The State of Maine is informing the public of the impact to the State’s computer systems due to a security vulnerability found in the MOVEit file transfer tool, a software suite developed by Progress Software. This incident took place between May 28, 2023 and May 29, 2023. During this time, cybercriminals were able to...
Read more...
Phishing emails traditionally come from threat actors looking to make a quick buck or steal some data for nefarious purposes. Things get confusing, however, when phishing-style emails come directly from an organization like Amazon. That is exactly what happened over the weekend, leaving many customers baffled...
Read more...
Side channel attacks are always fascinating to see how they are executed, such as the recent discovery that encryption keys could be stolen by recording power LEDs on various devices. Researchers have found that malicious websites might be able to see usernames and other sensitive information by leaking it from...
Read more...
As it turns out, hotels, and by extension, the hospitality industry, are not the most secure organizations around despite handling personal information and credit card details. This is evident in the recent MGM Hotel breach or even further back with the 2022 social engineering of Marriott. Now, an infostealer campaign...
Read more...
Over the past year, as tensions have intensified with China over the South China Sea and Taiwan, the United States has begun to focus on Chinese Communist Party (CCP) influenced businesses and organizations operating or providing services in the US. Perhaps the most prevalent example of this is TikTok, and the concern...
Read more...
Several energy providers are now asking New England customers to monitor their accounts for unusual activity or beware of potential scams following a third-party data breach earlier this month.
Earlier this morning, HotHardware was made aware that an email had gone out from Eversource, a residential energy provider...
Read more...
Drop everything—there's a new hardware security vulnerability in Intel's processors! Or don't, really, because this vulnerability is only rated at a "medium" severity by Intel itself, and it's even arguably a good thing for the company. That's because it only affects older processors based on the "Skylake"...
Read more...
Canon has issued a security bulletin warning that hundreds of its inkjet printer models have a flaw that could potentially expose your Wi-Fi network details after you've disposed it or sent it to a third-party entity to be serviced. The issue at hand is that affected models, including both consumer and professional...
Read more...
In recent days and weeks, Call of Duty has seen an uptick in population since the online servers were fixed up, allowing players to return to their old haunts and have some fun. However, with this uptick in activity, cheaters and hackers are looking to ruin the fun and nostalgia for CoD players. As it turns out, they...
Read more...
A wide range of processors based on AMD's Zen 2 architecture, including consumer Ryzen chips (desktop and mobile) and EPYC server silicon, are vulnerable to a newly discovered exploit that could allow an attacker to steal sensitive data. That includes user passwords, encryption keys, and other information that you...
Read more...
Earlier this month, researchers from Palo Alto’s Unit 42 discovered a peer-to-peer worm dubbed P2PInfect targeting Redis installations, an open-source database application used in cloud environments. While only 934 of the publicly communicating 307,000 unique Redis systems may be vulnerable, the worm may knock on the...
Read more...
Apple is threatening to pull the ability to use iMessage and FaceTime from users in the UK over proposed new requirements on telecommunications operators. The new proposal is not a new law, but rather an update to the existing Investigatory Powers Act (IPA) 2016.
When it comes to allowing law enforcement and...
Read more...
Tech support scammers have been around for quite some time, continually innovating and perfecting their game to rake in more money. The problem has become so big that even YouTubers like Kitboga are making a living trolling these people. However, that has not been enough to stop these problematic people, as the FBI...
Read more...
Microsoft’s traditional Patch Tuesday has arrived, bringing with it a slew of security fixes for 130 vulnerabilities and two published advisories. This update comes at the perfect time, as threat actors have been exploiting some of these vulnerabilities for espionage against defense and government organizations in...
Read more...
You can call a kitty with a “pspspsps,” but you might be able to call Advanced Persistent Threat (APT) group 42, otherwise known as “Charming Kitten,” with a “pspspsps aux.” All jokes aside, this group, also known as TA453, now targets nuclear security and foreign policy experts to gather intelligence.
Earlier this...
Read more...
Attempts at or unintended incidents of tracking military members have been happening for years, such as when the Strava running app leaked the location of military bases thanks to a published heat map of running locations. Now, however, a threat actor is either being incredibly precise, or companies are just trying to...
Read more...
Earlier this week, ASUS pushed a firmware update for 19 of the company’s routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port...
Read more...
With all the excitement around ChatGPT, it is no wonder that threat actors are taking advantage of the situation. Besides having those with malicious intentions steal your Facebook account, they might also be stealing your ChatGPT account credentials as well, following the discovery of over 100,000 compromised ChatGPT...
Read more...
We like to joke about percussive maintenance when we talk about tools and technology. A good swift hit with a hammer can fix a lot of issues, right? Well, one researcher out of New Zealand found it was possible to use a screwdriver to reset the BIOS password for a Lenovo laptop.
If you’ve ever run into an issue...
Read more...
Conventional wisdom holds that adding two-factor authentication (2FA) is the best way to secure your online accounts. With this feature enabled, a threat actor would need your login credentials, as well as a one-time code to access your data. Google Authenticator is a popular way to store two-factor codes, and a...
Read more...
A new piece of Windows malware is making the rounds, but what else is new? You never want to fall victim to a malware campaign, but this one is particularly troublesome. EvilExtractor is billed as an "all-in-one" solution for your online criminal needs. With this one tool, a threat actor can monitor keystrokes, steal...
Read more...
The FBI just issued a warning to the public against using free public USB charging ports, such as those found at airports or malls, because they've been found to be ports of entry for malware.
A recent tweet by the FBI Denver field office advised that bad actors (i.e. people with nefarious intentions, not Steven...
Read more...
