Tech

Critical 0-day that targeted security researchers gets a patch from Microsoft

Enlarge (credit: Drew Angerer | Getty Images) Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware. The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks developing working relationships […]

Tech

Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack

Enlarge (credit: Getty Images) Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they do nothing to disinfect systems that […]

Tech

Rookie coding mistake prior to Gab hack came from site’s CTO

Enlarge (credit: Gab.com) Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the critical vulnerability—or at least one very much like it—was introduced […]

Tech

Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Enlarge (credit: Rockwell Automation) Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10. The vulnerability is found in programmable logic controllers from Rockwell Automation that are marketed under the Logix […]

Tech

Armed with exploits, hackers on the prowl for a critical VMware vulnerability

Enlarge (credit: Getty Images) Hackers are mass scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an application for Windows or Linux […]

Tech

“ShareIt” Android app with over a billion downloads is a security nightmare

Enlarge / You can’t argue with that green “safe” shield. (credit: ShareIt) Trend Micro says it has found “several” security flaws in the popular Android app ShareIt. ShareIt has been downloaded over a billion times from the Play Store, and, according to App Annie, was one of the 10 most globally downloaded apps in 2019. The app […]

Tech

Zerodays under active exploit are keeping Windows users busy

Enlarge (credit: Getty Images) It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping of this month’s list are two zerodays under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers. The […]

Tech

Chrome users have faced 3 security concerns over the past 24 hours

(credit: Chrome) Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome’s sync feature to bypass firewalls. Let’s discuss them one by one. First up, […]

Tech

SolarWinds patches vulnerabilities that could allow full system control

Enlarge (credit: Getty Images) SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post on Wednesday that he began analyzing SolarWinds products […]

Tech

Hackers are exploiting a critical zeroday in firewalls from SonicWall

Enlarge (credit: Getty Images) Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the firewalls it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t […]