Items tagged with security

Intel has been going through a bit of rough patch over the past few weeks, following the disclosure that its 7nm products have been delayed, which led to an internal reorganization that resulted in the company's chief engineering officer departing the company. Now we're learning that Intel was also the victim of a massive security leak. More specifically, someone improperly gained access to login credentials to the Intel Resource And Design Center and its repository of intellectual property. Twitter user @deletescape claims to have obtained a whopping 20GB of data files that were provided to him by an anonymous source; that same source reportedly breached Intel earlier this year. Unfortunately... Read more...
About two months ago, a high-severity security flaw was disclosed that impacted 79 different Netgear router models. The security flaw's disclosure came seven months after it was first reported to Netgear, giving it a total of nine months to patch the security issues. Despite having plenty of time to address the high-severity security flaw, it has yet to issue fixes for 45 of its popular router models, leaving those owners unprotected. Netgear confirmed last week that it would leave 45 router models unpatched with no further support; you can view the full list here. The exploit in question is a remote code execution vulnerability initially disclosed on June 15. If attackers could leverage the... Read more...
If Garmin did not already have a giant target on its back, it sure does now, if a report that it paid a multi-million dollar ransom to hackers is true. Speaking on the condition of anonymity, sources cited as being familiar with the matter told Sky News that Garmin hired a company that specializes in ransomware negotiations to resolve a recent cyber intrusion. While nothing has been official confirmed, it was reported last week that a major outage affecting nearly every facet of Garmin's operations was the result of a ransomware strain called WastedLocker. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are... Read more...
The culprits of the high-profile Twitter hack that occurred just over two weeks ago have been apprehended, and the ringleader is actually 17-year-old Graham Clark from Tampa, Florida. The teenager also had two accomplices: 22-year-old Nima Fazeli from Orlando, Florida and 19-year-old Mason Sheppard from the United Kingdom.   On July 15th, the Twitter accounts of some big-name celebrities and companies were hacked including Elon Musk, Kanye West, Joe Biden, Bill Gates and Apple. It was later reported by Twitter that 130 total accounts were targeted, and tweets were sent out from 45 of those accounts in connection with a Bitcoin scam that garnered the culprits around $120,000.... Read more...
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all... Read more...
App makers are going to have to rethink things when iOS 14 arrives, because the next version of Apple's mobile operating system has a privacy feature that likes to tattle on certain behaviors. We have seen this a few times already, with the iOS 14 beta—notably, the beta revealed TikTok and a few other apps were sneakily accessing clipboard data on iPhone devices. Now Instagram is finding itself under the spotlight for a supposed bug that is causing the camera to stay on even when users are simply scrolling through their feeds. Instagram (owned by Facebook) obviously needs to access to the camera at certain times, because it's a photo and video sharing service. But some users of the iOS... Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We... Read more...
Security researchers from China have outlined a new attack dubbed BadPower that can alter the firmware of fast chargers to cause damage to power systems of connected devices. Using the technique, the researchers say they can melt components or potentially set devices on fire. BadPower was detailed last week in a report published by Xuanwu Lab, which is a research unit of Chinese tech giant Tencent. BadPower works by corrupting the firmware of fast chargers, which are a newer type charger developed in the last few years that enables battery of smartphones and laptops to be topped off in rapid fashion. One key difference between regular chargers and a fast charger is the firmware inside the... Read more...
The internet is a place where it's difficult to trust anything that anyone says. A recent case of more than a handful of VPN providers who claim to keep no logs of their user's activity, yet leaked activity logs, highlights that you can't trust anyone online. As it turns out, the seven VPN providers were logging user activity, and those logs have now leaked onto the internet. The first logs discovered were from a company called UFO VPN. UFO VPN had an unsecured Elasticsearch cluster that left the log files facing the public internet for anyone to discover. The logs were found by Bob Diachenko from a company called Comparitech. The records contained copious amounts of data on UFO VPN users, including... Read more...
Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to the vest. The incident took place last Wednesday, when several hacked, high profile accounts perpetuated a Bitcoin scam—tweets from accounts belonging to Elon Musk, Joe Biden, Barack Obama, Kanye West, Bill Gates, and other notable figures solicited Bitcoin with the promising of sending back double whatever amount they received. It was a nonsense promise, of course, but reports... Read more...
A major Twitter hack was perpetrated yesterday that resulted in multiple high-profile Twitter accounts being compromised. Among the hacked accounts were those of Apple, Elon Musk, and U.S. presidential candidate Joe Biden. All of the compromised accounts displayed similar messages that promised to double the amount of Bitcoin sent to a specific wallet address. The Bitcoin scam is a common one, but the fact that it was being broadcast from major verified Twitter accounts made it more likely that users would click on it. Also among the compromised accounts were those belonging to Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, and Michael Bloomberg. Multiple... Read more...
