Items tagged with cybersecurity
The crazy train that is WhatsApp right now does not look like it will be stopping any time soon. After the privacy policy fiasco, which is still developing, other issues have popped up simultaneously. It appears that Google is indexing a WhatsApp subdomain that can share users’ phone numbers. Furthermore, there are...
Read more...
The SolarWinds breach has been pervasive, and the world is still reeling from the effects. We have heard that hackers accessed data from Microsoft, U.S Government agencies, and other high-profile companies. Now we're learning about the full scope of the data that was allegedly obtained. A website recently appeared...
Read more...
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud...
Read more...
The massive SolarWinds breach that has even ensnared Microsoft still has rippling effects. According to reports, it seems that hackers may have exposed sealed U.S. court documents. Simultaneously, SolarWinds is trying to clean up and close security holes following the attacks that used its software. The company has...
Read more...
Earlier in December, we reported that hackers had breached the SolarWinds Orion platform, a software package dedicated to IT resource management. Ever since it was reported that the breach stretched back to Spring of 2020, numerous government agencies and private companies have indicated that they too were breached...
Read more...
As cybersecurity attacks continue to rise, companies are stepping in to provide digital weapons to anyone with ill-will and deep enough pockets. One of these companies, NSO Group, is trying to hide behind legal immunity granted by government clients. If this immunity were granted, it would set a dangerous precedent...
Read more...
Over the weekend, it was announced that a nation-state actor had breached SolarWinds’ Orion service as early as Spring of this year. The Orion platform is an all-in-one solution for IT administration and monitoring, among other utilities. It is used by companies and governments worldwide, and it appears that the U.S...
Read more...
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices...
Read more...
In the early days of the COVID-19 pandemic, IBM created a global security task force, called X-Force, dedicated to threat intelligence and analysis for organizations that are part of the vaccine supply chain. The work the task force has put forth has apparently yielded success as the group just announced that it...
Read more...
In May of this year, Apple patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone: be it collecting data such as images and messages, or shutting down...
Read more...
As the cybersecurity landscape evolves, so do the skilled attackers at every turn. Protecting devices from threats becomes a cat and mouse game, and there is always a new attack on the horizon. Security chips built into computers have tried to slow the attacks, such as Apple’s T2 chip, but even it has its flaws. Now...
Read more...
TCL Android TVs have been crowding retail stores since their initial launch earlier this year. The Chinese-manufactured TVs have been a “budget-option” that works well enough for most and is a steal compared to the competition. When you get a TCL 65” TV for $229, though, is cybersecurity at the top of your mind? If...
Read more...
Watch Dogs: Legion is a recently released Ubisoft game set in London that is all about hacking. In an ironic turn of events, it appears that the source code for Watch Dogs: Legion was unfortunately leaked to the internet. Originally, only snippets of the hacked data were released, but it appears that the whole Watch...
Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being...
Read more...
Microsoft’s Azure Active Directory has some neat features built-in, and it is always expanding. Yesterday, the Azure team implemented a way to detect “one of the most popular attacks, accounting for more than a third of account compromise in organizations.” This attack is called password spray, and by now using...
Read more...
Google’s recently released versions of Chrome and Chrome OS had a bit of an Achilles heel: a rather pesky zero-day vulnerability that could corrupt the system’s memory from the browser or OS. The bug has been given CVE-2020-15999, but has not even been given an official score yet. Google gives the exploit a "high"...
Read more...
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical...
Read more...
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19...
Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has...
Read more...
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks.
German authorities are currently...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute...
Read more...
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a growing threat from criminals seeking to take advantage of people working from home and using a VPN or virtual private network. Apparently there's a growing threat from voice call phishing or "vishing" attacks...
Read more...
