Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently. Enlarge (credit: Getty Images) Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account t.....»»
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and J.....»»
Rain Technology Laptop Switchable Privacy protects against visual hackers and snoopers
Rain Technology has introduced Laptop Switchable Privacy. Designed for tier one manufacturers and supply chain providers, the embedded screen technology protects against visual hackers and snoopers for enterprises and consumers — at the office or r.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates
A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial access provider (and partner in crime) for affiliates of several ransomwar.....»»
Apple is replaying its Jony Ive trick to manage Maestri’s departure
Apple yesterday announced Luca Maestri’s upcoming departure from his long-held role as the company’s chief financial officer (CFO), with the relatively unknown Kevan Parekh replacing him. It’s no coincidence that Apple made the announcement.....»»
How VPNs protect you from governments, thieves, and your boss
Governments, ISPs, and even your employer can watch every online move you make. Here's how the best VPN apps can keep your online life safe.The best VPN for iPhone apps can protect you from governments, hackers, even your employerMany countries openl.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed o.....»»
GitHub Enterprise Server has a critical security flaw, so patch now
A newly discovered security flaw allows hackers to elevate their privileges and thus take over vulnerable endpoints......»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
Novel technique allows malicious apps to escape iOS and Android guardrails
Web-based apps escape iOS "Walled Garden" and Android side-loading protections. Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypas.....»»
Toyota confirms data breach after info leaked on cybercrime forum
Carmaker confirms losing hundreds of gigabytes of sensitive customer data to hackers calling themselves ZeroSevenGroup......»»
A European lander could return an ice core for a fraction of the cost of Europa Clipper
Cost is a major driving factor in the development of space exploration missions. Any new technology or trick that could lower the cost of a mission makes it much more appealing for mission planners. Therefore, much of NASA's research goes into those.....»»
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-202.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on be.....»»
Microsoft cracks down on Windows 11 upgrade requirements
The latest Insider Build of Windows 11 has patched the "/product server" workaround that let old CPU users easily bypass the system requirements check......»»
Lufthansa is using artificial sharkskin to streamline airplanes
Copying a trick from the animal kingdom can help cut aircraft emissions. Enlarge (credit: Aurich Lawson | Getty Images) Companies are often caught between wanting to cut emissions but also grow profits. But for airlines,.....»»
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been una.....»»
Why cricket’s latest bowling technique is so effective against batters
Wind tunnel experiments show how the ball's transverse spin impacts pressure fields. Enlarge / Some cricket bowlers favor keeping the arm horizontal during delivery, the better to trick the batsmen. (credit: Rae Allen/CC BY 2.0).....»»