Skip to main content

Posts

Showing posts from September, 2021

Apple forgot to sanitize the Phone Number field for lost AirTags

Another bug-bounty boondoggle leads to public disclosure before the bug is fixed. https://bit.ly/3ioXsL0

Intel launches its next-generation neuromorphic processor—so, what’s that again?

Intel's Loihi processors have electronics that behave a lot like neurons. https://bit.ly/3kU0UyQ

PoC exploit released for Azure AD brute-force bug—here’s what to do

Microsoft maintains it's not a security risk but is working toward a solution. https://bit.ly/2XZW368

Russia arrests cybersecurity expert on treason charge

Ilya Sachkov is founder of Group-IB, which specializes in ransomware attack prevention. https://bit.ly/3iiU1p1

NBC demanded that YouTube TV bundle Peacock or lose access to NBC channels

YouTube TV could lose NBC channels when contract expires Thursday. https://bit.ly/3ARHIr5

GM’s BrightDrop starts production of its EV600 electric delivery van

The vans use GM's new Ultium battery platform and have a range of 250 miles. https://bit.ly/3CT16o1

New Azure Active Directory password brute-forcing flaw has no fix

Microsoft says AD authentication responses are working as intended. https://bit.ly/39IYpsy

Ford picks Kentucky and Tennessee for $11.4 billion EV investment

Three battery plants and a truck factory will add 11,000 new jobs to the region. https://bit.ly/3EXCAEc

Researchers use Starlink satellites to pinpoint location, similar to GPS

Researchers track six satellites to get location with accuracy of eight meters. https://bit.ly/3EW7QmS

Film studios sue “no logs” VPN provider for $10 million

Independent movie studios are demanding $10 million in damages from LiquidVPN. https://bit.ly/3oad9t9

He escaped the Dark Web’s biggest bust. Now he’s back

DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it. https://bit.ly/3u9YtLB

Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty

Public disclosure comes in wake of other grumblings about Apple's bug bounty behavior. https://bit.ly/3lYshH7

Exchange/Outlook autodiscover bug exposed 100,000+ email passwords

A flaw in the Autodiscover protocol can expose email passwords to third parties. https://bit.ly/39vfqXe

Now the chip shortage is being exacerbated by a labor shortage

Material costs are rising too, and the shortage will continue into 2022. https://bit.ly/3o1PxXC

Security audit raises severe warnings on Chinese smartphone models

The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass. https://bit.ly/39rjeZH

Phone calls disrupted by ongoing DDoS cyber attack on VOIP.ms

Threat actors asking $4.2 million from VoIP.ms to stop DDoS attack. https://bit.ly/39sHryB

Linux Foundation says companies are desperate for open source talent

The 2021 survey shows 97% of hiring managers prioritizing FOSS professionals. https://bit.ly/39nunuu

Ransomware victims panicked while FBI secretly held REvil decryption key

Up to 1,500 companies were ensnared in the July attacks. https://bit.ly/3zpnzXT

$5.9 million ransomware attack on farming co-op may cause food shortage

Attack on US farming provider NEW Cooperative may disrupt the food supply chain. https://bit.ly/2VX2x51

Nation-state espionage group breaches Alaska Department of Health

Fallout continues from an advanced persistent threat first detected in May 2021. https://bit.ly/3lCP3nU

Epik data breach impacts 15 million users, including non-customers

Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak. https://bit.ly/39ojVCO

SpaceX’s Starlink will come out of beta next month, Elon Musk says

With 600,000 orders, SpaceX boosting dish production to (hopefully) meet demand. https://bit.ly/39f92TR

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit. https://bit.ly/3zjAM4p

Telegram emerges as new dark web for cyber criminals

Growing network of hackers sharing data leaks on encrypted messaging app. https://bit.ly/2XxVsso

Office 2021 will be available for non-Microsoft 365 subscribers on October 5

New release won't get new features like the subscription versions of Office. https://bit.ly/39eC9Xy

Travis CI flaw exposed secrets of thousands of open source projects

Developers furious at Travis CI's "insanely embarrassing 'security bulletin.'" https://bit.ly/3zb6D7j

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Zero-click flaw has been exploited by NSO since at least February 2021. https://bit.ly/2VGP4hL

Security researchers at Wiz discover another major Azure vulnerability

A little-known management service handed unauthenticated attackers root access. https://bit.ly/2XoK95U

Infosec researchers say Apple’s bug-bounty program needs work

Apple allegedly pays less for bugs than its competitors do—and pays more slowly. https://bit.ly/3jYpdLn

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Millions of WhatsApp messages are reviewed by both AI and human moderators. https://bit.ly/3E0simb

Privacy-focused ProtonMail provided a user’s IP address to authorities

Swiss courts compelled it to log and disclose a user's IP and browser fingerprint. https://bit.ly/3BRhdSI

Microsoft Outlook shows real person’s contact info for IDN phishing emails

IDN homograph attacks were a problem to begin with. Outlook just made 'em worse. https://bit.ly/3l0Oy6X

Why ransomware hackers love a holiday weekend

Looking forward to Labor Day? So are ruthless gangs of cybercriminals. https://bit.ly/3h4kYfy

A brief overview of IBM’s new 7 nm Telum mainframe CPU

A typical Telum-powered mainframe offers 256 cores at a base clock of 5+GHz. https://bit.ly/3DI9NTC

NPM package with 3 million weekly downloads had a severe vulnerability

Untrusted JavaScript config file can execute arbitrary code. https://bit.ly/3DEgS7v