Skip to main content

Posts

Showing posts from April, 2021

More US agencies potentially hacked, this time with Pulse Secure exploits

Zeroday vulnerability under attack has a severity rating of 10 out of 10. https://bit.ly/3vwljw9

Verizon tries to sell Yahoo and AOL after spending $9 billion on fallen giants

After spending $9 billion combined, Verizon may sell units for $4 billion or so. https://bit.ly/32XR855

Verizon “leads” all US carriers in mmWave 5G availability at 0.8%

Phones capable of using mmWave 5G access it less than 1% of the time. https://bit.ly/32YgdwE

Chipmaker says it will ramp up production of older 28nm chips

Fourth-largest contract chipmaker aiming at supply problems for carmakers, others. https://bit.ly/3eHSNRF

Ransomware crooks threaten to ID informants if cops don’t pay up

The FBI is investigating claim hackers obtained 250GB of police department data. https://bit.ly/2R3o8pG

Cable-chewing beavers take out town’s Internet in “uniquely Canadian” outage

Beavers dug 3-foot hole, chewed through fiber conduit and the cable itself. https://bit.ly/3sYhzCb

Actively exploited Mac 0-day neutered core OS security defenses

Apple fixes macOS vulnerability hackers exploited to suppress security warnings. https://bit.ly/3eBwCfH

Pentagon explains odd transfer of 175 million IP addresses to obscure company

Something weird happened minutes before Trump left—US says it was security research. https://bit.ly/3sS7cQ3

Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it

Apple has known of the flaw since 2019 but has yet to acknowledge or fix it. https://bit.ly/3tQMf9t

Apple’s ransomware mess is the future of online extortion

Hackers want $50 million to not release schematics they stole from Apple supplier. https://bit.ly/32Xc5x3

Backdoored password manager stole data from as many as 29K enterprises

Compromised update mechanism for Passwordstate pushes malware that steals data. https://bit.ly/3dJkTMW

A Clubhouse bug let people lurk in rooms invisibly

Moderators would be unable to mute “ghosts” hiding in and disrupting rooms. https://bit.ly/2QPDYUX

Comcast offers tantalizing hint of a future with upload speeds above 35Mbps

Lab test produces 4Gbps upload speeds but actual uploads are still 3 to 35Mbps. https://bit.ly/3nd7pMx

Meet Thistle, the startup that wants to secure billions of IoT devices

Startup gets $2.5 million funding to jump-start security for connected devices. https://bit.ly/3atHv1R

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

Widely used forensic software can be exploited to infect investigators' computers. https://bit.ly/3eovo7p

They hacked McDonald’s ice cream machines—and started a cold war

How one couple built a device to fix McDonald’s notoriously broken soft-serve machines. https://bit.ly/3dFuQLe

SpaceX says OneWeb spread false story of “near-miss” satellite collision

SpaceX says collision-avoidance system works fine despite OneWeb's false claim. https://bit.ly/3gs1Usb

Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world

Exploits allow state-backed hackers to bypass 2FA and breach defense contractors. https://bit.ly/32ud9rX

Venmo’s new crypto service lets you buy and sell bitcoin, ether, and litecoin

PayPal subsidiary Venmo rolls crypto platform out to users starting today. https://bit.ly/3sA3BpR

Google Play apps with 700k installs steal texts and charge you money

Google removes eight apps after receiving report from researchers. https://bit.ly/3goRaKZ

Millions of web surfers are being targeted by a single malvertising group

Tag Barnakle is using infected ad servers to go "straight for the jugular," firm says. https://bit.ly/2REHuSe

Dishy McFlatface to become “fully mobile,” allowing Starlink use away from home

Musk: Starlink customers will be able to use their dishes "anywhere" by year-end. https://bit.ly/3v6krhw

Backdoored developer tool that stole credentials escaped notice for 3 months

AWS credentials and private repository tokens could allow self-perpetuating attacks. https://bit.ly/3ssg7rn

US government strikes back at Kremlin for SolarWinds hack campaign

Treasury Department says it's sanctioning 6 Russian firms for supporting the hacks. https://bit.ly/3uYIn6J

100 million more IoT devices are exposed—and they won’t be the last

Name:Wreck flaws in TCP/IP have global implications. https://bit.ly/3shCzn8

Microsoft acquires Nuance—makers of Dragon speech rec—for $16 billion

Nuance's deep-learning-based speech recognition serves 77% of US hospitals. https://bit.ly/3dbRDON

No password required: Mobile carrier exposes data for millions of accounts

Q Link Wireless made data available to anyone who knows a customer's phone number. https://bit.ly/3d3USaU

Comcast nightmare: Six months without Internet despite $5,000 payment

Comcast falsely said service was available, still hasn't delivered six months later. https://bit.ly/3dM1IRz

Windows and Linux devices are under attack by a new cryptomining worm

With new exploits and capabilities, the Sysrv botnet poses a growing threat. https://bit.ly/3s3KynB

T-Mobile 5G home Internet: $60 a month, 100Mbps speeds, and no data cap

30 million households are eligible; signups available "until capacity runs out." https://bit.ly/2Rjtr4x

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

Patching in industrial settings is hard. Ransomware shutting down production is harder. https://bit.ly/39TBrzz

SpaceX to keep Starlink pricing simple, exit beta when network is “reliable”

"We're going to try to keep [pricing] as simple and transparent as possible." https://bit.ly/2RiFBur

Russia’s Twitter throttling may give censors never-before-seen capabilities

Censorship based on deep packet inspection may work against Tor and VPNs. https://bit.ly/3uyku5L

Yahoo Answers to end as Trump fans see plot to “silence conservatives”

"Should Trump buy Yahoo to prevent Answers from being shut down?" user asks. https://bit.ly/3mqQHZR

Malicious cheats for Call of Duty: Warzone are circulating online

The cheat is fake, but the malware it installs is the real thing. https://bit.ly/3fFnZCX

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities

Exploits allow hackers to log into VPNs and then access other network resources. https://bit.ly/3sO2RhE

Feds say man broke into public water system and shut down safety processes

Indictment underscores the potential for remote intrusions to have fatal consequences. https://bit.ly/3rKK7OR

North Korean hackers return, target infosec researchers in new operation

Google outs the new op two months after shutting down a previous campaign. https://bit.ly/3fxWT0A