Virtual Private Networks (VPNs) have become increasingly popular over the last year, especially as more and more people find themselves working from home. The makers of the Firefox web browser have now thrown their hat into the ring with their own VPN. The Mozilla VPN promises safety, speed, and an easy-to-use interface. The Mozilla VPN costs $4.99 USD and will eventually be available in over 30 countries. At the moment, it is currently available in the United States, Canada, the United Kingdom, Singapore, Malaysia, and New Zealand. Mozilla promises a 30-day money back guarantee if the user does not like the VPN. Users will need a Firefox account to take advantage of the VPN and it can be used... Read more...
Zoom has had more than its fair share of security issues over the last several months with the popularity of the service soaring while people around the world are working from home during the coronavirus pandemic. Zoom is currently working to fix a recently discovered zero-day vulnerability with its Windows client that could lead to arbitrary remote code execution. The vulnerability was discovered by a researcher who wishes to remain anonymous. According to Acros Security CEO Mitja Kolsek, the researcher who discovered the vulnerability didn't report it to the vendor or a third-party broker, but didn't object to Acros reporting the issue to Zoom. Acros Security analyzed the problem and determined... Read more...
App stores are imperfect places, and serving as a reminder of this, a cybersecurity firm based in France alerted Google to the discovery of over two dozen malicious Android apps hanging out in the Play Store. Fortunately, Google was quick to banish the apps. However, if you already have any of them installed, you should wipe them from your phone or tablet right away. In this case, the apps are prone to stealing your Facebook login credentials. "When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you... Read more...
If you're reading this article from home, it’s likely that you're connected to a consumer-grade Wi-Fi router, either wirelessly or via hard wired Ethernet. And if that's the case, you should probably take this time to upgrade your router's firmware ASAP. That is if an update is even available from the manufacturer. We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently performed test of 127 home routers, to probe them for their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which isn’t surprising. What was surprising, however, was that the researchers... Read more...
Microsoft has made available a pair of out-of-band security patches for Windows 10, one of which is labeled as "critical" and the other as "important." Under normal circumstances, security patches get doled out on the second Tuesday of every month, otherwise known as Patch Tuesday. But in this case, Microsoft decided to make these particular ones available now, with Patch Tuesday still being two weeks away. Both flaws—CVE-2020-1425 and CVE-2020-1457—exist within the Windows Codecs Library and the way it handles objects in memory. According to Microsoft, if left unpatched, an attacker who leverages CVE-2020-1425 "could obtain information to further compromise the user's system." This... Read more...
Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior." However, this isn't the first time that the TikTok app has... Read more...
TikTok has taken the world by storm as people of all ages uses the social networking platform to share videos. People use the platform to lip-sync to their favorite songs, perform short skits, or any number of humorous hijinks that the platform has been recognized for over the past year. It’s become a blockbuster app that is especially popular with the young adults. However, users have raised privacy concerns about the app ever since it launched in the United States, with many questioning whether the Chinese government was somehow using the app to spy on Americans. Today, TikTok isn’t doing itself any favors in assuaging those fears after it was found that the app has been accessing... Read more...
Sony has announced via an official PlayStation blog post that it has launched a new bug bounty program for the PlayStation 4 game console in collaboration with the security platform HackerOne. Sony says that it started the Bug Bounty program because security is a fundamental part of creating amazing experiences for the community. The program has rewards in place for various issues, including critical issues on the PS4. Those who discover a critical vulnerability for the PS4 are eligible for bounties as high as $50,000. The image below shows the range of bounties offered for issues of different types. PlayStation says that it was running this bug bounty program privately with some security researchers... Read more...
A third-party security team uncovered a massive ring of Chrome spyware extensions that were all working together. The nefarious extensions had been downloaded a total of over 32 million times and impacted millions of Chrome browsers. The researchers at Awake Security are coming forward after they informed Google of the Chrome spyware ring, and after Google removed over 70 identified extensions from the official Chrome Web Store last month. A Google spokesman said that after extensions are removed from the Web Store that violate policies, the incidents are used as training material to improve the automated and manual analysis systems. Most of the illegitimate extensions discovered by the researchers... Read more...
Amazon has earned itself some well-deserved bragging rights for putting a stop to what ranks as the largest distributed denial of service (DDoS) attack ever, and by quite a bit. According to data divulged by Amazon, it halted a DDoS attack that peaked with a "previously unseen volume" of 2.3 terabits per second in February 2020. The attempted attack leveraged a compromised Connection-less Lightweight Directory Access Protocol (CLDAC). It also resulted in three days of "elevated threat during a single week" before it subsided. Amazon shared the details in its latest AWS Shield Threat Landscape report (PDF), in which it notes that the "largest known DDoS attacks are UDP reflection attacks." CLDAP... Read more...
Game consoles like the Xbox One, along with Windows PCs, routers, smart TVs, and more have been found to be vulnerable to a Universal Plug and Play (UPnP) security flaw affecting millions of connected devices (and billions of devices overall), a researcher warns. The exploit is called CallStranger, and if leveraged, could be used to initiate distributed denial of service (DDoS) attacks. "The CallStranger vulnerability that is found in billions of UPnP devices can be used to exfiltrate data (even if you have proper DLP/border security means) or scan your network or even cause your network to participate in a DDoS attack. The vulnerability—CallStranger—is caused by Callback header value... Read more...
1 2 3 4 5 Next ... Last