Enlarge (credit: Western Digital) Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the vulnerabilities is tracked, allows remote attackers […]
Tag: vulnerabilities
The Log4Shell zeroday 4 days on. What is it and how bad is it really?
Enlarge (credit: Getty Images / Bill Hinton ) Log4Shell is the name given to a critical zeroday vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, the logging utility used by thousands if not millions of apps, including those […]
The Internet’s biggest players are all affected by critical Log4Shell 0-day
Enlarge (credit: Kevin Beaumont ) The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and Baidu. The vulnerability, now going […]
300, 000 MikroTik routers are ticking security time bombs, researchers say
Enlarge (credit: Getty Images) As many as 300, 000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said. The estimate, made by researchers at security firm Eclypsium, is based on Internet-wide scans that […]
Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty
Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple’s slow response and inconsistent policy adherence when it comes to security flaws. (credit: Aurich Lawson | Getty Images) Yesterday, a security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple’s iOS mobile operating system. The […]
Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown
Enlarge / You did a bad bad thing. (credit: Getty Images) Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday. Cobalt Strike is a legitimate security tool used by penetration testers to emulate malicious activity in a network. […]
Feds list the top 30 most-exploited vulnerabilities. Many are years old
Enlarge (credit: Getty Images) Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian […]
Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
Enlarge The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability […]
“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones
Enlarge (credit: Getty Images) Smartphones belonging to more than three dozen journalists, human rights activists, and business executives have been infected with powerful spyware that an Israeli firm sells, purportedly to catch terrorists and criminals, The Washington Post and other publications reported. The handsets were infected with Pegasus, full-featured spyware developed by NSO Group. The […]
SolarWinds hackers used an iOS 0-day to steal Google and Microsoft credentials
Enlarge (credit: Getty Images) The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published on Wednesday, researchers Maddie Stone and […]