Skip to main content

Posts

Showing posts from March, 2022

Apple rushes out patches for two zero-days threatening iOS and macOS users

With 5 zero-days this year, Apple is on track to meet or break its 2021 tally of 12. https://bit.ly/3wUC2gA

Mystery solved in destructive attack that knocked out >10k Viasat modems

AcidRain is the seventh wiper associated with the Russian invasion of Ukraine. https://bit.ly/3NGwA71

Researchers used a decommissioned satellite to broadcast hacker TV

What happens when an old satellite is no longer in use but can still broadcast? https://bit.ly/3wONz17

IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data

Data released by the group purports to belong to Apple, Facebook, and others. https://bit.ly/3DnZP9Y

Data-harvesting code in mobile apps sends user data to “Russia’s Google”

Data from apps on Apple- and Google-powered mobile devices is sent to Russian servers. https://bit.ly/3NtMpxP

Some Twitter traffic briefly funneled through Russian ISP, thanks to BGP mishap

Despite the timing, the 45-minute hijacking was most likely an error, not an attack. https://bit.ly/35iiSWG

Lapsus$ and Solar Winds hackers both use the same old trick to bypass MFA

Not all MFA is created equal, as script kiddies and elite hackers have shown recently. https://bit.ly/3NsJKod

Feds allege destructive Russian hackers targeted US oil refineries

Unsealed indictments: Hackers targeted US energy infrastructure for nearly a decade. https://bit.ly/3iWJX5b

FCC puts Kaspersky on security threat list, says it poses “unacceptable risk“

Moscow-based firm joins Huawei and ZTE on the same US security threat list. https://bit.ly/3qBPDWl

North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets

Critical vulnerability exploited by 2 groups both working for North Korean government. https://bit.ly/3iyaaGL

A mysterious satellite hack has victims far beyond Ukraine

The biggest hack since Russia’s war began knocked thousands of people offline. https://bit.ly/3qufCik

Starlink hikes prices to $599 up-front and $110 per month, blames inflation

SpaceX: "Sole purpose" of price hikes "is to keep pace with rising inflation." https://bit.ly/3D8tDaM

First Microsoft, then Okta: New ransomware gang posts data from both

If you haven't heard of Lapsus$, you have now. It probably won't be the last time. https://bit.ly/3NbG8Xu

Behold, a password phishing site that can trick even savvy users

Just when you thought you'd seen every phishing trick out there, BitB comes along. https://bit.ly/3wqDYgL

A big bet to kill the password for good

FIDO Alliance says it’s found the missing piece on the path to a password-free future. https://bit.ly/3wtOkMG

Leaked ransomware documents show Conti helping Putin from the shadows

Hacker gang sometimes acts in Russia’s interest, with ad hoc links to FSB, Cozy Bear. https://bit.ly/3CSWVKj

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

When code with millions of downloads nukes user files, bad things can happen. https://bit.ly/3qimhMw

Netflix fights password-sharing with test of $3 “Extra Member” fee

New fee in Chile, Costa Rica, and Peru first while Netflix considers wider rollout. https://bit.ly/3tZEHCM

Nvidia wants to speed up data transfer by connecting data center GPUs to SSDs 

Nvidia, IBM, university researchers plan to make BaM open source. https://bit.ly/37EYAHQ

Scammers have 2 clever new ways to install malicious apps on iOS devices

Getting past the App Store gatekeeper has always been tough. Here are two new ways. https://bit.ly/3u79ugU

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

It was bound to happen. Worst Linux vulnerability in 6 years fells two popular handsets. https://bit.ly/3JieS7t

Microsoft announces progress on a completely new type of qubit

Topological qubits don't exist yet, but the company is convinced they'll scale. https://bit.ly/3MMaYWq

Banks on alert for Russian reprisal cyberattacks on Swift

Payments messaging system could be targeted as pinch point of global transactions network. https://bit.ly/3irx2Id

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild

It takes only a second to crack the handful of weak keys. Are there more out there? https://bit.ly/3w5lmTi

Russia’s disinformation machinery breaks down in wake of Ukraine invasion

A few critical errors have cost Russia dearly when it comes to disinformation. https://bit.ly/3t30tq0

Why Russia’s “disconnection” from the Internet isn’t amounting to much

So far, moves by two of the Internet's major pipelines are having negligible effects. https://bit.ly/34A1UTh

Feds extradite ransomware suspects from 2 prolific gangs in a single week

Man arriving from Ukraine accused of causing Kaseya supply chain attack. https://bit.ly/3t1buYV

Brave takes on the creepy websites that override your privacy settings

Even if you block 3rd-party cookies, bounce tracking can set them anyway. Until now. https://bit.ly/3KvVGmJ

The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion

Throughout 2021, US soldiers, experts worked to thwart an expected Russian cyber attack https://bit.ly/363DfXy

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

New method also stretches out DDoS durations to 14 hours. https://bit.ly/3tFuR90

Linux has been bitten by its most high-severity vulnerability in years

Dirty Pipe has the potential to smudge people using Linux and Linux derivitives. https://bit.ly/3tEYG9v

Attackers can force Amazon Echos to hack themselves with self-issued commands

Popular “smart” device follows commands issued by its own speaker. What could go wrong? https://bit.ly/3KogInw

Hackers stoke pandemonium amid Russia’s war in Ukraine

A wave of cyberattacks meant to buoy Ukraine could have unintended consequences. https://bit.ly/379rTCd

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Chipmaker has until Friday to comply or see its crown-jewel source code released. https://bit.ly/3tu98AB

Google Play app downloaded more than 10,000 times contained data-stealing RAT

Were you infected? Security firm has data that will let you know. https://bit.ly/3KfoUWL

Conti cybergang gloated when leaking victims’ data. Now the tables are turned

Almost two years worth of chat logs air the group's dirty laundry. https://bit.ly/35LQMCX

Ukraine asks ICANN to revoke Russian domains and shut down DNS root servers

Expert: Cutting DNS links would harm Russian people but have little impact on gov't. https://bit.ly/3MtSfz1

Microsoft identifies and mitigates new malware targeting Ukraine “within 3 hours”

Company is also removing and deprioritizing info from Russian state media. https://bit.ly/3tid8Et