarge (credit: BeeBright / Getty Images / iStockphoto ) A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said. Two updates pushed to the PHP Git server …
Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This …
A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank …
Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and …
Enlarge (credit: Getty Images) Hackers say they broke into the network of Silicon Valley startup Verkada and gained access to live video feeds from more than 150,000 surveillance cameras the company manages for Cloudflare, Tesla, and a host of other organizations. The group published videos and images they …
Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov …
Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s …
Enlarge (credit: Gab.com ) The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was among the data stolen and publicly released by hackers who recently breached the site. In a statement on Sunday, founder Andrew Torba used a transphobic …
Enlarge (credit: Gab.com ) The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was among the data stolen and publicly released by hackers who recently breached the site. In a statement on Sunday, founder Andrew Torba used a transphobic …
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such …
Enlarge (credit: Yuri Smityuk | Getty Images) For all the nation-state hacker groups that have targeted the United States power grid —and even successfully breached American electric utilities —only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in …
Enlarge / The logo of the French national cybersecurity agency Agence Nationale de la securite des systemes d'information(ANSSI) taken at ANSSI headquarters in Paris. (credit: Eric Piermont | AFP | Getty Images ) The Russian military hackers known as Sandworm, responsible for everything from blackouts in Ukraine to NotPetya, the most destructive …
Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon …
Enlarge (credit: Drew Angerer | Getty Images ) Just because a vulnerability is old doesn't mean it's not useful. Whether it's Adobe Flash hacking or the EternalBlue exploit for Windows, some methods are just too good for attackers to abandon, even if they're years past their prime. But a critical 12-year-old …
Enlarge (credit: Getty Images) Security personnel at Microsoft are seeing a big increase in the use of Web shells, the light-weight programs that hackers install so they can burrow further into compromised websites. The average number of Web shells installed from August, 2020 to January of this year was …
Genetic testing company with 10 million customers’ data has ‘huge cybersecurity implications’ The genetic testing company 23andMe will go public through a partnership with a firm backed by the billionaire Richard Branson, in a deal that has raised fresh privacy questions about the information of millions of customers. Launched …
Hackers are exploiting zero-day in SonicWall: In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.” In Monday’s update …
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the …
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop …
This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames …
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits …
No one who reads this blog regularly will be surprised : A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they …
FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the Active Directory …
Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered …