Thursday, February 6

Tag: vulnerabilities

Google Fixes Nearly 100 Android Security Issues
1Jan By adminNo Comments
Technology

Google Fixes Nearly 100 Android Security Issues

December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break.Enterprise software giants also issued their fair share of patches, with Atlassian and SAP squashing several critical bugs during December.Here’s what you need to know about the important updates you might have missed during the month.Apple iOSIn mid-December, Apple released iOS 17.2, a major point upgrade containing features such as the Journal app, as well as 12 security patches. Among the flaws fixed in iOS 17.2 is CVE-2023-42890, an issue in the WebKit browser engine that could allow an attacker to execute code.Another flaw in the iPhone’s Kernel, tracked as CVE-2023-4291, could see an app break out of its secure sandbox,...
Read More
The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure
11Nov By adminNo Comments
Technology

The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure

The United States National Security Agency is often tight-lipped about its work and intelligence. But at the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency’s Cybersecurity Collaboration Center had a “call to action” for the cybersecurity community: Beware the threat of Chinese government-backed hackers embedding in US critical infrastructure.Alongside its “Five Eyes” intelligence alliance counterparts, the NSA has been warning since May that a Beijing-sponsored group known as Volt Typhoon has been targeting critical infrastructure networks, including power grids, as part of its activity.Officials emphasized on Thursday that network administrators and security teams need to be on the lookout for suspicious activity in which hackers manipulate and mi...
Read More
This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups
5Nov By adminNo Comments
Technology

This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups

As the Israel-Hamas war continues, with Israeli troops moving into the Gaza Strip and encircling Gaza City, one piece of technology is having an outsized impact on how we see and understand the war. Messaging app Telegram, which has a history of lax moderation, has been used by Hamas to share gruesome images and videos. The information has then spread to other social networks and millions more eyeballs. Sources tell WIRED that Telegram has been weaponized to spread horrific propaganda.Microsoft has had a hard few months when it comes to the company’s own security, with Chinese-backed hackers stealing its cryptographic signing key, continued issues with Microsoft Exchange Servers, and its customers being impacted by failings. The company has now unveiled a plan to deal with the ever-growin...
Read More
This Cryptomining Tool Is Stealing Secrets
28Oct By adminNo Comments
Technology

This Cryptomining Tool Is Stealing Secrets

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory's compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.As the worst mass shooting in Maine's history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the a...
Read More
The Shocking Data on Kia and Hyundai Thefts in the US
24Sep By adminNo Comments
Technology

The Shocking Data on Kia and Hyundai Thefts in the US

Mandiant researchers published findings this week about a newly revealed Chinese espionage operation that used Sogu malware to spy on the African operations of both European and US organizations. The campaign is significant for the scope of its victims, but also because attackers used a classic malware distribution method: thumb drives. The attacks are the latest example of China's aggressive global espionage—but read on for statements from the Chinese government about alleged US cyberattacks and digital espionage.After Elon Musk claimed recently that primates used in Neuralink implant research were close to death anyway, a WIRED investigation this week revealed grisly details about the truth of their deaths that appear to dispute the characterization that the animals were all terminally ...
Read More
The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key
7Sep By adminNo Comments
Technology

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

Microsoft said in June that a China-backed hacking group had stolen a cryptographic key from the company's systems. This key allowed the attackers to access cloud-based Outlook email systems for 25 organizations, including multiple US government agencies. At the time of the disclosure, however, Microsoft did not explain how the hackers were able to compromise such a sensitive and highly guarded key, or how they were able to use the key to move between consumer- and enterprise-tier systems. But a new postmortem published by the company on Wednesday explains a chain of slipups and oversights that allowed the improbable attack.Such cryptographic keys are significant in cloud infrastructure because they are used to generate authentication “tokens” that prove a user’s identity for accessing da...
Read More
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass
13Aug By adminNo Comments
Technology

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

One of your Mac's built-in malware detection tools may not be working quite as well as you think. At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings today about vulnerabilities in Apple's macOS Background Task Management mechanism, which could be exploited to bypass and, therefore, defeat the company's recently added monitoring tool.There's no foolproof method for catching malware on computers with perfect accuracy because, at their core, malicious programs are just software, like your web browser or chat app. It can be difficult to tell the legitimate programs from the transgressors. So operating system makers like Microsoft and Apple, as well as third-party security companies, are always working to develop new detection mecha...
Read More
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating
10Aug By adminNo Comments
Technology

Panasonic Warns That IoT Malware Attack Cycles Are Accelerating

Internet-of-things devices have been plagued by security issues and unfixed vulnerabilities for more than a decade, fueling botnets, facilitating government surveillance, and exposing institutional networks and individual users around the world. But many manufacturers have been slow to improve their practices and invest in raising the bar. At the Black Hat security conference in Las Vegas today, researchers from Panasonic laid out the company's strategy for improving IoT defenses based on a five-year project to gather and analyze data on how the company's own products are attacked.The researchers use Panasonic home appliances and other internet-connected electronics made by the company to create honeypots that lure real-world attackers to exploit the devices. This way Panasonic can captur...
Read More