An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed “CharmPower” for follow-on post-exploitation. “The actor’s attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous
by Paul Ducklin Yesterday was the first Patch Tuesday of 2022, with more than 100 security bugs fixed. We wrote up an overview of the updates, as we do every month, over on our sister site news.sophos.com: First Patch Tuesday of 2022 repairs 102 bugs. For better or for worse, one update has caught the
Cyber-physical systems (CPS) security company Claroty has announced the acquisition of healthcare IoT security business Medigate. In a statement released January 10, Claroty said the deal would allow it to secure the Extended Internet of Things (XIoT) “by delivering unmatched visibility, protection, and threat detection for all connected organizations via one comprehensive solution.” Medigate, which is headquartered in New York’s
The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes,
We don’t need no stinkin’ wall power as CES shows off the power and promise of usable long-range wireless charging While wireless charging has been around for some time (like charging my iPhone in my Toyota’s center console), CES is showcasing real power at real distances measured in meters, not centimeters. At one booth I
Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical “wormable” vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known
by Paul Ducklin Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB. The product comes from a Taiwanese hardware and software maker called Kcodes, which describes itself as follows: [A] leading supplier and developer of USB over
A police forensics expert has been sent to prison in the UK for downloading thousands of grim images from police computer systems onto his own computer. Darren Collins, 56, of Little Haywood near Stafford, admitted illegally accessing photographs of crime scenes and post-mortem examinations performed on murder victims. The Crown Prosecution Service (CPS) said Collins “used his digital
If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first
But as we learned in mashing up other technologies, the security devil is in the details Cars have historically been monumentally difficult to manufacture and sell successfully, but in today’s world, you can mash up an electric car with off-the-shelf doodads from any of a number of manufacturers displaying here at CES, and voila! You
Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple’s macOS operating system that could be weaponized by a threat actor to expose users’ personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings
A man who worked at the Monsanto Company has admitted stealing a trade secret from his former employer and attempting to sell it to the People’s Republic of China. Xiang Haitao was employed by the American agrochemical and agricultural biotechnology corporation and its subsidiary, The Climate Corporation, as an imaging scientist from 2008 to 2017. The 44-year-old
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. “Ironically, all the information we gathered was possible
Cerberus Cyber Sentinel Corporation today announced its acquisition of an American cybersecurity operations and compliance company. The Arizona-based cybersecurity consulting and managed services firm said the decision to acquire True Digital Security was part of a strategy to bring together global security talent as partners. True Digital Security was founded in 1985 and currently has offices in West
With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of online protection today. As all that change reshapes how we spend our time online, we believe that one thing remains constant: meaningful protection is a personal right. Your right. That’s how we see it here
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. “The attack likely consists of a reconnaissance phase, where the
by Paul Ducklin Owners of Honda cars of a certain age – apparently somewhere between 10 and 16 years old – have spent the first few days of the New Year reporting a weird “millennium bug style” problem. Apparently, for many cars that are a decade or so old, New Year’s Day 2022 was ushered
A cyber-attack has forced the government of New Mexico’s most populous county to close most of its county buildings to the public. Bernalillo County had to take some of its IT systems offline on Wednesday after becoming the target of a digital assault that county officials suspect was a ransomware attack. In a statement released Wednesday, the
Your Cybersecurity Comic Relief Why am I here? If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. Feel free to pat yourself on the back, get yourself a nice cup of coffee, tea, LaCroix (you
And no more worrying about your satellite being smashed by a “drunk driver” as new tech promises to predict hazards in orbit Headed to space and worried about astral fender benders from space junk collisions? There’s a CES vendor for that. Worried too many satellites are snooping in your direction? Same thing. Want a comfy
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to “educate people” about its approach with regards to how it collects and processes personal information across its family of social media apps. “Privacy Center provides helpful information about five common privacy topics: sharing, security,
by Paul Ducklin “It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.” That’s the briefest summary we can come up with of the bug CVE-2021-42392, a security hole recently reported by researchers at software supply chain management company Jfrog. This time, the bug isn’t in Apache’s beleagured Log4j toolkit,
A mix-up at a school in Worcestershire, England, caused parents to receive the Covid-19 test results of other people’s children. The data breach, reported today by the Evesham Journal, occurred at co-educational secondary school and sixth-form college The De Montfort School (TDMS) in Evesham, which is part of the Four Stones Multi Academy Trust. Students returning
The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context. Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually
A sea of sensors will soon influence almost everything in your world Probably for the first time in its history, CES has more sensors on the show floor than attendees. What the show lacks in physical attendees, it makes up for with the sheer volume and variety of tiny sensors that will influence almost everything
The Commission nationale de l’informatique et des libertés (CNIL), France’s data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. “The websites facebook.com,
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A cyber-attack on American hospitality chain McMenamins may have exposed data belonging to its current and former employees. The business, which owns and operates brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington, issued a data breach notice after suffering a ransomware attack. Suspicious activity was identified in the company’s computer network on
Introduction In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 x64. The vulnerability, CVE-2021-1732, is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel (local
From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords The concept of the password has been around for centuries and passwords were introduced into computing way sooner than most of us can remember. One reason for the enduring popularity of passwords
- « Previous Page
- 1
- …
- 80
- 81
- 82
- 83
- 84
- …
- 107
- Next Page »