Items tagged with security
We’ve seen ransomware in hospitals and schools, and it wreaks havoc no matter the case. This is especially true when people are relying on technology now more than ever due to the COVID-19 pandemic. The Baltimore County Public School district encountered this firsthand when malicious attackers installed ransomware...
Read more...
Smart home appliances and internet of things (IoT) devices are becoming part of daily life for many. You may even have one of these devices near you right now and it's likely connected to the internet in some way. While the product category may offer some innovative solutions, some products on the market currently...
Read more...
Attackers with physical access to a device can generally do the most damage to a machine. This remains true with CVE-2020-8705, where an attacker with physical access can gain control of the system firmware while the device resumes from a sleep state. This means there could be privilege escalations, data loss, and...
Read more...
We are all adapting to life amid a pandemic, with many people working from home as COVID-19 continues to spread. But it is not just newfound telecommuters who are adapting. So are malware authors, who are changing their lures in attempts to hook victims through phishing emails. New data suggests that Microsoft is now...
Read more...
A security firm warns that an "unskilled attacker" could leverage a security flaw in SonicWall VPN (virtual private network) appliances to run arbitrary code remotely, causing a persistent denial of service (DoS) condition. Or put more plainly, the SonicWall VPN has a serious security hole that makes it easy for even...
Read more...
There is a hacking campaign to disrupt this year's presidential election in the United States, according to a warning issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). Hackers are chaining Windows and virtual private network (VPN) exploits to carry out...
Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has...
Read more...
Cupertino, we may have a problem. A researcher claims Apple's T2 security chip is vulnerable to an exploit that, if leveraged, would give an attacker full root access and kernel execution privileges. Normally this sort of thing would necessitate fast tracking a security patch, except for one very big problem—it is an...
Read more...
Oh great, as if 2020 has not been challenging enough already, the latest Digital Defense Report from Microsoft outlines some troubling cybersecurity trends. Threat actors are "rapidly" increasing the sophistication of their cyberattacks, ultimately making them more difficult to detect, and more likely to trick "even...
Read more...
Amazon is currently training a bunch of psychics, who will then license their talents to businesses across the US to read people's palms to determine their future, specifically to see if they pose a security threat. Just kidding! There will be no psychic readings, but the retail giant is rolling out Amazon One, which...
Read more...
Malware known as Joker is no laughing matter, especially if you have downloaded an infected app that could bring its payload. The Zscaler ThreatLabZ research team recently discovered seventeen Android apps with Joker malware. These particular apps were stealing device information, contacts lists, and SMS messages and...
Read more...
There is a very good reason why the Department of Homeland Security recently issued an emergency directive to federal agencies to patch their Windows Servers against Zerologon. Just five days after the directive, Microsoft confirmed on Twitter that Zerologon is actively being exploited by hackers.
"Microsoft is...
Read more...
When it comes to troublesome data breaches, this one is pretty significant, and it comes from a surprising company. The company in question is Microsoft, which left one of its backend servers that runs the Bing mobile app wide open. As a result, over 6.5TB of log files were leaked into the internet that contained a...
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction.
According to exploit researcher Chris...
Read more...
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks.
German authorities are currently...
Read more...
Google’s Account Protection Program is their strongest level of account security for those who are at higher risk for attack. Now, Google Chrome is expanding protections for the Advanced Protection users by improving download scanning options.
According to Google, Advanced Protection members have been guarded from...
Read more...
These days just about everybody takes Bluetooth for granted. Manufacturers phase out useful physical ports like headset jacks in high end devices with the expectation that buyers will use Bluetooth headphones. Our cars, watches, locator tags, home theaters, and even game controllers rely on the ubiquitous short-range...
Read more...
Imagine this—you're having a good day, your PC is running smoothly, and you decide to install a custom Windows 10 theme, but then all of a sudden things go wrong. Very wrong. As in, you find out your Microsoft account has been compromised, but how can that be? Well, it might have been that custom Windows theme you...
Read more...
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a...
Read more...
Private threat analysis and mitigation company, HYAS, is buying user data from phone apps to try to track hackers. A major side-effect of this, though, is that regular users are possibly being ensnared and HYAS claims they can track people to their “doorstep.”
The collection of user data has long been a problem for...
Read more...
There is a cumulative update available for Windows 10 that is packed to the rafters with bug fixes and various improvements, and most people are probably unaware it exists. That's because it is currently only available as an optional update, in preview form. These same fixes should be included in the upcoming Patch...
Read more...
